14 DAY TRIAL // The September 2017 Patch Tuesday rollout is kind of huge, as it includes fixes for no less than 81 vulnerabilities, 5 of which have been discovered in Adobe software, which is also patched via Windows Update given the Flash Player comes integrated into Edge and Internet Explorer browsers.
A total of 27 vulnerabilities have been rated as critical, and 39 of them allow Remote Code Execution, which basically means that an attacker could get control of the unpatched system with a successful exploit.
In case you’re using Microsoft’s browsers, be it Internet Explorer or Edge in Windows 10, you should know that no less than 22 critical vulnerabilities are affecting these applications, with the majority being aimed at the Scripting Engine. Users and system administrators should prioritize patching the two browsers, as the attacks take place via malicious websites that could spread via email messages.
Zero-day flaw in .NET Framework
One particular vulnerability that users should be looking after is detailed in CVE-2017-8759 and it affects Microsoft’s .NET Framework. The odd thing is that the vulnerability is marked as Important, but Microsoft says that exploits have already been discovered in the wild, and users should patch as soon as possible.
“This is a user targeted vulnerability meaning an attacker could convince a user to open a malicious document or application resulting in their ability to take control of the affected system. If the user is configured as less than a Full Administrator the attack would be mitigated somewhat by only allowing the attacker to perform actions in the context of that user’s permissions, so least privilege helps here. Open question as to why it is only rated as Important if it is a user targeted vulnerability and already known to be exploited,” Chris Goettl, product manager, Ivanti, told us in a detailed analysis of this month’s Patch Tuesday.
Adobe is also fixing Flash Player vulnerabilities, and Windows users are getting the new version via Windows Update. There are 5 critical flaws in Adobe software and 2 of them impact Flash.
As it happens every month, users are recommended to patch their systems as soon as possible, and a reboot will be required to complete the process, which means that work needs to be saved before deployment.