Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Patches Windows Search Flaw

Microsoft’s Patch Tuesday updates for August 2017 address a total of 48 vulnerabilities in Windows, Internet Explorer, Edge, SQL Server, SharePoint Server, Office and Outlook.

Microsoft’s Patch Tuesday updates for August 2017 address a total of 48 vulnerabilities in Windows, Internet Explorer, Edge, SQL Server, SharePoint Server, Office and Outlook.

Microsoft has classified 25 of the flaws as critical and 21 as important. Two of the patched vulnerabilities were disclosed before fixes were made available.

One critical security hole is CVE-2017-8620, a Windows Search vulnerability that can allow a remote attacker to execute arbitrary code and take control of the targeted system. The issue, discovered by Nicolas Joly of MSRC Vulnerabilities and Mitigations, exists due to the way Windows Search handles objects in memory.

“To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer,” Microsoft said in its advisory. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”

Microsoft’s initial advisory for CVE-2017-8620 stated that the vulnerability had been exploited in attacks. A second version of the advisory listed the flaw as being publicly disclosed. The latest version of the advisory says the bug has not been exploited or disclosed.

The bug is similar to CVE-2017-8543, a Windows Search code execution vulnerability patched by Microsoft in June. This flaw had been actively exploited when Microsoft released a patch. 

The vulnerabilities whose details have been publicly disclosed are important severity denial-of-service (DoS) and privilege escalation issues affecting Windows, namely the subsystem for Linux and error reporting components, respectively.

Another interesting vulnerability, according to Trend Micro’s Zero Day Initiative (ZDI) is CVE-2017-8664, an important remote code execution flaw affecting Windows Hyper-V.

Advertisement. Scroll to continue reading.

“To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code,” Microsoft said. “An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.”

Adobe also released updates for several of its products on Tuesday, including a Flash Player update that patches two vulnerabilities. Microsoft has also updated the Flash Player libraries used by its products.

* An updated version of Microsoft’s advisory for CVE-2017-8620 states that the vulnerability has not been exploited in attacks or publicly disclosed. Headline and content modified to reflect the change

Related: Microsoft Makes Third Attempt at Fixing Old Stuxnet Flaw

Related: Microsoft Patches Several Outlook Vulnerabilities

Related: Microsoft Patches Over 50 Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...