Patch Tuesday for July had Microsoft plugging 54 holes in its products.
The lion’s share of fixes came in the Windows operating system with 26 patches.
All current Windows versions that receive support ended up patched, meaning Windows 7, Windows 8.1, and Windows 10. There were 19 critical flaws in the operating system, all of them leading to Remote Code Execution.
One of the vulnerabilities taking center stage is CVE-2017-8589, which affects all Windows versions, and also Windows Server 2008, 2008 R2, 2012, and 2016.
The vulnerability is in the Windows Search service and can end up leveraged in an SMB attack. While that may sound familiar, it is not related to the security flaw exploited with the WannaCry and Petya ransomware attackers.
Microsoft said this new vulnerability could allow an attacker to get full control of an unpatched system by sending a crafted message to the Windows Search service.
Another critical vulnerability is CVE-2017-8463, which impacts Windows Explorer and all Windows versions still getting support.
“To exploit this vulnerability, an attacker would first share both a folder and malware named with an executable extension, and then trick the user into thinking that the malware was the folder. The attacker could not force the user to open or browse the share but could use email or instant messages to trick them into doing so,” Microsoft said in a post.
Microsoft did say there are no vulnerabilities that are being exploited in the wild, but users are recommended to update their systems as soon as possible anyway. Reboots are required to complete patching.