{"id":1799,"date":"2024-09-25T06:51:02","date_gmt":"2024-09-25T06:51:02","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1799"},"modified":"2024-10-18T17:26:35","modified_gmt":"2024-10-18T17:26:35","slug":"windows-admins-disable-windows-search-now","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/windows-admins-disable-windows-search-now\/","title":{"rendered":"WINDOWS ADMINS, DISABLE \u201cWindows Search\u201d NOW!"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"477\" height=\"318\" src=\"https:\/\/lmntrix.com\/blog\/wp-content\/uploads\/2024\/09\/window-230420_960_720-1.webp\" alt=\"\" class=\"wp-image-1804\"\/><\/figure>\n<\/div>\n\n\n<p>To any Windows Admins reading this post, stop now, download the latest Patch Tuesday installment and then come back.<br><br>In this Tuesday\u2019s release, Microsoft pushed out patches for 48 issues and, incredibly, more than half of them were marked as \u2018Critical\u2019.<br><br>Among them was one critical vulnerability (<strong>CVE-2017-8620<\/strong>) that caught many in the security community off-guard \u2013 the \u201cWindows Search\u201d Remote Execution vulnerability. On successful exploitation, an attacker can perform privilege escalation on the effected system\u2026 and its wormable.&nbsp;<br><br>Let\u2019s take a look:<br><br><strong>Vulnerability Description<\/strong><br><br>According to Microsoft, the vulnerability exploitation takes place when an attacker sends a specially crafted message to the Windows search service. In an enterprise environment, the risk is particularly high as an SMB connection can help an attacker exploit the vulnerability and move laterally through a network.&nbsp;<br><br>If successfully exploited, the vulnerability allows the attacker to take complete control of the target system.<br><br>We\u2019ve seen a similar vulnerability in the past (<strong>CVE-2017-8543<\/strong>) but in this case, there was no mention of \u2018Denial of Service\u2019 in its assessment. This latest vulnerability affecting the Windows Search function, however, has security researchers worried it could be the new \u2018Wannacry\u2019. This is due to the fact the vulnerability is wormable and has the capability to perform Denial of Service attacks on the victim system. &nbsp;Additionally, this even effects the latest versions of Windows.<br><br><strong>Vulnerable Versions<\/strong><br><br>Windows 10 (All versions)<br><br>Windows 8 (All Versions)<br><br>Windows 8.1 (All Versions)<br><br>Windows RT 8.1 (All versions)<br><br>Windows Server 2008 (All versions)<br><br>Windows Server 2012 (All versions)<br><br>Windows Server 2012 R2 (All versions)<br><br>Windows Server 2016 (All versions)<br><\/p>\n\n\n\n<p><strong>Recommendations<\/strong><br><br>Microsoft has released a security patch for this critical vulnerability. If you haven\u2019t already, downloaded it <a href=\"https:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4034668\" target=\"_blank\" rel=\"noopener\">here<\/a>.<br><br>Another solution Microsoft has suggested is that Windows admins disable the \u201cWindows Search\u201d function to avoid any wormable attack exploiting Remote Code Execution in Windows Search. This disables all applications from accessing the Windows Search function. The steps to do so are below:<br><br><img decoding=\"async\" width=\"500\" height=\"203\" class=\"wp-image-1803\" style=\"width: 500px;\" src=\"https:\/\/xdr-mdr.lmntrix.com\/main_web\/wp-content\/uploads\/2024\/09\/w.webp\" alt=\"\"><br><br><strong>Conclusion<\/strong><br><br>Any wormable vulnerability poses an incredible threat to organisations as one successful exploitation can easily spread through the entire network infrastructure. It is recommended to patch Windows as soon as possible. Additionally, disabling the Windows Search function will further mitigate the risk from such an attack.<br><br>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To any Windows Admins reading this post, stop now, download the latest Patch Tuesday installment and then come back. In this Tuesday&rsquo;s release, Microsoft pushed out patches for 48 issues and, incredibly, more than half of them were marked as &lsquo;Critical&rsquo;. Among them was one critical vulnerability (CVE-2017-8620) that caught many in the security community [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1804,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"class_list":["post-1799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-labs"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1799"}],"version-history":[{"count":3,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1799\/revisions"}],"predecessor-version":[{"id":4147,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1799\/revisions\/4147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1804"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}