Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/9/2017
11:48 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Microsoft Fixes 27 Remote Code Execution Flaws

Microsoft issued patches for 48 vulnerabilities as part of its monthly Patch Tuesday update, 25 of which were 'critical.'

Microsoft released fixes for 48 vulnerabilities as part of its August Patch Tuesday update. Fifteen affect Windows, 25 were rated as critical, 21 as important, and 27 could result in remote code execution if exploited.

These patches address problems in Windows, Internet Explorer, Microsoft Edge, SharePoint, SQL Server, Hyper-V, the subsystem for Linux, and Kernel. Two affect all supported versions of Windows, including all editions of Windows 10 and Windows Server. Microsoft said that none of the bugs are being exploited in the wild.

Experts suggest prioritizing CVE-2017-8620, a vulnerability in Windows Search that can be exploited remotely via SMB to take over a system, affecting workstations and servers. The bug is not within SMB and unrelated to flaws used in WannaCry and NotPetya.

The vulnerability exists when Windows Search handles objects in memory, Microsoft reports in an advisory. An attacker could exploit the flaw by sending specially crafted messages to Windows Search. Those with access to a target device could elevate privileges and install programs; view, change, or delete data; or create new accounts with full user privileges.

"This is by far the most critical bug for this month," says Dustin Childs at the Zero Day Initiative, which reports CVE-2017-8620 is "under active attack." A previous Search flaw also allowed a malicious SMB request to execute code on target machines.

"As with the previous Search flaw, within an enterprise, an attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer," he adds. "That's pretty close to wormable and just the sort of thing malware writers look for in a bug."

Childs also advises prioritizing CVE-2017-8664, a Windows Hyper-V Remote Code Execution Vulnerability. On a host server, Hyper-V does not properly validate input from authenticated users on guest operating systems, he explains.

While this flaw is neither publically known nor actively exploited, and is rated "important," Childs says it warrants attention because an attacker on a guest OS could use it to escape and launch code on the underlying hypervisor.

Multiple vulnerabilities addressed in Microsoft's August release involve the Scripting Engine, which affects both Microsoft Office and browsers and should be prioritized for workstations running email and using the Internet through a browser, says Jimmy Graham, director of product management at Qualys.

"Also of note is a vulnerability in the Windows Font Engine, CVE-2017-8691," Graham adds. "This vulnerability can also be exploited through a browser. For systems running Windows 10 and Microsoft Edge, CVE-2017-0293 impacts the PDF viewer functionality."

All of this month's Windows updates have a public disclosure in common, reports Iventi product manager Chris Goettl. CVE-2017-8633, a flaw in Windows Error Reporting, could allow a privilege escalation exploit. An attacker could launch a specially crafted application to cause an error, which would let them increase their privileges to access information and functionalities.

Windows 10 has another public disclosure in CVE-2017-8627, a bug in the Windows Subsystem for Linux that could enable a denial-of-service attack. An attacker could fun a specially crafted file to launch a DoS attack against the local system.

Adobe has also released patches for 67 vulnerabilities, 43 of which are rated Critical. Most of the vulnerabilities are for Adobe Acrobat and Reader. Two flaws were fixed in Adobe Flash; one was labeled Critical. Microsoft released a version of the Adobe patch for Flash in Internet Explorer; it plans to end support for Flash by the end of 2020.

Microsoft patches released this week do not protect against SMBLoris attacks, which involve denial-of-service attacks against Windows systems running any version of SMB and Samba.

"It is recommended that systems exposed to the Internet do not have port 445 open, and that all systems that may be connected to untrusted networks leverage a local firewall to prevent access to port 445," Graham advises businesses to protect against SMBLoris.

Goettl recommends businesses focus on updates for the OS, Flash, Reader, and browsers. There are several Critical vulnerabilities resolved here, he says, and the public disclosures in OS updates give attackers a head start on developing an exploit.

"As the first half of 2017 has shown us, time is a significant variable in defending our environments against cyber threats," he notes. "The quicker we can plug critical vulnerabilities the lower our overall risk will be."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7779
PUBLISHED: 2020-11-26
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, [email protected]-----------------------------------------------------------!.
CVE-2020-7778
PUBLISHED: 2020-11-26
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVE-2020-29128
PUBLISHED: 2020-11-26
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
CVE-2020-27251
PUBLISHED: 2020-11-26
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
CVE-2020-27253
PUBLISHED: 2020-11-26
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.