Microsoft has delivered an average sized Patch Tuesday security update for July that addresses a total of 54 vulnerabilities, 19 of which are rated as critical.

The patches over the usual Microsoft suspects including Windows (7, 8.1, 10); its Edge web browser, Internet Explorer; Windows Server; and Office.

But Redmond has also for the first time issued a patch update for its virtual reality computer, Hololens.

Patch Update

As is usual, the advise for system administrators is to pay immediate attention to the 19 critical patches, as these can lead to remote code execution if left unpatched.

But the good news is that none of these flaws are currently being exploited in the wild.

Jimmy Graham, director of product management at Qualys recommended in a blog posting that top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service.

The flaw can be remotely exploited and can impact both servers and workstations.

Another priority says Graham, especially for Windows domain controllers, is CVE-2017-8563, which can be utilised to elevate privileges and obtain system-level access to domain controllers.

Graham also thinks that CVE-2017-8463, which concerns a Windows Explorer vulnerability, as well as multiple browser vulnerabilities in Internet Explorer and Edge.

Meanwhile Greg Wiseman, senior security researcher at Rapid7, points out that most of the critical vulnerabilities patched this month concern client-side systems, mostly Internet Explorer and Edge.

“Browser-based RCE vulnerabilities are a significant attack vector, but they typically require some degree of social engineering in order to convince the user to visit a malicious web page,” noted Wiseman. “Similarly with most Microsoft Office bugs (eight CVEs this month); users need to be tricked into opening attachments.

Security Awareness

“More concerning are RCE vulnerabilities that do not require any user interaction,” he added. “Exploits can be weaponized to quickly spread malware, as we’ve seen with the recent ransomware outbreaks.”

The spate of recent ransomware attacks such as WannaCry, and the havoc it caused globally, has highlighted the critical nature of IT security for even average members of the public.

Palo Alto Networks recently told Silicon that evolving ransomware is now the biggest cyber security threat being faced.

Quiz: What do you know about cyber security in 2017?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

4 mins ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

52 mins ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

17 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

18 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

19 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

20 hours ago