Microsoft Security Update Releases Issued: July 27, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have undergone a major revision increment.

* CVE-2017-8571
* CVE-2017-8572
* CVE-2017-8663

CVE Revision Information:

CVE-2017-8571

– Title: CVE-2017-8571 | Microsoft Office Outlook Security Feature
Bypass Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: CVE-2017-8571 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE.
– Originally posted: July 27, 2017
– Updated: N/A
– CVE Severity Rating: Important
– Version: 1.0

CVE-2017-8572

– Title: CVE-2017-8572 | Microsoft Office Outlook Information
Disclosure Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: CVE-2017-8572 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE.
– Originally posted: July 27, 2017
– Updated: N/A
– CVE Severity Rating: Important
– Version: 1.0

CVE-2017-8663

– Title: CVE-2017-8663 | Microsoft Office Outlook Memory Corruption
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: CVE-2017-8663 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE.
– Originally posted: July 27, 2017
– Updated: N/A
– CVE Severity Rating: Important
– Version: 1.0

Microsoft Security Update Minor Revisions Issued: July 13, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have undergone a minor revision increment.

* CVE-2017-8563
* CVE-2017-8589

Revision Information:

CVE-2017-8563

– Title: CVE-2017-8563 | Windows Elevation of Privilege
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Revised description for CVE-2017-8563
to more accurately describe this vulnerability. This is an
informational change only.
– Originally posted: July 11, 2017
– CVE Severity Rating: Important
– Version: 1.1

CVE-2017-8589

– Title: CVE-2017-8589 | Windows Search Remote Code
Execution Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Added Disable WSearch service workaround for
CVE-2017-8589. This is an informational change only. Customers
who have successfully installed the updates do not need to take
any further action.
– Originally posted: July 11, 2017
– CVE Severity Rating: Critical
– Version: 1.1

Microsoft Security Update Releases Issued: July 11, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs and Microsoft security bulletins have undergone
a major revision increment.

* CVE-2016-3305
* CVE-2017-0292
* CVE-2017-8543
* MS16-111
* MS16-SEP

CVE Revision Information:

CVE-2016-3305

– Title: CVE-2016-3305 | Windows Session Object Elevation of
Privilege Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Revised the Affected Products table to
include 10 Version 1703 for 32-bit Systems and Windows 10 Version
1703 for x64-based Systems because they are affected by
CVE-2016-3305. Microsoft recommends that customers running Windows
10 Version 1703 should install update 4025342 to be protected from
this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: Important
– Version: 2.0

CVE-2017-0292

– Title: CVE-2017-0292 | Windows PDF Remote Code Execution
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: To address a known issue customers
may have experienced when rendering PDF files, Microsoft
has released an update with the July security and monthly
rollup updates. Microsoft recommends that customers who
have experienced this known issue should install the July
security or monthly rollup updates.
– Originally posted: June 13, 2017
– Updated: June 13, 2017
– CVE Severity Rating: Critical
– Version: 5.0

CVE-2017-8543

– CVE-2017-8543 | Windows Search Remote Code Execution
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: To more comprehensively address
CVE-2017-8543, Microsoft is releasing security update 4025339
for affected editions of Windows 10 Version 1607 and security
update 4025342 for affected editions of Windows 10 Version 1703.
Microsoft recommends that customers running these versions of
Windows 10 install the updates to be protected from this
vulnerability.
– Originally posted: June 13, 2017
– Updated: July 11, 2017
– CVE Severity Rating: Critical
– Version: 5.0

Microsoft Security Bulletin Revision Information:

MS16-111

– Title: Security Update for Windows Kernel (3186973)
– »technet.microsoft.com/li ··· ms16-111
– Reason for Revision: Revised the Windows Affected Software
and Vulnerability Severity Ratings table to include 10 Version
1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based
Systems because they are affected by CVE-2016-3305. Microsoft
recommends that customers running Windows 10 Version 1703 should
install update 4025342 to be protected from this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: Important
– Version: 2.0

MS16-SEP

– Title: Microsoft Security Bulletin Summary for September 2016
– »technet.microsoft.com/li ··· ms16-SEP
– Reason for Revision: For MS16-111, added Windows 10 Version
1703 for 32-bit Systems and Windows 10 Version 1703 for
x64-based Systems to the Affected Software table because
they are affected by CVE-2016-3305. Microsoft recommends that
customers running Windows 10 Version 1703 should install
update 4025342 to be protected from this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: N/A
– Version: 2.0

Microsoft Security Update Minor Revisions Issued: July 11, 2017

Security Updates / Bulletins / Advisories No Comments »

Summary

The following CVE has undergone
a minor revision increment.

* CVE-2017-8517
* CVE-2017-8529

Revision Information:

CVE-2017-8517

– Title: CVE-2017-8517 | Scripting Engine Memory Corruption
Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Removed Windows 7 for 32-bit Systems Service
Pack 1, Windows 7 for x64-based Systems Service Pack 1, and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
from the Affected Products Table because they are not affected
by CVE-2017-8517.
– Originally posted: June 13, 2017
– CVE Severity Rating: Critical
– Version: 4.1

CVE-2017-8529

– Title: CVE-2017-8529 | Microsoft Browser Information
Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Please note that the protection for
CVE-2017-8529 is not yet available with the release of the July
security updates, as we continue to work on a solution for the
known issue customers may experience when printing from Internet
Explorer or Microsoft Edge after installing Internet Explorer
Cumulative update 4021558. Customers who receive automatic
updates will not be protected from this CVE. Microsoft is
continuing to investigate a solution for this known issue and
will notify customers as soon as an update is available.
– Originally posted: June 13, 2017
– CVE Severity Rating: Moderate
– Version: 4.2

 

Microsoft Security Bulletin(s) for July 2017

Security Updates / Bulletins / Advisories No Comments »

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/techne ··· security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»portal.msrc.microsoft.co ··· 3a32fc99

Release Notes
July 2017 Security Updates

Release Date: July 11, 2017

The July security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
.NET Framework
Adobe Flash Player
Microsoft Exchange Server

Please note the following information regarding the security updates:

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
•Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
•Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
•In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features
•After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base article 4015562.

Important note for CVE-2017-8563:  After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller. For more information about setting this registry key, see Microsoft Knowledge Base article 4034879.

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

********************************************************************
Microsoft Security Update Summary for July 2017
Issued: July 11, 2017
********************************************************************

This summary lists security updates released for July 2017.

Complete information for the July 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates

Critical Adobe Flash Player
Critical Internet Explorer 9
Critical Internet Explorer 11
Critical Microsoft Edge
Critical Windows 7 for 32-bit Systems Service Pack 1
Critical Windows 7 for x64-based Systems Service Pack 1
Critical Windows 8.1 for 32-bit systems
Critical Windows 8.1 for x64-based systems
Critical Windows RT 8.1
Critical Windows 10 for 32-bit Systems
Critical Windows 10 for x64-based Systems
Critical Windows 10 Version 1511 for 32-bit Systems
Critical Windows 10 Version 1511 for x64-based Systems
Critical Windows 10 Version 1607 for 32-bit Systems
Critical Windows 10 Version 1607 for x64-based Systems
Critical Windows 10 Version 1703 for 32-bit Systems
Critical Windows 10 Version 1703 for x64-based Systems
Critical Windows Server 2008 for 32-bit Systems Service Pack 2
Critical Windows Server 2008 for 32-bit Systems Service Pack 2
(Server Core installation)
Critical Windows Server 2008 for Itanium-Based Systems Service
Pack 2
Critical Windows Server 2008 for x64-based Systems Service
Pack 2
Critical Windows Server 2008 for x64-based Systems Service
Pack 2 (Server Core installation)
Critical Windows Server 2008 R2 for Itanium-Based Systems
Service Pack 1
Critical Windows Server 2008 R2 for x64-based Systems Service
Pack 1
Critical Windows Server 2008 R2 for x64-based Systems Service
Pack 1 (Server Core installation)
Critical Windows Server 2012
Critical Windows Server 2012 (Server Core installation)
Critical Windows Server 2012 R2
Critical Windows Server 2012 R2 (Server Core installation)
Critical Windows Server 2016
Critical Windows Server 2016 (Server Core installation)

Important Security Updates

Important Excel Services installed on Microsoft SharePoint Server 2010
Service Pack 2
Important Microsoft Business Productivity Servers 2010 Service Pack 2
Important Microsoft Excel 2007 Service Pack 3
Important Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Important Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Important Microsoft Excel 2013 RT Service Pack 1
Important Microsoft Excel 2016 (32-bit edition)
Important Microsoft Excel 2016 (64-bit edition)
Important Microsoft Excel Viewer 2007 Service Pack 3
Important Microsoft Office 2007 Service Pack 3
Important Microsoft Office 2010 Service Pack 2 (32-bit editions)
Important Microsoft Office 2010 Service Pack 2 (64-bit editions)
Important Microsoft Office 2013 RT Service Pack 1
Important Microsoft Office 2013 Service Pack 1 (32-bit editions)
Important Microsoft Office 2013 Service Pack 1 (64-bit editions)
Important Microsoft Office 2016 (32-bit edition)
Important Microsoft Office 2016 (64-bit edition)
Important Microsoft Office 2016 for Mac
Important Microsoft Office for Mac 2011
Important Microsoft Office Compatibility Pack Service Pack 3
Important Microsoft Office Online Server 2016
Important Microsoft Office Web Apps 2010 Service Pack 2
Important Microsoft SharePoint Enterprise Server 2013
Important Microsoft SharePoint Enterprise Server 2016
Important Microsoft .NET Framework 4.6
Important Microsoft .NET Framework 4.6.1
Important Microsoft .NET Framework 4.6.2/4.7
Important Microsoft .NET Framework 4.7
Important Microsoft Exchange Server 2013 Service Pack 1
Important Microsoft Exchange Server 2013 Cumulative Update 16
Important Microsoft Exchange Server 2016 Cumulative Update 5

Moderate Security Updates

Moderate Internet Explorer 10
Moderate Microsoft Exchange Server 2010 Service Pack 3

Microsoft Security Update Minor Revisions Issued: July 5, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have been revised in the June 2017 Security Updates.

* CVE-2017-0285
* CVE-2017-8509

Revision Information:

CVE-2017-0285

– Title: CVE-2017-0285 | Windows Uniscribe Information Disclosure
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Added information regarding Office 2010
update. This is an informational change only.
– Originally posted: June 13, 2017
– CVE Severity Rating: Important
– Version: 4.1

CVE-2017-8509

– Title: CVE-2017-8509 | Microsoft Office Remote Code Execution
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: The severity of CVE-2017-8509 has been
changed to moderate. This is an informational change only.
– Originally posted: June 13, 2017
– CVE Severity Rating: Moderate
– Version: 1.3

Microsoft Security Update Minor Revisions Issued: June 28, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVE has been added to June 2017 security release.

* CVE-2017-8554

Revision Information:

– – Title: CVE-2017-8554 | Win32k Information Disclosure
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Information published.
– Originally posted: June 28, 2017
– CVE Severity Rating: Important
– Version: 1.0

Microsoft Security Advisory Notification Issued: June 27, 2017

Security Updates / Bulletins / Advisories No Comments »

Security Advisories Released or Updated Today

* Microsoft Security Advisory 4033453
– Title: Vulnerability in Azure AD Connect Could Allow Elevation
of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
– Reason for Revision: Microsoft is releasing this security advisory
to inform customers that a new version of Azure Active Directory
(AD) Connect is available that addresses an Important security
vulnerability.
– Originally posted: June 27, 2017
– Updated: N/A
– Version: 1.0

Microsoft Security Update Releases Issued: June 27, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have undergone a major revision increment:

* CVE-2017-0173 * CVE-2017-0299 * CVE-2017-8482 * CVE-2017-8522
* CVE-2017-0193 * CVE-2017-0300 * CVE-2017-8483 * CVE-2017-8523
* CVE-2017-0215 * CVE-2017-8460 * CVE-2017-8484 * CVE-2017-8524
* CVE-2017-0216 * CVE-2017-8462 * CVE-2017-8485 * CVE-2017-8527
* CVE-2017-0218 * CVE-2017-8464 * CVE-2017-8488 * CVE-2017-8528
* CVE-2017-0219 * CVE-2017-8465 * CVE-2017-8489 * CVE-2017-8529
* CVE-2017-0282 * CVE-2017-8466 * CVE-2017-8490 * CVE-2017-8530
* CVE-2017-0283 * CVE-2017-8468 * CVE-2017-8491 * CVE-2017-8531
* CVE-2017-0284 * CVE-2017-8469 * CVE-2017-8492 * CVE-2017-8532
* CVE-2017-0285 * CVE-2017-8470 * CVE-2017-8493 * CVE-2017-8533
* CVE-2017-0286 * CVE-2017-8471 * CVE-2017-8494 * CVE-2017-8534
* CVE-2017-0287 * CVE-2017-8472 * CVE-2017-8496 * CVE-2017-8543
* CVE-2017-0288 * CVE-2017-8473 * CVE-2017-8497 * CVE-2017-8544
* CVE-2017-0289 * CVE-2017-8474 * CVE-2017-8498 * CVE-2017-8547
* CVE-2017-0291 * CVE-2017-8475 * CVE-2017-8499 * CVE-2017-8548
* CVE-2017-0292 * CVE-2017-8476 * CVE-2017-8504 * CVE-2017-8549
* CVE-2017-0294 * CVE-2017-8477 * CVE-2017-8515 * CVE-2017-8553
* CVE-2017-0295 * CVE-2017-8478 * CVE-2017-8517 * CVE-2017-8554
* CVE-2017-0296 * CVE-2017-8479 * CVE-2017-8519 * CVE-2017-8555
* CVE-2017-0297 * CVE-2017-8480 * CVE-2017-8520 * CVE-2017-8575
* CVE-2017-0298 * CVE-2017-8481 * CVE-2017-8521 * CVE-2017-8576
* CVE-2017-8579

Revision Information:

– – »portal.msrc.microsoft.co ··· guidance
– Version: 4.0
– Reason for Revision: Microsoft is announcing the release of the
following updates to address a known issue customers may experience
when printing from Internet Explorer or Microsoft Edge: 4032782 for
Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on
Windows Server 2012; 4032695 for Internet Explorer 11 and Microsoft
Edge on Windows 10; 4032693 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1511; 4022723 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1607; 4022716 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1703; 4022720 which is the monthly rollup preview for
Windows 8.1 and Windows Server 2012 R2; 4022721 which is the monthly
rollup preview for Windows Server 2012; 4022168 which is the monthly
rollup preview for Windows 7 Service Pack 1 and Windows Server 2008 R2
Service Pack 1. Â This update removes the protection from CVE-2017-8529.
All updates are available only on the Microsoft Update Catalog, with
the exceptions of 4022720, 4022721, 4022168, and 4022716, which are
also available through Windows Update.
– Originally posted: June 27, 2017
– Aggregate CVE Severity Rating: Critical

Microsoft Security Update Releases Issued: June 23, 2017

Security Updates / Bulletins / Advisories No Comments »

Summary

The following CVE was released on June 23, 2017:

CVE-2017-8558

– Impact: Remote Code Execution
– Version Number: 1.0


© 2017 DP's Bits & Bytes.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in