эксплоитов пока еще не наблюдалось, но все может произойти внезапно. впервые за довольно длительное время наши спецы определили эту уязвимость не просто как Critical, а как Emergency (для серверов), так что рекомендовал бы не затягивать на пару месяцев как жертвы ванакрая, а таки пропатчиться июльскими обновлениями.


Top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.

For Windows domain controllers, CVE-2017-8563 should also be considered for prioritization. While Microsoft categorizes the patches for this vulnerability as “Important,” it could be leveraged in targeted attacks to elevate privileges and obtain administrative access to domain controllers. This is similar to other known vulnerabilities in NTLM itself. Please note that this patch does require extra configuration steps to implement the added security.

Aside from CVE-2017-8589, patching for workstations and multi-user systems should focus on CVE-2017-8463, which is a vulnerability in Windows Explorer, as well as multiple browser vulnerabilities in Internet Explorer and Edge. Exploitation of these vulnerabilities require user interaction, but can easily become targets for Exploit Kits.