Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft has introduced fixes for as many as 48 security issues with its August 2017 Patch, including flaws in the Linux subsystem and SQL Server.

Microsoft has also patched security vulnerabilities in Microsoft Edge that allowed malicious hackers to conduct remote code executions.

All of the security vulnerabilities that Microsoft is fixing this month carry ‘critical’ or ‘important’ tags and range across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.

Apple patches 47 vulnerabilities in iOS, MacOS and WatchOS devices

According to Bobby McKeown, Senior Manager of Engineering at Rapid7, this was also the first time that Microsoft patched security vulnerabilities on the Linux subsystem under Windows. The Redmond-based software giant also issued patches for several security vulnerabilities that were disclosed to the public earlier.

Previously-known vulnerabilities included CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), and CVE-2017-8627 (Windows Subsystem for Linux Denial of Service Vulnerability).

However, McKeown noted that Microsoft didn’t introduce any patch for the SMBLoris vulnerability which is also known to the public. SMBLoris is a vulnerability in the Server Message Block (SMB) that was discovered by security researchers Sean Dillon and Jenna Magius in June.

‘ExplodingCan’ malware may affect 375,000 computers running Microsoft Windows 2003

According to Bleeping Computer, SMBLoris ‘allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target’s computer’. Microsoft declined to issue any patch for SMBLoris vulnerability, stating that it isn’t a security bug but will bring in a fix for it in the future.

Earlier today, Adobe also released patches for as many as 80 security vulnerabilities in its products, including Flash Player, Digital Editions, Reader, Adobe Acrobat, and Experience Manager products.

‘These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure,’ said Adobe in a statement.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]