Latest Microsoft Windows Patch Is High Priority
By Kenneth Sprague | August 17th, 2017
One of the vulnerabilities addressed in this week’s Microsoft Patch Tuesday deployment is emerging as a top concern. A remote code execution vulnerability affecting how Windows Search handles objects in memory could allow an attacker to take complete control of servers or workstations.
What’s worse, the flaw could allow for an attack to leverage an SMB connection to access other parts of a network.
“An attacker who successfully exploited this vulnerability could take control of the affected system,” the bulletin said. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Vulnerable operating systems include several versions of Windows 10 (Home, Pro, Enterprise, Mobile, Mobile Enterprise, Education, & IoT Core), Windows Server 2012 and Windows Server 2016. Cyber criminals can enter by sending “specially crafted” messages to the Windows Search service.
“An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer,” the advisory said. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”
Microsoft says it has no evidence that the vulnerability has been exploited in the wild, however that’s almost certain to change now that details have been made public. The patch released this week fixes the way Windows Search handles objects in storage.
Solutions For Your Organization
Luckily, all of TSI’s managed clients are already covered as part of the Microsoft “Patch Tuesday” release. For our unmanaged clients who would like to receive this important update, contact us today!