Microsoft’s monthly Patch Wednesday bundle of fixes sees a total of 25 critical vulnerabilities in several products taken care of, including the first fix for a security flaw in the Windows Subsystem for Linux (WSL).
Attackers who are logged in locally could abuse the bug in how WSL handles named pipes interprocess communications, and execute code with full administrator privileges.
Microsoft said the privilege escalation vulnerability (CVE-2017-8622), which affects Windows 10 version 1703 64-bit, is unlikely to be exploited.
The Windows Subsystem for Linux appeared last year. It is the result of a collaboration between Microsoft and Canonical, which develops Ubuntu, and allows users to run Linux binary executables on Windows 10.
Memory corruption issues continue to plague Microsoft’s scripting engine for Windows used by Internet Explorer and the Edge web browsers, with 17 bugs that allow remote code execution being squashed this month.