Microsoft has delivered an average sized Patch Tuesday security update for July that addresses a total of 54 vulnerabilities, 19 of which are rated as critical.

The patches over the usual Microsoft suspects including Windows (7, 8.1, 10); its Edge web browser, Internet Explorer; Windows Server; and Office.

But Redmond has also for the first time issued a patch update for its virtual reality computer, Hololens.

Patch Update

As is usual, the advise for system administrators is to pay immediate attention to the 19 critical patches, as these can lead to remote code execution if left unpatched.

But the good news is that none of these flaws are currently being exploited in the wild.

Jimmy Graham, director of product management at Qualys recommended in a blog posting that top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service.

The flaw can be remotely exploited and can impact both servers and workstations.

Another priority says Graham, especially for Windows domain controllers, is CVE-2017-8563, which can be utilised to elevate privileges and obtain system-level access to domain controllers.

Graham also thinks that CVE-2017-8463, which concerns a Windows Explorer vulnerability, as well as multiple browser vulnerabilities in Internet Explorer and Edge.

Meanwhile Greg Wiseman, senior security researcher at Rapid7, points out that most of the critical vulnerabilities patched this month concern client-side systems, mostly Internet Explorer and Edge.

“Browser-based RCE vulnerabilities are a significant attack vector, but they typically require some degree of social engineering in order to convince the user to visit a malicious web page,” noted Wiseman. “Similarly with most Microsoft Office bugs (eight CVEs this month); users need to be tricked into opening attachments.

Security Awareness

“More concerning are RCE vulnerabilities that do not require any user interaction,” he added. “Exploits can be weaponized to quickly spread malware, as we’ve seen with the recent ransomware outbreaks.”

The spate of recent ransomware attacks such as WannaCry, and the havoc it caused globally, has highlighted the critical nature of IT security for even average members of the public.

Palo Alto Networks recently told Silicon that evolving ransomware is now the biggest cyber security threat being faced.

Quiz: What do you know about cyber security in 2017?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage

Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week's…

2 hours ago

Wisk Plans Autonomous Air Taxi Flights By Decade’s End

Boeing-owned start-up Wisk plans autonomous eVTOL flights by end of decade as companies crowd into…

1 day ago

US Cracks Down On Tech Shipments To Russia

Shipments of high-end chips and other electronics to Russia via China and Hong Kong said…

1 day ago

Double-Digit Growth For Google Expected Amidst AI Push

Google expected to see double-digit revenue and profit growth for second quarter amidst AI cloud…

1 day ago