Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version
Microsoft has announced a new Windows emergency patch, aimed at patching more than 90 security flaws, including two vulnerabilities used in direct attacks. Every Windows is affected, please update your operating system now.
- Download the latest Windows patch at: https://portal.msrc.microsoft.com/en-us/security-guidance
CVE-2017-8543 vulnerability
The first vulnerability to be tracked is CVE-2017-8543. Microsoft describes the problem as follows:
Remote execution vulnerability exists when Windows Search processes objects in memory. The attacker successfully exploited this vulnerability can control the affected system. The attacker can then install the programs, view, change or delete data or create new accounts with full user rights.
To exploit the vulnerability, hackers can send created SMB messages specifically for the Windows Search service. Hackers who have access to a target computer can exploit this vulnerability to improve the rights and control of the computer. Also, in a business scenario, hackers who do not need remote authentication can activate the remote vulnerability via the SMB connection and then take control of the computer.
Updating the latest vulnerability patch will change the way Windows Search handles objects in memory.
This patch is available for all Microsoft operating systems, including older versions, such as XP and Server 2003.
CVE-2017-8464 vulnerability
The second vulnerability discovered in direct attacks is CVE-2017-8464 and Microsoft describes it as follows:
This vulnerability exists in Microsoft Windows to allow remote code execution if the icon of a (specially created) shortcut key is displayed. An attacker who successfully exploited this vulnerability could obtain the same user rights as the user on the computer. User accounts will be less affected than Admin accounts in this case.
Security updates patch the vulnerability by fixing the correct reference of the shortcut icon reference.
Unlike the first vulnerability, this issue does not affect older versions of Windows XP and Windows.
Other security holes are patched in this update
A series of security updates are made for Office, Outlook versions from 2007 to 2016, security bugs, browser vulnerabilities, Adobe Flash Player, Windows Server. Interested readers can refer here: https://www.bleepingcomputer.com/news/microsoft/microsofts-june-patch-tuesday-fixes-two-vulnerabilities-used-in-live-attacks/
You should read it
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- Update the latest patch for Windows XP to prevent dangerous security risks
- 5 best patch management and monitoring software
- Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
- Windows XP has the last patch before being killed
- Patch Tuesday security patch causes blue screen errors and slows down Windows 10
- Microsoft releases urgent patch for printer error emergency patch
- June 1020 security patch of Windows 10 encountered a problem causing the machine to automatically restart
- Microsoft released an emergency security patch for a serious vulnerability
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability