Patch Tuesday August: Microsoft corrected two security vulnerabilities affecting all supported versions of Windows.
The company said Tuesday that an attacker could remotely exploit an assessed "critical" remote code execution vulnerability using the way Windows Search handles objects in memory, allowing full control of the affected computer.
An attacker could then install that programs want, read, change or delete data, create new accounts with full user rights. According to the company, all that the attacker has to do to access all of the above is to send a specially configured message to the Windows search service.
Microsoft added that an attacker could remotely trigger this defect via a connection SMB in a network. Την ευπάθεια ανακάλυψαν οι ερευνητές της Trend Micro.
Each of the above vulnerabilities can affect any supported version of Windows, such as Windows Windows 7 και όλες τις εκδόσεις των Windows 10 καθώς και τα συστήματα Windows Server & Hosting.
Although technical details or PoCs are not publicly disclosed for obvious reasons, Microsoft warns that there is a potential for future attacks.
Another "critical" remote code execution flaw in the classic JET database engine could allow an attacker to take full control of a computer.
Microsoft has released updates for another 46 vulnerabilities as part of its regularly scheduled Patch Tuesday updates. More than half of the vulnerabilities that are fixed have been described as "critical".
August updates are available through Windows Update. Of course it is recommended that you update your systems immediately, or finally make the decision to install Linux.
Before doing so please read the following article:
Which is the best Linux distribution for beginners on the platform