Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.
Top priority for patching should go to CVE-2017-8620, which is a vulnerability in the Windows Search service. This is the third Patch Tuesday to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.
Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser. Also of note is a vulnerability in the Windows Font Engine, CVE-2017-8691. This vulnerability can also be exploited through a browser. For systems running Windows 10 and Microsoft Edge, CVE-2017-0293 impacts the PDF viewer functionality.
The patches do not include a fix for the SMBLoris attack, which is a denial of service against systems that have port 445 and the SMB client exposed. This attack can also be leveraged against Samba. It is recommended that systems that are exposed to the internet do not have port 445 open, and that all systems that may be connected to untrusted networks leverage a local firewall to prevent access to port 445.
Adobe has also released a patch covering a 67 vulnerabilities, 43 of which are critical. All but two of these vulnerabilities are for Adobe Acrobat and Reader, with two vulnerabilities for Adobe Flash, one of which is critical.
This is a Security Bloggers Network syndicated blog post authored by Jimmy Graham. Read the original post at: The Laws of Vulnerabilities – Network Security Blog | Qualys, Inc.