Top

New malware attacking Windows again

This also includes those versions which do not get support from Microsoft anymore.

Microsoft pushed out this month’s Patch Tuesday updates and the company has confirmed that it was already aware of attacks trying to exploit some of the known vulnerabilities, urging users to patch their systems as soon as possible.

The vulnerability present here is CVE-2017-8543 which has been known to affecting all Windows versions present. This also includes those versions which do not get support from Microsoft anymore.

The vulnerability takes advantage of the Remote Code Execution flaw in the Windows Search Service which allows an attacker to take control of a vulnerable system. The update has been released for all Windows versions from Windows XP to Windows 10, even though older releases are no longer getting support.

“To exploit the vulnerability, the attacker could send specially crafted SMB messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer,” Microsoft has stated.

The second vulnerability found is s CVE-2017-8464 and it targets the way an icon is displayed if malicious code is injected.

“The attacker could present to the user a removable drive that contains a malicious shortcut file and an associated malicious binary. When the user opens this drive in Windows Explorer, or any other application that parses the icon of the shortcut, the malicious binary will execute code of the attacker’s choice on the target system,” Microsoft explains.

Next Story