Header Ads

All Un-Updates Microsoft Systems Vulnerable With 48 Vulnerabilities.

Microsoft Patches 48 Vulnerabilities
The company's statement announces that three vulnerabilities "bugs CVE-2017-8620, CVE-2017-8627 and CVE-2017-8633" were known before the release of the patches. Microsoft reports that none of the vulnerabilities were exploited by intruders. This time, updates were introduced for Internet Explorer, Microsoft Edge, Microsoft SharePoint, Windows Subsystem for Linux, Adobe Flash Player, Windows Hyper-V and Microsoft SQL Server.
The CVE-2017-8620 is one of the most critical Vulnerability this month. The vulnerability was discovered inside the company, by a member of the MSRC Vulnerabilities & Mitigations division. The bug is related to how the Windows Search service works with objects in memory. It allows the attacker to execute arbitrary code and gain remote access to the vulnerable system. Sadly, the vulnerability is present in all currently supported versions of Windows.
Trend Micro and Symantec researchers note that even a failed attempt to use CVE-2017-8620 will result in denial of service (DoS), and the bug also has the potential of a worm and can be used via SMB. A similar propagation mechanism was used by WannaCry and NotPetya. Experts recommend to install the patch immediately, and if this is impossible for some reason, temporarily disable WSearch.
According to Trend Micro, one of the major problems with the released updates is the vulnerability CVE-2017-8664, which allows executing arbitrary code through Windows Hyper-V.

And, of course, stay on top of the latest consumer and mobile security threats by following us on Twitter, and Like us on Facebook.

No comments

Powered by Blogger.