Microsoft released patches for 54 vulnerabilities last night, 26 of which affect bugs in Windows.
While only 19 are rated as critical, all of these can enable remote code execution. According to Jimmy Graham, director of product management at Qualys, top priority should go to CVE-2017-8589, which is a vulnerability in the Windows Search service.
“This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations,” he said in a blog. “The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry and Petya.”
He also recommended that CVE-2017-8563 should be considered for prioritization, despite it only being categorized as “important”, it could be used in targeted attacks to elevate privileges and obtain system-level access to domain controllers.
“This is similar to other known vulnerabilities in NTLM itself. Please note that this patch does require extra configuration steps to implement the added security", Graham said.
Adobe also released bulletins for Flash, for a vulnerability that can allow attackers to take control of an affected system, and for Connect addressing the input vulnerabilities CVE-2017-3102, which could be used in reflected attacks, and CVE-2017-3103, which could be used in stored cross-site scripting attacks, reported Trend Micro.