Microsoft Windows and Windows Server

A critical remote code execution vulnerability, CVE-2017-8620, was included in Microsoft's Patch Tuesday release on August 8 that affects all currently supported versions of Windows and Windows Server. The flaw exists in Microsoft’s desktop search utility and could allow a threat actor to elevate privileges and remotely run arbitrary code. In an enterprise network, a remote, unauthenticated threat actor could leverage SMB (Server Message Block) to remotely trigger the vulnerability and take control of the targeted system to install programs; view, change, or delete data; or create new accounts with full user rights. Security researchers fear this vulnerability could be used as a vector to carry out a wide-scale attack similar to the WannaCry incident that occurred on May 12, two months after the patch for the vulnerability that was exploited was released. The NJCCIC strongly recommends users and administrators review Microsoft’s Security Update and apply the necessary update to Windows and Windows Server devices as soon as possible. If deploying the patch is not immediately feasible, disable the WSearch service as a temporary mitigation.