Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version

Microsoft has announced a new Windows emergency patch, aimed at patching more than 90 security flaws, including two vulnerabilities used in direct attacks. Every Windows is affected, please update your operating system now.

Microsoft has announced a new Windows emergency patch, aimed at patching more than 90 security flaws, including two vulnerabilities used in direct attacks. Every Windows is affected, please update your operating system now.

  1. Download the latest Windows patch at: https://portal.msrc.microsoft.com/en-us/security-guidance

CVE-2017-8543 vulnerability

The first vulnerability to be tracked is CVE-2017-8543. Microsoft describes the problem as follows:

Remote execution vulnerability exists when Windows Search processes objects in memory. The attacker successfully exploited this vulnerability can control the affected system. The attacker can then install the programs, view, change or delete data or create new accounts with full user rights.

To exploit the vulnerability, hackers can send created SMB messages specifically for the Windows Search service. Hackers who have access to a target computer can exploit this vulnerability to improve the rights and control of the computer. Also, in a business scenario, hackers who do not need remote authentication can activate the remote vulnerability via the SMB connection and then take control of the computer.

Updating the latest vulnerability patch will change the way Windows Search handles objects in memory.

This patch is available for all Microsoft operating systems, including older versions, such as XP and Server 2003.

Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version Picture 1Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version Picture 1

CVE-2017-8464 vulnerability

The second vulnerability discovered in direct attacks is CVE-2017-8464 and Microsoft describes it as follows:

This vulnerability exists in Microsoft Windows to allow remote code execution if the icon of a (specially created) shortcut key is displayed. An attacker who successfully exploited this vulnerability could obtain the same user rights as the user on the computer. User accounts will be less affected than Admin accounts in this case.

Security updates patch the vulnerability by fixing the correct reference of the shortcut icon reference.

Unlike the first vulnerability, this issue does not affect older versions of Windows XP and Windows.

Other security holes are patched in this update

A series of security updates are made for Office, Outlook versions from 2007 to 2016, security bugs, browser vulnerabilities, Adobe Flash Player, Windows Server. Interested readers can refer here: https://www.bleepingcomputer.com/news/microsoft/microsofts-june-patch-tuesday-fixes-two-vulnerabilities-used-in-live-attacks/

5 ★ | 1 Vote