Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft has introduced fixes for as many as 48 security issues with its August 2017 Patch, including flaws in the Linux subsystem and SQL Server.

Microsoft has also patched security vulnerabilities in Microsoft Edge that allowed malicious hackers to conduct remote code executions.

All of the security vulnerabilities that Microsoft is fixing this month carry ‘critical’ or ‘important’ tags and range across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.

Apple patches 47 vulnerabilities in iOS, MacOS and WatchOS devices

According to Bobby McKeown, Senior Manager of Engineering at Rapid7, this was also the first time that Microsoft patched security vulnerabilities on the Linux subsystem under Windows. The Redmond-based software giant also issued patches for several security vulnerabilities that were disclosed to the public earlier.

Previously-known vulnerabilities included CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), and CVE-2017-8627 (Windows Subsystem for Linux Denial of Service Vulnerability).

However, McKeown noted that Microsoft didn’t introduce any patch for the SMBLoris vulnerability which is also known to the public. SMBLoris is a vulnerability in the Server Message Block (SMB) that was discovered by security researchers Sean Dillon and Jenna Magius in June.

‘ExplodingCan’ malware may affect 375,000 computers running Microsoft Windows 2003

According to Bleeping Computer, SMBLoris ‘allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target’s computer’. Microsoft declined to issue any patch for SMBLoris vulnerability, stating that it isn’t a security bug but will bring in a fix for it in the future.

Earlier today, Adobe also released patches for as many as 80 security vulnerabilities in its products, including Flash Player, Digital Editions, Reader, Adobe Acrobat, and Experience Manager products.

‘These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure,’ said Adobe in a statement.

Copyright Lyonsdown Limited 2021

Top Articles

Making employees part of the solution to email security

Security Awareness Training needs to be more than a box-ticking exercise if it is to keep organisations secure from email threats

Windows Hello vulnerability: Bypassing biometric weakness without plastic surgery

Omer Tsarfati, Cyber Security Researcher at CyberArk Labs, describes a flaw that allows hackers to bypass Windows Hello’s facial recognition Biometric authentication is beginning to see rapid adoption across enterprises…

Legacy systems are holding back your digital transformation

Legacy systems pose a threat to organisational security. IT leaders need to be courageous and recognise the need to upgrade their technology

Related Articles

[s2Member-Login login_redirect=”” /]