Critical Windows Search and Hyper-V Vulnerabilities Tackled by August’s Patch Tuesday
Microsoft has released their monthly security bulletin with 48 security patches—25 of which are labeled Critical, 21 are Important, and two are Moderate in severity. This was a standard batch of updates, addressing issues in Internet Explorer, Microsoft Edge, Windows, Microsoft SharePoint, Adobe Flash Player and Microsoft SQL Server.
A majority of the critical CVEs are Scripting Engine Memory Corruption Vulnerabilities, which is not surprising. Since April of this year, we’ve been seeing a steady increase in vulnerabilities for the Scripting Engine. Typically, in a web-based attack scenario, an attacker would leverage Scripting Engine vulnerabilities to create a malicious website and then maneuver users to visit the site. This current batch of critical vulnerabilities could result in remote code execution if exploited successfully.
Some specific CVEs to note:
- CVE-2017-8620 – This is a Windows Search Remote Code Execution Vulnerability
that is similar to a previous Windows Search vulnerability patched in July. An attacker who successfully exploits this CVE can install programs, manipulate data, create accounts, elevate privilege and take control of the device. Within an enterprise, an attacker can remotely trigger the vulnerability through an SMB connection and control the targeted computer. This is a separate SMB vulnerability from SMBLoris, which has already been disclosed but remains unpatched by Microsoft.
- CVE-2017-8664 – This Hyper-V Remote Code Execution Vulnerability could allow an attacker on a guest operating system to execute arbitrary code on the host operating system.
Adobe’s security bulletins include patches for Adobe Flash Player, Adobe Acrobat and Reader, Adobe Experience Manager, and Adobe Digital Editions. Notably, Adobe Reader has 43 critical and 24 Important CVEs—a particularly large batch. These vulnerabilities are mostly memory corruption issues that would allow an attacker remote code execution on a target system. Users are encouraged to update to version 220.127.116.11, which is the latest version of Adobe Flash Player.
Trend Micro’s Zero Day Initiative (ZDI) helped in the disclosure of the following vulnerabilities and/or security improvements:
Trend Micro Solutions
- 1008410 – Microsoft .NET Framework Pointer Verification Vulnerability (CVE-2009-0090)
- 1008522 -Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250)
- 1008523 -Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-8625)
- 1008525 -SMBLoris Denial Of Service Vulnerability
TippingPoint customers are protected via the following MainlineDV filters:
- 5683: RDP: Windows Remote Desktop Access on Non-Standard Ports
- 12146: HTTP: Microsoft Excel Record Type Confusion Vulnerability
- 27746: HTTP: Microsoft Windows PDF Library JPEG2000 Memory Corruption Vulnerability
- 28184: HTTP: Microsoft Windows advapi32 Type Confusion Vulnerability
- 29339: SMB: Windows SMB and Samba Denial-of-Service Vulnerability (SMBLoris)
- 29340: HTTP: Microsoft Windows VBScript CHM Security Bypass Vulnerability
- 29053: HTTP: Microsoft Jet OLEDB Integer Overflow Vulnerability