Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft fixes 48 security vulnerabilities with its August 2017 Patch

Microsoft has introduced fixes for as many as 48 security issues with its August 2017 Patch, including flaws in the Linux subsystem and SQL Server.

Microsoft has also patched security vulnerabilities in Microsoft Edge that allowed malicious hackers to conduct remote code executions.

All of the security vulnerabilities that Microsoft is fixing this month carry 'critical' or 'important' tags and range across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.

Apple patches 47 vulnerabilities in iOS, MacOS and WatchOS devices

According to Bobby McKeown, Senior Manager of Engineering at Rapid7, this was also the first time that Microsoft patched security vulnerabilities on the Linux subsystem under Windows. The Redmond-based software giant also issued patches for several security vulnerabilities that were disclosed to the public earlier.

Previously-known vulnerabilities included CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), and CVE-2017-8627 (Windows Subsystem for Linux Denial of Service Vulnerability).

However, McKeown noted that Microsoft didn't introduce any patch for the SMBLoris vulnerability which is also known to the public. SMBLoris is a vulnerability in the Server Message Block (SMB) that was discovered by security researchers Sean Dillon and Jenna Magius in June.

'ExplodingCan' malware may affect 375,000 computers running Microsoft Windows 2003

According to Bleeping Computer, SMBLoris 'allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target's computer'. Microsoft declined to issue any patch for SMBLoris vulnerability, stating that it isn't a security bug but will bring in a fix for it in the future.

Earlier today, Adobe also released patches for as many as 80 security vulnerabilities in its products, including Flash Player, Digital Editions, Reader, Adobe Acrobat, and Experience Manager products.

'These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure,' said Adobe in a statement.

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles