Critical Cyber Security Vulnerabilities
A number of vulnerabilities of varying severity have been discovered and successfully patched this month. If you use Windows 7, 8.1, or 10, especially, take note of the following security updates. The information will help you to know what cyber security steps you need to take to enhance the safety of your systems, networks and business.
Windows Search Remote feature vulnerability (CVE-2017-8589)
A remote code execution (RCE) vulnerability relating to this feature has been discovered to affect several operating systems. This vulnerability allows a remote, unauthenticated attacker to take control of an affected system and install programs, create new accounts, or view and change data. Users of Windows Server 2016, 2012, 2008 R2, 2008 and Windows 7, 8.1 and 10 need to apply the released patch immediately, since this is classified as a critical risk.
Vulnerabilities in Windows 10 Version 1703
Microsoft has also released revisions for patches to susceptibilities unearthed earlier. These relate to CVE-2016-3305 (a local privilege-escalation vulnerability of medium risk) and CVE-2017-8543 (an RCE vulnerability affecting Windows Search). These security exposures had been discovered to affect Windows 10 version 1703.
Hiemdal Implementation of Kerberos/“Orpheus’ Lyre” vulnerability (CVE-2017-8563)
CVE-2017-8563 is an authentication bypass vulnerability that has been discovered in Kerberos. An attacker can exploit it using a man-in-the-middle technique to steal credentials, escalate privileges and bypass authentication.
Both Linux and Microsoft distributions use the Hiemdal implementation of Kerberos. The two companies have released patches to address the vulnerability. In addition to applying the patch, users are advised to make additional changes to the Domain Controller to completely mitigate “Orpheus’ Lyre”.
Adobe July 2017 vulnerabilities
Patches for six vulnerabilities affecting two of Adobe’s products have also been released. The affected products are Adobe Flash Player and Connect for Windows.
Three of the vulnerabilities affect Adobe Flash Player and include CVE-2017-3099 (rated critical). This vulnerability could allow for RCE if not addressed immediately. The solution is to update Adobe Flash Player to v22.214.171.124.
The other three vulnerabilities have been found to affect Connect for Windows and could be exploited by attackers in cross-site scripting attacks. Updating Adobe Connect to v9.6.2 will address the vulnerabilities.
The above bugs are among the 54 vulnerabilities for which Microsoft released patches on July 11. The above four were rated as either important or moderate in severity. Contact your cyber security solutions provider for an in-depth cyber security audit and for the right patches to these and other security flaws.
Phoenix-Guard Technical Writer