raywoo - Fotolia
Microsoft's June 2017 Patch Tuesday targeted 94 vulnerabilities, and for the second straight month, it included Windows XP fixes and patches for other unsupported systems in order to remediate flaws that could be exploited by leaked National Security Agency cyberweapons.
Security Advisory 4025685 details additional guidance for critical security updates "that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures," according to Microsoft. The advisory lists 14 critical and one important bulletin for various products, all but one of which could lead to remote code execution (RCE) exploits.
Also included in this advisory are three patches for legacy systems to protect against leaked NSA cyberweapons. There are two Windows XP fixes to mitigate the threat of EsteemAudit (CVE-2017-0176) and EnglishmanDentist (CVE-2017-8487), which are RCE exploits for Windows Remote Desktop Protocol and Object Linking and Embedding, respectively. Additionally, Microsoft patched the Internet Information Services web server, which was vulnerable to the ExplodingCan exploit (CVE-2017-7269).
Microsoft noted that these legacy system and Windows XP fixes must be manually downloaded.
Eric Doerr, general manager for Microsoft's Security Response Center, recommended users download and apply the critical Windows XP fixes.
"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," Doerr wrote in a blog post. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly. As always, we recommend customers upgrade to the latest platforms."
Craig Young, principal security researcher at Tripwire Inc., based in Portland, Ore., said the most interesting news of June Patch Tuesday was the release of these Windows Server 2003 and Windows XP fixes.
"Anyone still using Windows 2003 or XP should install these patches ASAP, with the expectation that they will be actively exploited in the near term. This move may indicate that Microsoft has been made aware of exploits that may be pending imminent release from the Shadow Brokers," Young told SearchSecurity. "It is important for admins to recognize that WannaCry was orders of magnitude smaller than some successful malware campaigns of the past like those propagating using the LNK zero-day vulnerabilities exposed along with Stuxnet. We may not be so lucky the next time this happens."
Other important June Patch Tuesday notes
Topping the priority list should be zero-day vulnerabilities CVE-2017-8543 and CVE-2017-8464, both of which Microsoft said are being exploited in the wild.
"Attackers can take complete control of [a] victim computer by sending a[n] SMB request to Windows search service. The issue [CVE-2017-8543] affects Windows Server 2016, 2012, 2008 as well as desktop systems like Windows 10, 7 and 8.1. Microsoft has also provided a patch for this issue for older [end-of-life] platforms. As the issue is currently used in attacks we recommend organizations to apply patches as soon as possible," Amol Sarwate, director of vulnerability labs at Qualys Inc. in Redwood City, Calif., wrote in an analysis. "Another vulnerability that is currently exploited is CVE-2017-8464, which is the Windows LNK issue that can also allow attackers to take complete control of the victim machine."
Sarwate also suggested users prioritize patches for Windows' graphic font engine vulnerabilities CVE-2017-8527, CVE-2017-8528 and CVE-2017-0283, and Outlook patch CVE-2017-8507, all of which could allow attackers to take complete control of a victim's machine.
Get info on migrating from Windows XP to Windows 10.
Learn more about why enterprises struggle with emergency patching.
Find out about automated enterprise patch management software.