Skip to main content

Big Fix Coming For Many Microsoft Vulnerabilities

By June 23, 2017May 24th, 2021Cybersecurity

If you don’t have your PCs set up for automatic updates, you’re definitely going to want to grab Microsoft’s latest, scheduled for release on their next “Patch Tuesday.” June’s Patch Tuesday 2017 is a bit of a departure, because it’s also going to contain updates for Windows XP and Server 2003, neither of which are officially supported by the company anymore.

The reason they’re being included in this particular update is the fact that a hacking collective known as the Shadow Brokers recently released knowledge of a collection of critical “zero-day” exploits, including a number culled from the NSA’s hacking arsenal.

The update seeks to provide a measure of protection for all Windows Operating Systems, including those whose official support has ended. This is a clear sign of just how serious these exploits are, and how seriously the company takes them.

Any one of these exploits could be used by a skilled hacker to take full control of your PC, remotely.

The fix also includes a patch to address SMB vulnerabilities, like the ones exploited in the recent, global “Wannacry” ransomware attack.

The patch also seeks to address the “LNK RCE” vulnerability, which is an exploit that takes advantage of how Windows handles LNK desktop shortcuts, which could allow code to be executed remotely if the icon in question is properly crafted.

According to the researchers behind the latest fix, “The attacker could present the user a removable drive or remote share that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive (or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.”

Security professionals may recognize this, and there’s a good reason for it. This is exactly how the Stuxnet worm operates, which is one of the most devastating worms ever to be devised.

Bottom line: this is a patch you’re not going to want to miss.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.