Security News Microsoft's August 2017 Patch Tuesday Fixes 48 Security Issues

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Microsoft released the August 2017 Patch Tuesday security bulletin, and this month the company fixed 48 security issues in six of its main product categories.

The products that received security updates are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft SharePoint, Adobe Flash Player, and Microsoft SQL Server.

Of all the security issues patched this month, three became public before they were patched CVE-2017-8620, CVE-2017-8627, and CVE-2017-8633. Fortunately, Microsoft didn't detect any of them being used in live attacks.
 

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
....some additional infos/details about one of the critical volnerabilities in this month:
Microsoft Just Fixed a Wormable Bug in Windows Search Affecting All OS Versions

...so be sure to patch yous systems as soon as possible !

The Microsoft August 2017 Patch Tuesday security patches include fixes for 48 issues, of which 25 are rated critical, but none is as ominous as CVE-2017-8620.
This bug is a vulnerability in the Windows Search service and affects all currently supported versions of Windows.
The vulnerability — discovered internally at Microsoft by Nicolas Joly of MSRC Vulnerabilities & Mitigations — allows an attacker to execute code and take over unpatched computers.


The issue is quite serious if we consider the ubiquity of the Windows Search service. Below is Microsoft's full explanation regarding CVE-2017-8620:


A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.

CVE-2017-8620 can be used for self-spreading worms
The danger comes from the vulnerability's potential of being used for self-spreading worms. We've all seen what happens when malware coders combine classic malware with worm components (cough WannaCry, cough NotPetya).

"That’s pretty close to wormable and just the sort of thing malware writers look for in a bug," says Trend Micro's Zero-Day Initiative team in a review of yesterday's Patch Tuesday fixes.

In addition, Symantec claims that "failed attacks [using CVE-2017-8620] will cause denial of service conditions," leading Windows installations to malfunction or shut down.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top