The vulnerability in Windows Search service could let a hacker take complete control over a server or workstation and leverage worm-like spreading capabilities like those found with WannaCry.
Microsoft released its August 2017 patches on Tuesday, which fixed 48 security flaws in six of the company’s main products. While 25 were rated critical, one is a wormable vulnerability that affects all Windows operating systems.
The CVE-2017-8620 flaw is found in the Windows Search service and can let a hacker remotely execute on unpatched computers and take complete control over a server or workstation.
It’s important to note Microsoft officials said they haven’t seen these bugs being exploited in the wild.
The remote code execution vulnerability is caused by how Windows Search handles objects in memory. According to researchers, hacking this flaw would allow the cybercriminal to send a specially crafted message to the Windows Search service.
“In an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer,” Microsoft said.
And once in a hacker can install programs, view, change or delete data or create new accounts with elevated user privileges. Hackers can leverage the flaw to add worm-like spreading mechanisms, such as those seen with the global WannaCry outbreak.
Further, “failed attacks [using the CVE-2017-8620 bug] will cause denial of service conditions,” which will cause Windows installations to shut down or malfunction, Symantec said.
The bug should be patched on all systems as soon as possible, and it affects all supported Windows versions.
Microsoft recommends if the patch cannot be made due to incompatibilities or other reasons, system admins should shut down the search function or disable the WSearch service.