Microsoft Patches Windows Search Flaw

Microsoft’s Patch Tuesday updates for August 2017 address a total of 48 vulnerabilities in Windows, Internet Explorer, Edge, SQL Server, SharePoint Server, Office and Outlook.

Microsoft has classified 25 of the flaws as critical and 21 as important. Two of the patched vulnerabilities were disclosed before fixes were made available.

One critical security hole is CVE-2017-8620, a Windows Search vulnerability that can allow a remote attacker to execute arbitrary code and take control of the targeted system. The issue, discovered by Nicolas Joly of MSRC Vulnerabilities and Mitigations, exists due to the way Windows Search handles objects in memory.

“To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer,” Microsoft said in its advisory. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”

Microsoft’s initial advisory for CVE-2017-8620 stated that the vulnerability had been exploited in attacks. A second version of the advisory listed the flaw as being publicly disclosed. The latest version of the advisory says the bug has not been exploited or disclosed.

The bug is similar to CVE-2017-8543, a Windows Search code execution vulnerability patched by Microsoft in June. This flaw had been actively exploited when Microsoft released a patch. 

The vulnerabilities whose details have been publicly disclosed are important severity denial-of-service (DoS) and privilege escalation issues affecting Windows, namely the subsystem for Linux and error reporting components, respectively.

Another interesting vulnerability, according to Trend Micro’s Zero Day Initiative (ZDI) is CVE-2017-8664, an important remote code execution flaw affecting Windows Hyper-V.

“To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code,” Microsoft said. “An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.”

Adobe also released updates for several of its products on Tuesday, including a Flash Player update that patches two vulnerabilities. Microsoft has also updated the Flash Player libraries used by its products.

* An updated version of Microsoft’s advisory for CVE-2017-8620 states that the vulnerability has not been exploited in attacks or publicly disclosed. Headline and content modified to reflect the change

Related: Microsoft Makes Third Attempt at Fixing Old Stuxnet Flaw

Related: Microsoft Patches Several Outlook Vulnerabilities

Related: Microsoft Patches Over 50 Vulnerabilities