Microsoft has released a series of statements today with security updates to address “vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.” One of the vulnerabilities being resolved in the June Patch Tuesday release is a critical vulnerability in Windows Search that could allow an attacker to gain full control over a system. This same vulnerability can be used in a enterprise scenario to remotely exploit systems over SMB. In this case, an attacker can remotely take control of a system without need for authentication. This is not one of the previous ETERNAL vulnerabilities that WannaCry and other variants took advantage of, but another SMB vulnerability that has potential to allow for another round of copycat attacks.
Microsoft released updates for this new vulnerability on all currently supported Windows OSs, but also released variations for XP and 2003. This is unprecedented and reflects the seriousness of the vulnerability that has been detected in exploits in the wild.
In addition, Microsoft has also released an advisory along with some other previously non-public updates that resolve high-risk vulnerabilities. Due to recent and past nation state activity and disclosures, Microsoft has reviewed several vulnerabilities and compiled a list of those that are at high risk of exploitation. Ivanti is recommending reviewing of this list and ensuring these updates are in place as quickly as possible to prevent potential cyber attacks in the future, some of which may already be underway.
For Microsoft to review and release several updates for “end of lifed” platforms you can be sure there was good cause. For those on outdated platforms this should not be construed as the new norm. In fact, this should reinforce the need to migrate off these legacy platforms as soon as possible to avoid future risk.
Regarding the rest of Patch Tuesday, there is a total of 94 vulnerabilities being resolved across 12 updates. Two CVEs have been detected in exploits in the wild including CVE-2017-8543, which is the Windows Search vulnerability that can allow remote code execution by exploiting yet another SMB vulnerability. The other, CVE-2017-8464, is a vulnerability in Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed.
These two vulnerabilities alone put all of the OS updates this month as critical and should be taken very seriously based on recent events.
Aside from Microsoft, Adobe has released updates for Flash Player and Shockwave. Flash is rated as critical and should receive some more immediate attention. Shockwave should be updated within the month to be on the safe side.
For more details join us for our monthly Ivanti Patch Tuesday Webinar to get more details on the updates, what to prioritize, issues to look out for and more.