Microsoft patches 19 critical vulnerabilities in Patch Tuesday

July's security update is smaller than previous months, but includes some important fixes

Microsoft has patched 54 vulnerabilities in Windows and other software its latest Patch Tuesday security fix bonanza.

The updates, 19 of which are critical, are bundled into 12 patches and cover flaws in Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange.

Security firm Qualys has picked out one update in particular that it says is most critical for businesses: an exploit in the Windows Search Service affecting all currently supported versions of Windows Server and Windows desktop operating systems that could lead to a remote attack carried out via the Server Message Block (CVE-2017-8589).

Although the Server Message Block was at the centre of the recent WannaCry ransomware attacks, this patch is unrelated to that vulnerability. In fact, although the SMB can be used to leverage the attack, it's not a vulnerability in the SMB itself per se.

Qualys also picks out the patch for CVE-2017-8563 as a priority for admins to update.

"While Microsoft categorizes the patches for this vulnerability as 'Important,' it could be leveraged in targeted attacks to elevate privileges and obtain system-level access to domain controllers," said product management director Jimmy Graham in a blog post. "This is similar to other known vulnerabilities in NTLM itself. Please note that this patch does require extra configuration steps to implement the added security."

While most of the updates apply to the 'usual suspects', like Windows and Office, there is one outlier - CVE-2017-8584, a vulnerability in HoloLens.

Karl Sigler, threat intelligence manager at security firm Trustwave, said in a blog post: "Since the platform (HoloLens) is still in its infancy and primarily targeted at developers rather than consumers, it's nice to see that security is being addressed so early."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

Zapier integration lets you connect 2000+ apps to Microsoft Teams
communications

Zapier integration lets you connect 2000+ apps to Microsoft Teams

1 Oct 2020
The ultimate guide to landing a cyber security career
Careers & training

The ultimate guide to landing a cyber security career

30 Sep 2020
Microsoft unveils Azure for Operators to unlock 5G potential
5G

Microsoft unveils Azure for Operators to unlock 5G potential

30 Sep 2020
Microsoft 365 outage hits Azure, Outlook, and Teams
cloud computing

Microsoft 365 outage hits Azure, Outlook, and Teams

29 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020