The University Information Security Office (UISO) notes that the July Cumulative Security Rollup from Microsoft includes critical patches which specifically references the Windows Search Remote Code Execution vulnerability CVE-2017-8589. This vulnerability was described in the June Cumulative Security Rollup from Microsoft and included in the 2017-06-13 patch set. The patches released by Microsoft on 2017-07-11 offer additional mitigations for the vulnerability as noted by this Microsoft security advisory.
Due to the nature of this vulnerability, UISO recommends that the July Cumulative Security Rollup be applied as soon as possible and with the same priority as the June Cumulative Security Rollup.
On June 13, 2017 Microsoft released a group of critical security patches in its normal patch schedule. Accompanied with this release was a security advisory that warns these "vulnerabilities are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures."
While no current exploit is known, the University Information Security Office (UISO) believes there is a greater chance of one being developed rapidly and released into the wild. To prevent the spread of such an exploit, patching outside of normal patch schedules is required. In addition, UISO stands ready to take necessary actions to mitigate significant institutional risk that such an exploit might create. Necessary actions may include blocking vulnerable, but not yet compromised, devices from Indiana University's networks.
All versions of Windows are impacted, including out-of-date operating systems like Windows XP and Windows 2003.
UISO has seen worm activity from similar Microsoft Server Message Block 1.0 (SMBv1) vulnerabilities like MS17-010.
UISO urges that these security patches be applied as soon as possible. Additionally, systems should be configured for automatic management of security updates.
No workarounds are recommended. Please patch immediately.