Keytech customer support login can be found here: Customer Login

August Patch Tuesday – be aware

by / Friday, 11 August 2017 / Published in News

By Brian Cowan

This week saw the August Patch Tuesday release by Microsoft and some important security fixes to popular environments such as Windows 10, Windows Server 2012 and 2016.  25 of the 49 patches issued were to address critical security flaws.

Patch Tuesday headline – Remote code execution flaw

Whilst all security vulnerabilities are important, the not very exotically named CVE-2017-8620 addresses a remote code execution vulnerability for which exploits are believed to be available.  The vulnerability exists in all supported Windows versions and allows an attacker to take control of a machine via a floor in the Windows Search facility.  Once control is established, network havoc can ensue.

Other affected areas

Other areas addressed in the August update include:

Patch Tuesday flaws

Full details of Microsoft Security update releases can be found here.

Whats missing?

During the July DEF CON 25 gathering in Las Vegas highlighted a flaw in the Microsoft Windows Server Message Block (SMB) protocol that has existed back to the days of Windows 200 and possibly earlier.  It is known as SMBLoris and provides facility for remote DOS attacks.

It was originally thought to affect version 1 of SMB only and Microsoft issued a response in 2016. However, it exists in all versions and the recommendation now is to use firewall protection for ports 445 and 139 and limit access locally.

Managing security

If you have any concerns regarding your system security, or wish to have an independent assessment of infrastructure, Keytech provide a range of comprehensive and detailed audit services.

Microsoft Gold Partner - Patch Tuesday