Microsoft’s New Patch Fixes 19 Vulnerabilities
Microsoft just released patches for 19 critical vulnerabilities, one of which was publicly known prior to the update.
In all, 54 vulnerabilities were patched in Windows, Edge, Internet Explorer, Office and Exchange as part of Microsoft’s monthly Patch Tuesday release; 32 flaws were rated important and three moderate in severity.
The security issued they patched varied from remote code execution, cross-sire scripting to elevation of privilege vulnerabilities. Six of the critical bugs were remote code execution, one of which was on Microsoft’s HoloLens.
Another critical RCE vulnerability has to do with the Windows Search Remote feature that allows users to search across multiple PCs at the same time. The vulnerability can be triggered by a remote, unauthenticated attacker over the Server Message Block (SMB) protocol.
The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems such as Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack beacon, it is not a vulnerability in the SMB itself, and isn’t related to the recent SMB vulnerabilities found in EternalBlue, WannaCry, and Petya.
Thirteen critical scripting engine memory corruption vulnerabilities tied to Microsoft Edge were patched. One flaw exists because of the way Microsoft Edge handles objects in memory and could ultimately allow an adversary to gain the same user rights as the current user, according to the bulletin.
As part of Patch Tuesday, Microsoft also gave acknowledgments out to researchers such as Google Project Zero, which was behind two Critical vulnerabilities patched and one rated Important. Both Critical bugs were memory corruption vulnerabilities in Microsoft Edge.
Make sure that if you are working on a Microsoft computer to update these patches to make your machine safer.
(Story via ThreatPost)