Patch Tuesday August: Microsoft corrected two security vulnerabilities affecting all supported versions of Windows.
Η company said on Tuesday that an attacker could remotely exploit a remote code execution vulnerability rated "critical" using the way Windows Search handles objects in memory, allowing it to take full control of an affected computer.
An attacker could then install, read, change or even delete whatever programs they want data, to create new accounts with full user rights. According to the company, all an attacker has to do to gain access to all of the above is to send a specially crafted message to the Windows search service.
Microsoft added that an attacker could remotely enable the flaw through a connectionς SMB on a network. The vulnerability has been discovered by Trend Micro researchers.
Each of the above vulnerabilities can affect any supported version of Windows, such as Windows Windows 7 and all versions of Windows 10 as well as systems Windows Server.
Although technical details or PoCs are not publicly disclosed for obvious reasons, Microsoft warns that there is a potential for future attacks.
Another "critical" remote code execution flaw in the classic JET database engine could allow an attacker to take full control of a computer.
Microsoft has released updates for another 46 vulnerabilities as part of its regularly scheduled Patch Tuesday updates. More than half of the vulnerabilities that are fixed have been described as "critical".
August updates are available through Windows Update. Of course, it is recommended that you update your systems immediately, or finally get the decision to install Linux.
Before doing so please read the following article:
Which is the best Linux distribution for beginners on the platform