Patch Tuesday August 2017

Microsoft August 2017 Patch Tuesday addresses 48 security vulnerabilities in six of it’s main product categories. Amoung these 25 CVE’s are rated as Critical, 21 are rated as Important and 2 are rated as Moderate.

More than two dozen remote code execution vulnerabilities are addressed in August 2017 security update. Among these security vulnerabilities, two became public before the patch was released.  CVE-2017-8627(Windows Subsystem for Linux Denial of Service Vulnerability),  which is related to how Windows Subsystem for Linux improperly handles objects in memory.  It allows an attacker to cause a denial of service against the local system on successful exploitation. And CVE-2017-8633(Windows Error Reporting Elevation of Privilege Vulnerability), which is related to Windows Error Reporting (WER). It allows an attacker to gain greater access to sensitive information and system functionality on successful exploitation. Microsoft didn’t detect these vulnerabilities any of them being used in live attacks.

SMBLoris DoS vulnerability, which is revealed in July DEFCON conference. This vulnerability affect all the versions of SMB, is a remote and uncredentialed Denial of Service vulnerability. It affect all modern versions of Windows, at least from Windows 2000 through Windows 10. The Systems remains vulnerable, even if all versions of SMB v1, v2, and v3 are disabled. It is caused by a 20+ year old vulnerability in the SMB network protocol implementation. Microsoft said it would not provide a patch this time, as the vulnerability needs to be attacked over the internet and the SMB port should already be firewalled. hence patch will be provided in up coming day.

The most critical remote code execution vulnerability is due to the way Windows Search handles objects in memory. “An attacker who successfully exploited this vulnerability could take control of the affected system”. Exploitation of this vulnerability requires an attacker to send specially crafted messages to the Windows Search service.

An another important remote code execution vulnerability is related to Windows Hyper-V. It exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker need to run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

This is the first time, some CVE’S patched on the Linux Subsystem under Windows. These are CVE-2017-8622(Windows Subsystem for Linux Elevation of Privilege Vulnerability) and CVE-2017-8627(Windows Subsystem for Linux Denial of Service Vulnerability).

The August security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Adobe Flash Player
Microsoft SQL Server
Microsoft SharePoint

Microsoft security bulletin summary for August 2017:

KB4034674: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8503, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8622, CVE-2017-8623, CVE-2017-8624, CVE-2017-8627, CVE-2017-8633, CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8637, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8642, CVE-2017-8644, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8650, CVE-2017-8652, CVE-2017-8653, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8659, CVE-2017-8661, CVE-2017-8662, CVE-2017-8664, CVE-2017-8672, CVE-2017-8673, CVE-2017-8674, CVE-2017-8666, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671
Impact: Multiple

KB4034733: Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8635, CVE-2017-8636, CVE-2017-8641, CVE-2017-8651, CVE-2017-8653, CVE-2017-8669, CVE-2017-0228
Impact: Remote Code Execution

KB4034681: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8635, CVE-2017-8636, CVE-2017-8641, CVE-2017-8653, CVE-2017-8664, CVE-2017-8666, CVE-2017-8668, CVE-2017-8669
Impact: Multiple

KB4034665: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8635, CVE-2017-8636, CVE-2017-8641, CVE-2017-8651, CVE-2017-8653, CVE-2017-8664, CVE-2017-8666, CVE-2017-8668
Impact: Elevation of Privilege, Remote Code Execution, Denial of Service, Information Disclousre

KB4034662: Adobe Flash Player Multiple Remote Code Execution Vulnerabilites
Severity Rating: Critical
CVE’s: CVE-2017-3085, CVE-2017-3106
Impact: Remote Code Execution

KB4022750: Microsoft Windows Denial of Service Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-0174
Impact: Denial of Service

KB4034034: Microsoft Windows Remote Code Execution Vulnerabilites
Severity Rating: Critical
CVE’s: CVE-2017-8620
Impact: Remote Code Execution

KB4034744: Microsoft Windows Information Disclosure Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8668
Impact: Information Disclosure

KB4035056: Microsoft Windows Remote Code Execution Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8691
Impact: Remote Code Execution

KB4035679: Microsoft Windows Elevation of Privilege Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8633
Impact: Elevation of Privilege

KB4034745: Microsoft Windows Elevation of Privilege Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8624
Impact: Elevation of Privilege

KB4035055: Microsoft Windows Elevation of Privilege And Information Disclosure Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-8593, CVE-2017-8666
Impact: Elevation of Privilege And Information Disclosure

KB4034672: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important/Critical
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8591, CVE-2017-8593,
CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8664, CVE-2017-8666,
CVE-2017-8668
Impact: Elevation of Privilege, Denial of Service, Information Disclosure

KB4034660: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important/Critical
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8503, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8625, CVE-2017-8633, CVE-2017-8635, CVE-2017-8636, CVE-2017-8640, CVE-2017-8641, CVE-2017-8644, CVE-2017-8645, CVE-2017-8646, CVE-2017-8652, CVE-2017-8653, CVE-2017-8655, CVE-2017-8657, CVE-2017-8664, CVE-2017-8666, CVE-2017-8669, CVE-2017-8671, CVE-2017-8672
Impact: Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Denial of Service, Information Disclousre

KB4034775: Microsoft Windows Remote Code Execution Vulnerabilites
Severity Rating: Critical
CVE’s: CVE-2017-0250
Impact: Remote Code Execution

KB4034664: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Critical/Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8636, CVE-2017-8641, CVE-2017-8653, CVE-2017-8666, CVE-2017-8668, CVE-2017-8691
Impact: Elevation of Privilege, Remote Code Execution, Denial of Service

KB4034679: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Critical/Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8666, CVE-2017-8668, CVE-2017-8691
Impact: Elevation of Privilege, Remote Code Execution, Denial of Service

KB4034666: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8633, CVE-2017-8635, CVE-2017-8636, CVE-2017-8641, CVE-2017-8651, CVE-2017-8653, CVE-2017-8664, CVE-2017-8666, CVE-2017-8668
Impact: Elevation of Privilege, Remote Code Execution, Denial of Service, Information Disclousre

KB4034668: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Critical/Important
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8624, CVE-2017-8625, CVE-2017-8633, CVE-2017-8635, CVE-2017-8644, CVE-2017-8652, CVE-2017-8653, CVE-2017-8655, CVE-2017-8664, CVE-2017-8666, CVE-2017-8669, CVE-2017-8672, CVE-2017-8636, CVE-2017-8640, CVE-2017-8641
Impact: Denial of Service, Remote Code Execution, Elevation of Privilege

KB4019090: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019091: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4032542: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019092: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019093: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4036996: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019086: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019088: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4034658: Microsoft Windows Multiple Vulnerabilities
Severity Rating: Important/Critical
CVE’s: CVE-2017-0174, CVE-2017-0250, CVE-2017-0293, CVE-2017-8503, CVE-2017-8591, CVE-2017-8593, CVE-2017-8620, CVE-2017-8623, CVE-2017-8624, CVE-2017-8625, CVE-2017-8633, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8644, CVE-2017-8645, CVE-2017-8646, CVE-2017-8652, CVE-2017-8653, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8661, CVE-2017-8664, CVE-2017-8666, CVE-2017-8672, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671
Impact: Elevation of Privilege, Remote Code Execution, Denial of Service, Information Disclousre

KB2956077: Microsoft Office SharePoint XSS Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8654
Impact: Spoofing

KB4019095: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4019089: Microsoft SQL Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8516
Impact: Information Disclosure

KB4022714: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important/Critical
CVE’s: CVE-2017-0193, CVE-2017-8473, CVE-2017-8474, CVE-2017-8527, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8529, CVE-2017-8530, CVE-2017-8531, CVE-2017-0283, CVE-2017-0284, CVE-2017-8478, CVE-2017-8479, CVE-2017-8532, CVE-2017-8533, CVE-2017-0285, CVE-2017-0287, CVE-2017-8480, CVE-2017-8481, CVE-2017-8543, CVE-2017-0288, CVE-2017-0289, CVE-2017-8482, CVE-2017-8483, CVE-2017-8544, CVE-2017-8547, CVE-2017-8548, CVE-2017-8549, CVE-2017-0291, CVE-2017-0292, CVE-2017-8484, CVE-2017-8485, CVE-2017-0294, CVE-2017-0296, CVE-2017-8489, CVE-2017-8490, CVE-2017-0297, CVE-2017-0298, CVE-2017-0299, CVE-2017-8491, CVE-2017-8492, CVE-2017-0300, CVE-2017-8460, CVE-2017-8493, CVE-2017-8494, CVE-2017-8462, CVE-2017-8464, CVE-2017-8470, CVE-2017-8471, CVE-2017-8522, CVE-2017-8523, CVE-2017-8524, CVE-2017-8465, CVE-2017-8466, CVE-2017-8468, CVE-2017-8515, CVE-2017-8517, CVE-2017-8554, CVE-2017-8575, CVE-2017-8518
Impact: Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Denial of Service, Information Disclousre

KB4022715: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important,Moderate,Critical
CVE’s: CVE-2017-8470, CVE-2017-8471, CVE-2017-8522, CVE-2017-8523, CVE-2017-8524, CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-8475, CVE-2017-8476, CVE-2017-8529, CVE-2017-8530, CVE-2017-8531, CVE-2017-0283, CVE-2017-8477, CVE-2017-8478, CVE-2017-8532, CVE-2017-8533, CVE-2017-0284, CVE-2017-0285, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8543, CVE-2017-0287, CVE-2017-0288, CVE-2017-8482, CVE-2017-8483, CVE-2017-8544, CVE-2017-8547, CVE-2017-8548, CVE-2017-8549, CVE-2017-0289, CVE-2017-0291, CVE-2017-0292, CVE-2017-8484, CVE-2017-8485, CVE-2017-8553, CVE-2017-0294, CVE-2017-0295, CVE-2017-0296, CVE-2017-8489, CVE-2017-0297, CVE-2017-0298, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492, CVE-2017-0299, CVE-2017-0300, CVE-2017-8460, CVE-2017-8493, CVE-2017-8494, CVE-2017-8496, CVE-2017-8497, CVE-2017-8498, CVE-2017-8504, CVE-2017-8462, CVE-2017-8464, CVE-2017-8465, CVE-2017-8466, CVE-2017-8468, CVE-2017-8515, CVE-2017-8517, CVE-2017-0173,

KB4022727: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important/Critical
CVE’s: CVE-2017-0193, CVE-2017-8473, CVE-2017-8474, CVE-2017-8527, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-8475, CVE-2017-8476, CVE-2017-8529, CVE-2017-8530, CVE-2017-8531, CVE-2017-0283, CVE-2017-0284, CVE-2017-8477, CVE-2017-8478, CVE-2017-8532, CVE-2017-0285, CVE-2017-8479, CVE-2017-8480, CVE-2017-8533, CVE-2017-8543, CVE-2017-0287, CVE-2017-0288, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8544, CVE-2017-8547, CVE-2017-8548, CVE-2017-8549, CVE-2017-0289, CVE-2017-0291, CVE-2017-0292, CVE-2017-8484, CVE-2017-8485, CVE-2017-0294, CVE-2017-0296, CVE-2017-8489, CVE-2017-0297, CVE-2017-0298, CVE-2017-8490, CVE-2017-8491, CVE-2017-0299, CVE-2017-0300, CVE-2017-8460, CVE-2017-8492, CVE-2017-8493, CVE-2017-8494, CVE-2017-8462, CVE-2017-8464, CVE-2017-8470, CVE-2017-8471, CVE-2017-8522, CVE-2017-8523, CVE-2017-8524, CVE-2017-8465, CVE-2017-8466, CVE-2017-8468, CVE-2017-8517, CVE-2017-8554, CVE-2017-8575, CVE-2017-8518
Impact: Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Denial of Service, Information Disclousre

KB4022725: Microsoft Windows Multiple Vulnerabilites
Severity Rating: Important,Critical
CVE’s: CVE-2017-8474, CVE-2017-8524, CVE-2017-8527, CVE-2017-8475, CVE-2017-8476, CVE-2017-8529, CVE-2017-8530, CVE-2017-0282, CVE-2017-0283, CVE-2017-8477, CVE-2017-8478, CVE-2017-8531, CVE-2017-8532, CVE-2017-0285, CVE-2017-8479, CVE-2017-8480, CVE-2017-8533, CVE-2017-8543, CVE-2017-0287, CVE-2017-0288, CVE-2017-8481, CVE-2017-8482, CVE-2017-8544, CVE-2017-8547, CVE-2017-8548, CVE-2017-8549, CVE-2017-0289, CVE-2017-0291, CVE-2017-8483, CVE-2017-8484, CVE-2017-8555, CVE-2017-0292, CVE-2017-0294, CVE-2017-0295, CVE-2017-8485, CVE-2017-8489, CVE-2017-0296, CVE-2017-0297, CVE-2017-0298, CVE-2017-8490, CVE-2017-8491, CVE-2017-0299, CVE-2017-0300, CVE-2017-8492, CVE-2017-8493, CVE-2017-8498, CVE-2017-8499, CVE-2017-8504, CVE-2017-8460, CVE-2017-8462, CVE-2017-8470, CVE-2017-8471, CVE-2017-8520, CVE-2017-8521, CVE-2017-8522, CVE-2017-8523, CVE-2017-8464, CVE-2017-8465, CVE-2017-8515, CVE-2017-8517, CVE-2017-8554, CVE-2017-8575, CVE-2017-8518
Impact: Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Denial of Service, Information Disclousre

KB3213643: Microsoft Outlook Multiple Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
Impact: Information Disclosure, Security Feature Bypass, Remote Code Execution

KB4011052: Microsoft Outlook Multiple Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
Impact: Information Disclosure, Security Feature Bypass, Remote Code Execution

KB2956078: Microsoft Outlook Multiple Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
Impact: Information Disclosure, Security Feature Bypass, Remote Code Execution

KB4011078: Microsoft Outlook Multiple Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
Impact: Information Disclosure, Security Feature Bypass, Remote Code Execution

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Summary
Patch Tuesday: Microsoft Security Bulletin Summary for August 2017
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for August 2017
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>