Microsoft released its October 2017 Patch Tuesday update, which included fixes for 62 vulnerabilities across various...
products, but priority should go to a Windows zero-day.
In the October 2017 Patch Tuesday release, Microsoft resolved three publicly disclosed issues, one of which has been actively exploited in the wild. The Windows zero-day vulnerability is a memory corruption vulnerability in Microsoft Office (CVE-2017-11826).
According to Microsoft, the Windows zero-day could allow remote code execution by an attacker, and it affects programs in Office 2007, 2010, 2013 and 2016. If a malicious actor could convince a victim to open a specially crafted file, they could exploit the Windows zero-day and run code under the privileges of the affected user.
Aside from the Windows zero-day, the October 2017 Patch Tuesday release also included fixes for two vulnerabilities that were publicly disclosed, but have not yet been seen being exploited in the wild.
One of the disclosed issues affects the Linux subsystem in Windows 10. CVE-2017-8703 is a denial-of-service flaw that requires an attacker to run a specially crafted application. While the number of vulnerable users is limited to those running the latest version of Windows 10 -- version 1703 -- with the Linux subsystem installed, Microsoft noted an attack could lead to permanent denial of service and render the target system inoperable.
CVE-2017-11777 is a cross-site scripting vulnerability found in Microsoft SharePoint Enterprise Server 2013 and 2016. The flaw caused SharePoint to fail to properly sanitize a specially crafted web request, and it could result in a privilege-escalation attack.
Of the remaining fixes in the October 2017 Patch Tuesday release, Jimmy Graham, director of product management at Qualys Inc., based in Redwood City, Calif., said IT pros should take note of a vulnerability in the Windows Search service (CVE-2017-11771).
"This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB [Server Message Block] to take complete control of a system, and can impact both servers and workstations," Graham wrote in a blog post. "While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya."
Catch up on the DHCP server exploit fix in the September 2017 Patch Tuesday release.
Learn how zero-day attack prevention can be improved.
Find out how Windows 10 patching could make older systems vulnerable.