“The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations.
Microsoft this month is fixing another serious flaw (CVE-2017-8543) present in most versions of Windows that resides in the feature of the operating system which handles file and printer sharing (also known as “Server Message Block” or the SMB service).
SMB vulnerabilities can be extremely dangerous if left unpatched on a local (internal) corporate network.
If you have Shockwave installed, please consider removing it now.
For starters, hardly any sites require this plugin to view content.
More importantly, Adobe has a history of patching Shockwave’s built-in version of Flash several versions behind the stand-alone Flash plugin version.
As a result Shockwave has been a high security risk to have installed for many years now.“Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly,” Doerr wrote.“As always, we recommend customers upgrade to the latest platforms.The original bulletin from Microsoft’s Security Response Center incorrectly stated that was part of this vulnerability: rather, it has nothing to do with this vulnerability and was not patched. I’m mentioning it here because a Windows user or admin thinking that turning off would stop all vectors to this attack would be wrong and still vulnerable without the patch.All an attacker needs to is get some code to talk to Windows Search in a malformed way – even locally — to exploit this Windows Search flaw.Users running XP or Server 2003 can get the update for this flaw here.