A total of 62 vulnerabilities getting patched this month

Oct 11, 2017 06:22 GMT  ·  By

Microsoft has released updates to address no less than 62 vulnerabilities in its software, including 30 flaws that were discovered in Windows 10 plus a zero-day security bug in the Office productivity suite that’s already being exploited in the wild.

The Redmond-based software firm confirmed in this month’s Patch Tuesday documentation that Microsoft Office vulnerability  CVE-2017-11826 should be treated with extra care because it’s already aware of attacks and system admins should patch it as soon as possible. Oddly enough, Microsoft has only rated this flaw with an “important” security rating.

Affecting all supported versions of Office, including 2010, 2013, and 2016, the vulnerability allows an attacker to run arbitrary code on the target system and even take control of the system, which is only possible if the logged-in user has administrator rights.

The attack is conducted with crafted documents that are distributed via email, instant messages, or straight though a website, in which case the attacker needs to convince users to load the page in their browsers and download the file.

28 critical vulnerabilities

A total of 30 vulnerabilities in this new Patch Tuesday rollout concern the Windows operating system and of particular attention is CVE-2017-11771.

Discovered in the Windows Search service, this vulnerability can allow attackers to take control of a system should they manage to exploit it remotely via SMBC.

“While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya,” Jimmy Graham, security expert at Qualys, said.

Additionally, there are two vulnerabilities in the Windows font library which can be used by cybercriminals to eventually run code on a system with the help of a malicious file, distributed in the same methods as the ones mentioned above.

It goes without saying that Microsoft customers are recommended to patch their systems as soon as possible, and keep in mind that reboots are required to complete deployment.