On its face, it appears to be just another security patch, addressing a total of 48 issues, 25 of which are listed as being critical. Given that, it would be easy to overlook CVE-2017-8620, but closing this security loophole is reason enough to grab the update.
Unfortunately, Windows Search Service has had this problem for a very long time. In fact, it’s an issue with every currently supported version of the product, although it was only recently discovered by security researchers. Here’s the company’s official explanation of the bug:“A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change or delete data, or create new accounts with full user right.
To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search Service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.”
As you can see, based solely on that description, it’s major. But it’s even worse than you might first realize, because this bug is “wormable,” which means that a hacker could marry the exploit execution code with self-replicating code and create a real monster of a problem that spreads like wildfire.
It should be noted that so far, although this bug has been around for a while, there have been no reported instances of its exploitation in the wild. Nonetheless, hackers pore over the release notes that accompany Windows security patches, and if you don’t grab this one, you can expect that some enterprising hacker will make you wish you had.