Blog LBMC

Print Divider Print Divider Branding
 

Vulnerability Information Updates: August 2017

08/17/2017  |  By: Jessica Mantz

Share

Social Logo Social Logo Social Logo Social Logo

Microsoft Addresses 48 Vulnerabilities Across Six Products

In its August Patch Tuesday Security Bulletin, Microsoft released updates to address 48 vulnerabilities, 25 of which were rated critical. The vulnerabilities affect the following products: Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft SharePoint, Adobe Flash Player, and Microsoft SQL Server. 

One critical vulnerability affecting the Windows Search service (CVE-2017-8620) could allow for remote code execution via SMB and should be patched immediately. None of the vulnerabilities are currently attacked in the wild. However, it is recommended to apply the updates as soon as possible.

More information can be found on the following sites: 

New Apache Struts Remote Code Execution Vulnerability

A new critical vulnerability was disclosed in Apache Struts 2, which could allow remote code execution on an affected server. It allows an attacker to execute code on a vulnerable system by sending a specially-crafted request with a malicious value in a vulnerable parameter to an affected system. 

The vulnerability (CVE-2017-9791) affects Struts versions 2.3.x with Struts 1 plugin and Struts 1 action.  Apache recommends resolving the vulnerability by always using resource keys, instead of passing raw messages to the ActionMessage, or to upgrade to Apache Struts 2.5.x as soon as possible. 

For more details on this vulnerability, please visit: