Author: Tom Spring / Source: Threatpost | The first stop for security news
Microsoft patched more than two dozen remote code execution vulnerabilities today, many of them rated critical. One was a RCE bug that allowed an attacker to take complete control of a server or workstation via Windows Search.
The fixes were part of Microsoft’s August Patch Tuesday update that included 48 patches in all, 25 of them critical, two publicly known prior to release and one with a publicly available proof of concept. None of the vulnerabilities are currently being exploited in the wild, Microsoft said.
The most serious RCE vulnerability (CVE-2017-8620) is related to how Windows Search handles objects in memory. “An attacker who successfully exploited this vulnerability could take control of the affected system,” Microsoft wrote.
Exploiting the Windows Search vulnerability requires an adversary to send a specially crafted message to the Windows Search service. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer,” said Microsoft.
This critical bug affects several versions of Windows 10, Windows Server 2012 and Windows Server 2016.
“While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya,” wrote Jimmy Graham, director of product management at Qualys, in a post.
A second RCE (rated important) is tied to Windows Hyper-V (CVE-2017-8664) and exists when a host server fails to properly validate input from an authenticated user on a guest operating system.
“An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system,” Microsoft said. To exploit the…
Click here to read more