Microsoft has issued a security advisory for CVE-2017-15042, a critical vulnerability affecting multiple Windows versions. Users should apply the security update immediately to prevent potential exploitation.
Microsoft has released a critical security update to address CVE-2017-15042, a vulnerability that could allow remote code execution on affected Windows systems. The vulnerability affects multiple versions of the Windows operating system, including Windows 7, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows Server 2016, and Windows Server 2019.
The vulnerability exists in the Windows kernel and could allow an attacker to execute arbitrary code with elevated privileges. An attacker who successfully exploits this vulnerability could install programs, view, change, or delete data, or create new accounts with full user rights.
Microsoft has assigned this vulnerability a CVSS base score of 8.1 (High), indicating the severity of the threat. The company has released security updates for all supported versions of Windows to address this vulnerability.
Affected Products:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT 8.1
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows Server 2019
Mitigation Steps:
- Apply the security update immediately through Windows Update
- For enterprise environments, deploy the update through WSUS or SCCM
- Verify update installation by checking the installed KB number
- Restart systems after installation to complete the update process
Microsoft recommends that customers apply the security update as soon as possible to protect their systems from potential exploitation. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Customers can find more information about this security update and download the necessary patches from the Microsoft Security Update Guide at https://portal.msrc.microsoft.com.
Comments
Please log in or register to join the discussion