Home Vulnerabilities 25 critical vulnerabilities have been patched by Microsoft

25 critical vulnerabilities have been patched by Microsoft

by Unallocated Author

Microsoft has released a patch that addresses a total of 48 vulnerabilities (August Patch Tuesday) for all supported versions Windows systems and other products.

The products that received security updates are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft SharePoint, Adobe Flash Player, and Microsoft SQL Server.

The most important and critical flaw of this month is Windows Search Remote Code Execution Vulnerability (CVE-2017-8620) that affects all versions of Windows 7 and Windows 10, the flaw can enable a remote attacker to execute arbitrary code and take control of the targeted system.

According to Microsoft:
“A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

“To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”

All users are recommended to install the security updates as soon as possible.

You may also like