Categories: NewsSecurity

Microsoft Fixes Windows Search Vulnerability to Prevent Remote Code Execution

Windows users often find themselves rather annoyed when Microsoft decides to release an update suddenly. Depending on one’s computer settings, these updates may be installed automatically and force a reboot of one’s computer. Some of these updates are more important than others, however. The most recent update is highly important as it fixes a Windows search vulnerability related to addresses remote execution.

Emergency Windows Update Will Save a lot of Users

Virtually every Windows user benefits from the built-in search option the operating system provides. Searching for documents, files, or programs has become a lot more convenient ever since Windows implemented this feature. However, it turns out the Windows search function suffers from a major flaw which allows assailants to remotely execute code against a computer or server. In that scenario, the hacker would gain complete control of the computer in question.

Microsoft’s August Patch Tuesday update includes four dozen different patches. Over half of these are critical updates, most of which directly relate to remote code execution vulnerabilities. Knowing that an attacker could take over your computer and all of its functions without you noticing is worrying. Thankfully, that should no longer be the case for people who installed this update. Of course, there will likely be other vulnerabilities found in the future.

None of the 48 exploits addressed in this update were used by assailants, according to Microsoft. Given the tenacity and creativity of hackers, that is nothing short of a small miracle. The major vulnerability that required fixing was 

Related Post
CVE-2017-8620 and related to objects stored in the Windows Search function. A hacker would have needed to send a special message to the Windows Search service. Successfully doing so would have given him or her full control over the computer, whether an at-home device or a company server.

This particular exploit affects multiple versions of Windows 10, Windows Server 2012 and Windows Server 2016. Anyone running any of these operating systems should update their installation as quickly as possible. Failure to do so allows assailants to leverage SMB connectivity as an attack vector. We have seen what ransomware types such as WannaCry can do with such a flaw, and no one wants a repeat of that scenario by any means.

Issues such as the Windows Search flaw could severely impact cryptocurrency users in particular. If an attacker were to control a computer used to store one or more cryptocurrency wallets, he or she could empty said wallet without requiring additional authentication. This is part of the reason why hardware wallets — or well secured paper wallets — are always the best option when it comes to storing Bitcoin and other cryptocurrencies. These tools interface with a computer yet have remained immune to malware and hacking so far.

It is good to see Microsoft paying attention to potentially catastrophic flaws. It is unclear how long the Windows Search vulnerability has been known, but it will not cause any more harm to people who install these most recent updates. Having such a vital aspect of the Microsoft Windows operating system affected by a loophole could have had disastrous effects. As much as we all hate the computer delays caused by Windows updates, you might want to get this one as soon as possible.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Top 5 Best Crypto Presales to Grab Now: Don’t Miss These December Week 1 Gems

The crypto market is a buzz with promising presales as 2024 draws the curtains. With…

11 mins ago

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

8 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

9 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

9 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

9 hours ago

$ELIZA Token Launch Marred By Insider Trading Allegations

The launch of $ELIZA, a token introduced by Andreessen Horowitz (a16z) partner @shawmakesmagic, has sparked…

9 hours ago