Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday update, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.
Top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.
For Windows domain controllers, CVE-2017-8563 should also be considered for prioritization. While Microsoft categorizes the patches for this vulnerability as “Important,” it could be leveraged in targeted attacks to elevate privileges and obtain administrative access to domain controllers. This is similar to other known vulnerabilities in NTLM itself. Please note that this patch does require extra configuration steps to implement the added security.
Aside from CVE-2017-8589, patching for workstations and multi-user systems should focus on CVE-2017-8463, which is a vulnerability in Windows Explorer, as well as multiple browser vulnerabilities in Internet Explorer and Edge. Exploitation of these vulnerabilities require user interaction, but can easily become targets for Exploit Kits.
Adobe has also published security bulletin APSB17-21, which provides patches covering three vulnerabilities and is labeled as critical. In addition to these patches, Microsoft has released an update to Adobe Flash for Windows 8.1, Windows 10, Windows Server 2012 and Windows Server 2016. Patching should focus on workstations and multi-user systems.
Today’s release is normal in size, and covers 54 vulnerabilities in Windows, Internet Explorer, Edge, Office, .net Framework, Adobe Flash, and Exchange. Prioritization is based on current information available, and this blog will be updated if there are any additional changes to the threat landscape.