Microsoft’s October Patch Tuesday release covered a wide spectrum of problems with the majority possibly resulting in remote code execution (RCE) and CVE-2017-11826 being publicly disclosed and actively exploited.
Two other vulnerabilities were also disclosed for the first time, but have not been found in the wild, CVE-2017-8703 and CVE-2017-1777. However, the early take from cyber industry insiders is CVE-2017-11826, found in Microsoft Office, needs to be immediately addressed. If exploited it would allow RCE in the context of the current user, which, if that person is the system’s admin, would allow the attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, Microsoft reported.
“Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” is actively being exploited in the wild,” Jimmy Graham, director of product management at Qualys.
Also disclosed for the first time was CVE-2017-11777, a XSS vulnerability that exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server, Microsoft said. A successfully executed attack would allow the attacker to access content and make changes on the SharePoint site.
CVE-2017-8703 for Windows 10 Version 1703 for x64-based systems, also publicly noted this month, could allow for the creation of a denial of service scenario.
“An attacker can execute a specially crafted application to affect an object in memory allowing them to cause the system to become unresponsive,” said Chris Goettl, Ivanti’s product manager, told SC Media.
Graham also suggested that Windows 10 users give priority to CVE-2017-1771, a vulnerability in Windows’ search service.
“This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya,” he said.