June’s Patch Tuesday saw 90 vulnerabilities mitigated, two of which were suffering from ongoing attacks.
One of the vulnerabilities undergoing exploitation is a LNK remote code execution flaw in Windows (CVE-2017-8464) an attacker could leverage when the icon of a specially crafted shortcut file is displayed.
“The attacker could present to the user a removable drive that contains a malicious shortcut file and an associated malicious binary. When the user opens this drive in Windows Explorer, or any other application that parses the icon of the shortcut, the malicious binary will execute code of the attacker’s choice on the target system,” Microsoft said in an advisory.
Microsoft said the impact of this flaw is less severe if the targeted user does not have administrator rights.
There is another vulnerability undergoing exploitation and that is a remote code execution bug affecting Windows Search (CVE-2017-8543).
“To exploit the vulnerability, the attacker could send specially crafted SMB messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer,” Microsoft said. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”
Three of the vulnerabilities patched by Microsoft – all of them affecting the Edge web browser – have already been publicly disclosed. They are a security feature bypass and information disclosure issues, but none of them has been rated critical.
Eighteen flaws ended up rated critical, while the rest are considered important.