Microsoft Patch Tuesday, July 2017, Finally addresses 51 security vulnerabilities and three vulnerabilities for Adobe Flash Player. However, 19 vulnerabilities are rated as Critical, 32 as Important, and three as Moderate. A good vulnerability management tool can prevent these issues.
Moreover, 12 Critical vulnerabilities affect Microsoft Scripting Engine, which can result in Remote Code Execution. The other critical vulnerabilities affect Internet Explorer, Edge, and Windows. Therefore, many of the Important vulnerabilities affect Microsoft Office, including multiple Remote Code Execution vulnerabilities. These vulnerabilities can be solved by using a vulnerability management software.
There are two zero-day vulnerabilities, LDAP Relay (CVE-2017-8563) and RDP Relay, within the Windows NT LAN Manager (NTLM) Authentication Protocol; however, both of which handle the protocol improperly and could allow attackers to create a new domain administrator account and get control of the entire domain. Moreover, for CVE-2017-8563, a fix was released as part of July’s Patch Tuesday, and for the second issue, Microsoft said it is a “known issue” which requires network configuration to prevent malicious NTLM relays.
HoloLens Device:
However, Microsoft issued the patch for another critical Remote Code Execution Vulnerability (CVE-2017-8584) in the HoloLens device. Therefore, the vulnerability exists when improperly handled objects in memory due to specially crafted WiFi packets. This finally compromises Hololen’s device by receiving WiFi packets without authentication.
The top priority for the patch is Remote Code Execution Vulnerability in the Windows Search service (CVE-2017-8589). However, this can be exploited remotely via SMB to take complete control of a system and impact servers and workstations.
The patching of Windows Elevation of Privilege Vulnerability in NT LAN Manager(CVE-2017-8563) Authentication Protocol also should be considered a priority. Therefore, It could allow the targeted attackers to elevate privileges and obtain administrative access to the domain controller.
Aside from CVE-2017-8589, patching for workstations and multi-user systems should focus on CVE-2017-8463, a vulnerability in Windows Explorer, and multiple browser vulnerabilities in Internet Explorer and Edge. Finally, Exploring these vulnerabilities requires user interaction but can easily become targets for Exploit Kits.
Adobe has also published the security bulletin APSB17-21, which finally provides patches covering three vulnerabilities and is labeled as critical.
The July security release consists of security updates for the following software:
- Adobe Flash Player
- Microsoft Windows
- Microsoft Scripting Engine
- Microsoft Edge Browser
- Internet Explorer
- Microsoft Office
- WordPad
- HTTP.sys
- .NET
Microsoft security bulletin summary for July 2017:
KB2880514: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0243
Impact: Remote Code Execution
KB3191833: Microsoft Excel Viewer Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3191894: Microsoft Office Excel Remot Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3191897: Microsoft Office Compatibility Pack Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3191902: Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3191907: Microsoft Office Excel Remote Code Execution Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8501, CVE-2017-8502
Impact: Remote Code Execution
KB3203459: Microsoft Business Productivity Servers Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0243
Impact: Remote Code Execution
KB3203468: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0243
Impact: Remote Code Execution
KB3203469: Microsoft Office Web Apps Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0243
Impact: Remote Code Execution
CVE:
KB3203477: Microsoft Excel Remote Code Execution Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8501, CVE-2017-8502
Impact: Remote Code Execution
KB3212224: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3213537: Microsoft Excel/Word Remote Code Execution Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8501, CVE-2017-8502, CVE-2017-8510
Impact: Remote Code Execution
KB3213544: Microsoft SharePoint Enterprise Server Privilege Elevation Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8569
Impact: Remote Code Execution
KB3213545: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8570
Impact: Remote Code Execution
CVE:
KB3213555: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8570
Impact: Remote Code Execution
KB3213559: Microsoft SharePoint Enterprise Server Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB3213624: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8570
Impact: Remote Code Execution
KB3213640: Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8570
Impact: Remote Code Execution
KB3213657: Microsoft Office Online Server Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8501
Impact: Remote Code Execution
KB4018588: Microsoft Exchange Server Multiple Vulnerabilities
Severity Rating: Important
CVE’s: CVE-2017-8559, CVE-2017-8560, CVE-2017-8621
Impact: Remote Code Execution
KB4022746: Microsoft Windows Server Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8495
Impact: Security Feature Bypass
CVE:
KB4022748: Microsoft Windows Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8564
Impact: Information Disclosure
KB4022914: Microsoft Windows Server Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8582
Impact: Information Disclosure
KB4025240: Microsoft Windows Server Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-8592
Impact: Security Feature Bypass
KB4025252: Microsoft Internet Explorer Multiple Vulnerabilities
Severity Rating: Critical
CVE’s: CVE-2017-8592, CVE-2017-8594, CVE-2017-8602, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618
Impact: Remote Code Execution
KB4025331: Microsoft Windows Multiple Vulnerabilities
Severity Rating: Critical
CVE’s: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618
Impact: Remote Code Execution
KB4025333: Microsoft Windows Multiple Vulnerabilities
Severity Rating: Critical
CVE’s: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Impact: Remote Code Execution
KB4025336: Microsoft Windows Multiple Vulnerabilities
Severity Rating: Critical
CVE’s: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592, CVE-2017-8594, CVE-2017-8602, CVE-2017-8606, CVE-2017-8607.