August Patch Tuesday: Microsoft fixed 48 security vulnerabilities

This month’s security bulletin covers security updates for Windows and other Microsoft products

August Patch Tuesday is here. Microsoft has solved 48 security issues.^[1] This month's security bulletin includes updates for Windows operating system and both of the inbuilt browsers – Microsoft Edge and Internet Explorer. Adobe Flash Player, Microsoft SharePoint, and Microsoft SQL Server received security updates as well.

25 of the fixes are marked as critical. However, security experts agree that the most important security bulletin is CVE-2017-8620.^[2] The discovered flaw allowed attackers to execute malicious code and attack unpatched computers that run on all supported Windows versions.

Adobe products also received some security updates. The company continues fixing security flaws of the Adobe Flash Player, Reader, and others software that is widely exploited by the attackers.

Windows Search Remote Code Execution Vulnerability is fixed

Security bulletin CVE-2017-8620 solves the problem with Microsoft Windows Search Component. The attackers can take advantage of this vulnerability in order to take full control over the device. As a result, cyber criminals can install malicious programs, Trojans, delete or steal data.

One of the biggest threats related to this security flaw is that attackers can use it for distributing self-spreading worms. This scenario has been used by WannaCry and NotPetya authors. However, this vulnerability was detected in all supported versions of Windows, including Windows 10 which users were immune to WannaCry attack.^[3]

The released update fixes the bug in how Windows Search handles objects in memory. Therefore, if you have disabled automatic updates, you must install this crucial updated immediately from the official website.

Adobe presented more security updates for their products

Microsoft included August 2017 Flash Update in their August Patch Tuesday. However, Adobe itself presented their security updates too. The company fixed 81 security flaws in Flash, Acrobat and Reader, Experience Manager, and Digital Editions. Thus, these updates should not be ignored too.

Adobe Flash received two updates that fix information disclosure (CVE-2017-3085) and remote code execution vulnerabilities (CVE-2017-3106),^[4] which is marked as critical. The security updates are available for Windows, Macintosh, Linux and Chrome OS.

The biggest attention was paid to vulnerabilities in Adobe Acrobat and Reader.^[5] This product received the majority of security updates that are available for Windows and Macintosh users. These vulnerabilities are marked as critical and important, so their exploitation might let criminals to take control over the affected computer.