Microsoft closes two Windows vulnerabilities used by attackers

Microsoft has patched two vulnerabilities used by attackers during its most recent patch Tuesday. In both cases, it concerns a vulnerability that allows remote code execution. In total, the company closed 94 leaks.

The vulnerabilities include CVE-2017-8543 and CVE-2017-8464, which the respective page states are currently being used by attackers. The first vulnerability is present in Windows Search and has to do with the way the service handles memory objects. According to Microsoft, an attacker in a corporate environment can exploit the vulnerability remotely by sending a special SMB message to the Search service and thereby taking control of a system.

The second vulnerability has to do with the handling of lnk shortcut files. By using a malicious lnk file together with a malicious binary, an attacker can gain the same privileges as the affected user and execute the code of their choice in the binary. Both vulnerabilities are present in several versions of Windows, including Windows 10, Windows 8.1, and Windows Server 2016.

On Tuesday, Microsoft already announced that some patches were aimed at XP and Vista systems. In a statement to ZDNet, the company said these served to plug remaining vulnerabilities used in three NSA tools, which were released by the Shadowbrokers in April. It concerns the tools Englishmandentist, Esteemaudit and Explodingcan. Earlier, Microsoft said it would not release patches for these vulnerabilities.