Microsoft has delivered an average sized Patch Tuesday security update for July that addresses a total of 54 vulnerabilities, 19 of which are rated as critical.

The patches over the usual Microsoft suspects including Windows (7, 8.1, 10); its Edge web browser, Internet Explorer; Windows Server; and Office.

But Redmond has also for the first time issued a patch update for its virtual reality computer, Hololens.

Patch Update

As is usual, the advise for system administrators is to pay immediate attention to the 19 critical patches, as these can lead to remote code execution if left unpatched.

But the good news is that none of these flaws are currently being exploited in the wild.

Jimmy Graham, director of product management at Qualys recommended in a blog posting that top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service.

The flaw can be remotely exploited and can impact both servers and workstations.

Another priority says Graham, especially for Windows domain controllers, is CVE-2017-8563, which can be utilised to elevate privileges and obtain system-level access to domain controllers.

Graham also thinks that CVE-2017-8463, which concerns a Windows Explorer vulnerability, as well as multiple browser vulnerabilities in Internet Explorer and Edge.

Meanwhile Greg Wiseman, senior security researcher at Rapid7, points out that most of the critical vulnerabilities patched this month concern client-side systems, mostly Internet Explorer and Edge.

“Browser-based RCE vulnerabilities are a significant attack vector, but they typically require some degree of social engineering in order to convince the user to visit a malicious web page,” noted Wiseman. “Similarly with most Microsoft Office bugs (eight CVEs this month); users need to be tricked into opening attachments.

Security Awareness

“More concerning are RCE vulnerabilities that do not require any user interaction,” he added. “Exploits can be weaponized to quickly spread malware, as we’ve seen with the recent ransomware outbreaks.”

The spate of recent ransomware attacks such as WannaCry, and the havoc it caused globally, has highlighted the critical nature of IT security for even average members of the public.

Palo Alto Networks recently told Silicon that evolving ransomware is now the biggest cyber security threat being faced.

Quiz: What do you know about cyber security in 2017?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago