One of the vulnerabilities addressed in this week’s Microsoft Patch Tuesday deployment is emerging as a top concern.
A remote code execution vulnerability affecting how Windows Search handles objects in memory could allow an attacker to take complete control of servers or workstations.
What’s worse, the flaw could allow for an attack to leverage an SMB connection to access other parts of a network.
“An attacker who successfully exploited this vulnerability could take control of the affected system,” the bulletin said. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Vulnerable operating systems include several versions of Windows 10, Windows Server 2012 and Windows Server 2016.
Cyber criminals can enter by sending “specially crafted” messages to the Windows Search service.
“An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer,” the advisory said. “Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”
Microsoft says it has no evidence that the vulnerability has been exploited in the wild, however that’s almost certain to change now that details have been made public.
The patch released this week fixes the way Windows Search handles objects in storage.
Send tips and news to [email protected].