Blog LBMC

Print Divider Print Divider Branding
 

Vulnerability Information Update: July 2017

07/14/2017  |  By: Jessica Mantz

Share

Social Logo Social Logo Social Logo Social Logo

Microsoft Addresses 19 Critical Vulnerabilities for Patch Tuesday

Microsoft released security updates to address a total of 54 vulnerabilities this month.  Of the 54 vulnerabilities, 19 were rated as critical severity and should be patched as soon as possible.  One critical vulnerability in the Windows Search Remote feature could be triggered by a remote unauthenticated attacker over SMB.  This vulnerability (CVE-2017-8589) could allow an attacker to control an affected system and affects multiple operating systems, therefore it should be patched immediately.  Other critical vulnerabilities patched in this month’s security updates affect Microsoft Edge and Internet Explorer.  Additionally, one vulnerability in Microsoft’s HoloLens product was publicly disclosed prior to Patch Tuesday. Microsoft also released patches for CVE-2017-8563 this month which require a new registry setting in addition to applying the patch.

For more information on the security updates for July, please visit:

20-year-old Authentication Bypass Vulnerability in Kerberos

Security researchers discovered an authentication bypass vulnerability in Kerberos affecting the Heimdal implementation of Kerberos since late 1996.  It was later discovered that Microsoft’s implementation of Kerberos was affected as well.  The vulnerability has since been referred to by the title Orpheus’ Lyre due to its similarities to how the mythological character Orpheus lulled Cerberus to sleep with his lyre, allowing him to sneak past.  If successfully exploited using man-in-the-middle techniques, the vulnerability could allow an attacker to steal credentials, escalate privileges, and bypass authentication.  Many Linux distributions use the Hiemdal implementation of Kerberos and have already began to release patches to address this vulnerability.  Microsoft has also released patches to address the vulnerability in its latest Patch Tuesday updates.

For more details on this vulnerability, please visit:

Adobe Patches Three Vulnerabilities in Flash Player and Connect

This month Adobe has addressed six vulnerabilities in two products, making this one of the smaller Patch Tuesday’s in recent history.  July’s security bulletin includes patches to address three vulnerabilities in Adobe Flash Player.  One of the vulnerabilities (CVE-2017-3099) is rated critical and could allow for remote code execution, therefore it is recommended to update to version 26.0.0.137 as soon as possible.  Adobe also fixed three vulnerabilities in Connect for Windows that could be used in cross-site scripting attacks.  It is recommended to update Adobe Connect to version 9.6.2.

More information can be found at Adobe’s website below: