Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.
Out of the 26 vulnerabilities that are both Critical and RCE, 22 of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.
Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp.
*** This is a Security Bloggers Network syndicated blog from The Laws of Vulnerabilities – Network Security Blog | Qualys, Inc. authored by Jimmy Graham. Read the original post at: https://blog.qualys.com/laws-of-vulnerabilities/2017/09/12/september-patch-tuesday-27-critical-vulnerabilities-from-microsoft-plus-critical-adobe-patches