14 June 2017
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attacker to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Microsoft also released Security Advisory 4025685 which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CVE-2017-0176, CVE-2017-0222, CVE-2017-0267 to 0280, CVE-2017-7269, CVE-2017-8461, CVE-2017-8464, CVE-2017-8487, CVE-2017-8543 and CVE-2017-8552 are also patched.
Top priority in the list of supported platforms goes to a vulnerability CVE-2017-8543 which according to Microsoft is currently exploited in the wild. Attackers can take complete control of victim computer by sending a SMB request to windows search service. The issue affects Windows Server 2016, 2012, 2008 as well as desktop systems like Windows 10, 7 and 8.1. Microsoft has also provide a patch for this issue for older EOL platforms. As the issue is currently used in attacks we recommend organizations to apply patches as soon as possible. Another vulnerability that is currently exploited is CVE-2017-8464 which is the Windows LNK issue that can also allow attackers to take complete control of the victim machine.
Another high priority issue is CVE-2017-8527 which is the Windows graphic font engine vulnerability that is triggered when users view a malicious website with specially crafted fonts. CVE-2017-8528 and CVE-2017-0283 are similar to the font issue and can be triggered if users view specially encoded Unicode text. Both issues allow attackers to take complete control of victim machine.
Organizations using Outlook should patch CVE-2017-8507 as is another of those issues in which attackers can send malicious e-mail and take complete control when the users views it in Outlook. Office vulnerabilities CVE-2017-0260 and CVE-2017-8506 can be triggered if users open malicious office documents and should be patches as soon as possible as Office is a relatively easy exploit vector for social engineering attacks.
Patches for Microsoft Edge and IE fix many remote code execution issues and CVE-2017-8498, CVE-2017-8530 and CVE-2017-8523 are particularly important as they have been publicly disclosed although no attacks have been observed yet. Other remote code execution issues fixed today include the Windows PDF CVE-2017-0291 and CVE-2017-0292.
Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543 and patches released for older end-of-life operating systems are sure to keep system administrators and security teams busy.
© Press Release 2017