Microsoft has introduced fixes for as many as 48 security issues with its August 2017 Patch, including flaws in the Linux subsystem and SQL Server.
Microsoft has also patched security vulnerabilities in Microsoft Edge that allowed malicious hackers to conduct remote code executions.
All of the security vulnerabilities that Microsoft is fixing this month carry ‘critical’ or ‘important’ tags and range across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.
According to Bobby McKeown, Senior Manager of Engineering at Rapid7, this was also the first time that Microsoft patched security vulnerabilities on the Linux subsystem under Windows. The Redmond-based software giant also issued patches for several security vulnerabilities that were disclosed to the public earlier.
Previously-known vulnerabilities included CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), and CVE-2017-8627 (Windows Subsystem for Linux Denial of Service Vulnerability).
However, McKeown noted that Microsoft didn’t introduce any patch for the SMBLoris vulnerability which is also known to the public. SMBLoris is a vulnerability in the Server Message Block (SMB) that was discovered by security researchers Sean Dillon and Jenna Magius in June.
According to Bleeping Computer, SMBLoris ‘allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target’s computer’. Microsoft declined to issue any patch for SMBLoris vulnerability, stating that it isn’t a security bug but will bring in a fix for it in the future.
Earlier today, Adobe also released patches for as many as 80 security vulnerabilities in its products, including Flash Player, Digital Editions, Reader, Adobe Acrobat, and Experience Manager products.
‘These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure,’ said Adobe in a statement.