In total, 54 security holes have been fixed that affected both the operating system and its products, including the tech giant Microsoft Edge and Internet Explorer browsers, as well as Office Services and Web Apps, .NET Framework, and Exchange Server. In addition to the critical vulnerabilities, another 32 have been rated as important and 3 others of moderate severity. Among the most important security flaws, we find CVE-2017-8589, which is a remote code execution vulnerability when Windows Search handles objects from memory. An attacker who successfully exploited this vulnerability could take control of the infected computer to install programs, steal or change data, and even create accounts with full user rights. This security hole can be activated remotely using the Server Message Block (SMB) protocol as the attack vector. It affects both desktop operating systems Windows 10, Windows 8.1 and Windows 7, as well as Windows Server 2016, 2012, 2008 R2 and 2008 servers. “Although this vulnerability can take advantage of SMB as an attack vector, it is not a bug of its own of SMB and is not related to the recent security holes exploited by WannaCry and Petya,” explains Jimmy Graham, the director of Qualys Vulnerability Labs. On the other hand, another critical vulnerability that fixes this update is CV-2017-8463, which affects Windows Explorer in all versions of the operating system. The tech giant Microsoft stresses that, fortunately, none of these security breaches have been found to be exploited in nature. So, what do you think about this critical security flaws and vulnerabilities? Simply share your views and thoughts in the comment section below.
Δ
