Earlier this week, Microsoft released a major update for Windows that includes fixes to 48 separate vulnerabilities. Microsoft releases security updates every month but this week’s update includes two fixes to issues rated with the highest security rating. Updates rated at the “critical” level are flaws that could be exploited by malware if left unsecured.
The most serious vulnerability is related to how Windows handles objects in memory. By exploiting Windows Search, an attacker could remotely access and take control of a user’s computer. This would give an attacker the ability to view, change, or delete data on the computer or even create new user accounts that would give them complete control over the system. In order to exploit the vulnerability, an attacker could send specially crafted messages to the Windows Search service. Alternatively, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of the targeted computer. The Windows Search vulnerability was found to be in effect on all current versions of Windows.
Oddly absent from this month’s patch Tuesday is a solution for the SMBLoris vulnerability, which was revealed back in July, which allows for a remote denial-of-service attack. Microsoft has stated that the SMBLoris vulnerability is not a priority at this time because the exploit can only be attacked through the internet and the SMB port should already be protected behind a firewall. While true for businesses that follow best security practices, this does leave an open vulnerability for businesses with lax security. Fortunately, Microsoft does plan to patch the SMBLoris vulnerability at a later undisclosed date
As for everything covered in this month’s update, Microsoft has stated that none of the vulnerabilities have been exploited in the wild. However, given the critical nature of the updates; it is vital that you patch them as soon as possible.