Posted on Wednesday, August 09 2017 @ 13:18 CEST by Thomas De Maesschalck
Yesterday was Patch Tuesday and Microsoft delivered a total of 48 security updates for its software products, including 25 that are marked as critical security threats. A notable highlight in this month's edition of Patch Tuesday is a bug in the Windows search functionality that can result in elevation of privilege. In a business environment the bug is more potent as remote exploitation is possible via a SMB query:
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.
The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.
There are also nine updates for Microsoft's JavaScript engine, these fix critical memory corruption bugs. Another interesting update can be found in the list of the "important" updates. One of these targets a Hyper-V vulnerability that allows a guest to escape the hypervised sandbox:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
More details about the other updates can be read
at The Register.