Softpedia >News >Microsoft >Windows
Softpedia Homepage   

Microsoft Publishes Windows Updates to Fix 94 Security Vulnerabilities

It’s time to say it again: patch, patch, patch!

Jun 14, 2017 06:42 GMT  ·  By
Microsoft now emphasizing the risks of unpatched systems in Windows Update
   Microsoft now emphasizing the risks of unpatched systems in Windows Update

This month’s Patch Tuesday rollout brought us updates for a total of 94 security vulnerabilities in Microsoft software, including some that are being already targeted by cybercriminals across the world.

As mentioned earlier today, Microsoft also published a new set of updates for Windows XP, the second time the company does that for the operating system that reached end of support in April 2014, after it also shipped an emergency patch to block WannaCry last month.

In addition, there’s a new vulnerability that Microsoft is patching this month and which is affecting all Windows versions, including the new Windows 10. CVE-2017-8543 is already being targeted by attackers, who can get full control of a system by sending an SMB request to the Windows Search service.

Then, there’s also CVE-2017-8464, which also allows attackers to take control of a system, as well as CVE-2017-8527, a vulnerability in the Windows graphic font engine and which can be exploited with a malicious font file.

27 RCE flaws

Microsoft Edge and Internet Explorer, the two browsers that are being offered in Windows 10, are also getting lots of patches for a series of vulnerabilities, including CVE-2017-8498, CVE-2017-8530 and CVE-2017-8523. These security flaws have already been disclosed publicly, but Microsoft says that it’s not aware of any attacks attempting to exploit them. Users should install the updates as soon as possible, though.

Overall, the products that are getting updated today are Internet Explorer, Microsoft Edge, Windows (all versions, including Windows XP), Microsoft Office and Office Services and Web Apps, Silverlight, Skype for Business and Lync, and Adobe Flash Player (which is being patched because it’s part of the browsers).

Out of the 94 vulnerabilities that Microsoft is patching this month, no less than 27 of them are addressing remote code execution flaws that could be used by attackers to take control of an unpatched system. This emphasizes how important it is for systems to be updated as soon as possible, especially given that attacks exploiting these vulnerabilities are already happening.

All these updates are shipped via Windows Update and they require a system reboot to complete the install.