Microsoft August Patches: The Inside Line
Microsoft August Patches: The Inside Line
While some sit back and enjoy the last weeks of summer vacation, the team here at Options is actively on top of Desktop & Server security. Yesterday’s Patch Tuesday release by Microsoft brought us 48 fresh security risks and updates to peruse, notably for Windows and Internet Explorer.
So Who Made Our Top 3?
Although a fair number of critical updates were released this month, a closer look shows that only a few warranted public disclosures and one is known to be exploited. Furthermore, some updates resolved a huge chunk of CVEs on the hitlist including IE Cumulative, OS Cumulative or Security Only Bundles and Flash Player.
Patch teams may appreciate that (somewhat) quieter end to the summer but, as always, some require immediate attention. Read on for our roundup of the ones to prioritize.
CVE-2017-8620 – Windows Search Remote Code Execution Vulnerability
This tops Microsoft’s list this month and rightly so as it is actively under attack. Much like a previous Windows Search vulnerability, this bug allows a malicious SMB request to execute code on a target system. In short, an attacker could remotely trigger the vulnerability through an SMB connection and then take control of the affected system to install programs; create new account and more.
While Microsoft’s security team seem to have released a cluster of fixes to the search service, we remain vigilant as it may be a sign that more vulnerabilities are lying dormant. As there is no way to know, administrators need to continue to follow security best practices. If you haven’t already, consider yourself cautioned once again to disable SMBv1.
CVE-2017-8664 – Windows Hyper-V Remote Code Execution Vulnerability
This bug was flagged by the Zero Day Initiative as one to watch. According to Microsoft, Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, all an attacker needs to do is run a malicious application on a guest OS that could cause the Hyper-V host operating system to execute the arbitrary code. According to the Zero Day Initiative, an exploit like this would have earned 100,000 USD in the Pwn2Own hacking competition.
CVE-2017-8633 – Windows Error Reporting Elevation of Privilege Vulnerability
This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality. To exploit this vulnerability, an attacker would run a specially crafted application. This update corrects the way the WER handles and executes files.
No patch for SMBLoris?
Of interest is that more SMB flaws have been detected, this time the SMBLoris vulnerability. And yet, not enough of a risk to warrant a fix from Microsoft who advises that Windows Server administrators can handle it on their own. The remote denial-of-service attack was uncovered at the annual DEFCON hacker’s conference in July as a result of investigations on EternalBlue, Petya and WannaCry.
Microsoft’s justification: the vulnerability only presents itself through the internet, and the SMB port should already be firewalled. Essentially, if you are on your game and follow security best practices, you won’t have anything to worry about. For administrators who aren’t… well, it’s another thing to add to your list.
The number of updates released by Microsoft this month is lower than previous months, and we can’t help but wonder if this is a strategy so as all focus remains on their Windows 10 anniversary update. Regardless, our priority at Options is to patch aggressively for those fixes as and when they become available. And in the absence of fixes for known vulnerabilities? That’s where the security tools layered across our infrastructure show their worth. Fortinet firewalls, Trend Antivirus, Splunk SIEM are just some of the tools that fortify our architecture to ensure our clients’ estate isn’t compromised.
Until next month…