Microsoft Patch Tuesday August 2017

When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsoft's patches. Finally, I think we have a way to get at least some of it back, and this is our first take on it. Please let me know if I should change anything. I know a few people wrote scripts to parse the table. I would recommend that you use Microsoft's own API to do so in the future. The layout of the table may change and screen-scraping is never a good idea.

What do the fields mean:

Description: Microsoft's description of the flaw
MSFT Severity: The highest severity Microsoft assigned to the flaw. Sometimes, Microsoft assigns different severities to different versions of the product affected by the flaw.
CVE: CVE Number
Disclosed/Exploited: Has the vulnerability been publicly disclosed or exploited in the wild prior to the release of the patch
Exploitablity: How likley is it, that this vulnerability will be exploited. (old: oldest supported version of the sooftware, current: current software version)
Client Severity: The severity we (ISC) assigned to this vulnerability for clients (Desktops)
Server Severtiy: The severity we (ISC) assigned to this vulnerability to servers (servers run software like IIS and are more exposed to the internet)

Expect a few updates as I am refining the table. Use our contact form for feedback.

Description				MSFT Severity
CVE	Disclosed/Exploited	Exploitability (old/current)	Client Severity	Server Severity
Scripting Engine Security Feature Bypass Vulnerability				Important
CVE-2017-8637	No/No	?/?	Important	Important
Windows Subsystem for Linux Denial of Service Vulnerability
CVE-2017-8627	Yes/No	?/?
August 2017 Flash Update				Critical
ADV170010	No/No	?/?	Critical	Critical
Volume Manager Extension Driver Information Disclosure Vulnerability				Important
CVE-2017-8668	No/No	Less Likely/Less Likely	Important	Important
Windows Error Reporting Elevation of Privilege Vulnerability				Important
CVE-2017-8633	Yes/No	More Likely/More Likely	Important	Important
Microsoft Edge Memory Corruption Vulnerability				Critical
CVE-2017-8661	No/No	?/?	Critical	Critical
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2017-8622	No/No	?/?
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability				Important
CVE-2017-8673	No/No	?/?	Important	Important
Microsoft Edge Security Feature Bypass Vulnerability				Moderate
CVE-2017-8650	No/No	?/?	Moderate	Moderate
Scripting Engine Memory Corruption Vulnerability				Critical
CVE-2017-8634	No/No	?/?	Critical	Critical
CVE-2017-8635	No/No	More Likely/More Likely
CVE-2017-8636	No/No	More Likely/More Likely
CVE-2017-8638	No/No	?/?
CVE-2017-8639	No/No	?/?
CVE-2017-8640	No/No	?/?
CVE-2017-8670	No/No	?/?
CVE-2017-8671	No/No	?/?
CVE-2017-8672	No/No	?/?
CVE-2017-8641	No/No	More Likely/More Likely
CVE-2017-8645	No/No	?/?
CVE-2017-8646	No/No	?/?
CVE-2017-8647	No/No	?/?
CVE-2017-8655	No/No	?/?
CVE-2017-8656	No/No	?/?
CVE-2017-8657	No/No	?/?
CVE-2017-8674	No/No	?/?
Windows Hyper-V Remote Code Execution Vulnerability				Important
CVE-2017-8664	No/No	Less Likely/Less Likely	Important	Important
Microsoft Browser Memory Corruption Vulnerability				Critical
CVE-2017-8669	No/No	More Likely/More Likely	Critical	Critical
CVE-2017-8653	No/No	More Likely/More Likely
Win32k Information Disclosure Vulnerability				Important
CVE-2017-8666	No/No	More Likely/More Likely	Important	Important
Express Compressed Fonts Remote Code Execution Vulnerability				Important
CVE-2017-8691	No/No	Less Likely/Less Likely	Important	Important
Windows NetBIOS Denial of Service Vulnerability				Important
CVE-2017-0174	No/No	Less Likely/Less Likely	Important	Important
Windows CLFS Elevation of Privilege Vulnerability				Important
CVE-2017-8624	No/No	More Likely/More Likely	Important	Important
Windows IME Remote Code Execution Vulnerability				Critical
CVE-2017-8591	No/No	Less Likely/Less Likely	Critical	Critical
Microsoft Office SharePoint XSS Vulnerability				Important
CVE-2017-8654	No/No	Unlikely/Unlikely	Important	Important
Windows Search Remote Code Execution Vulnerability				Critical
CVE-2017-8620	No/No	More Likely/More Likely	Critical	Critical
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability				Important
CVE-2017-8516	No/No	Unlikely/Unlikely	Important	Important
Scripting Engine Information Disclosure Vulnerability				Important
CVE-2017-8659	No/No	?/?	Important	Important
Windows Hyper-V Denial of Service Vulnerability				Important
CVE-2017-8623	No/No	Unlikely/Unlikely	Important	Important
Microsoft Edge Elevation of Privilege Vulnerability				Important
CVE-2017-8503	No/No	?/?	Important	Important
CVE-2017-8642	No/No	?/?
Microsoft Edge Information Disclosure Vulnerability
CVE-2017-8662	No/No	?/?
CVE-2017-8644	No/No	?/?
CVE-2017-8652	No/No	?/?
Windows PDF Remote Code Execution Vulnerability				Critical
CVE-2017-0293	No/No	Less Likely/Less Likely	Critical	Critical
Win32k Elevation of Privilege Vulnerability				Important
CVE-2017-8593	No/No	More Likely/More Likely	Important	Important
Internet Explorer Security Feature Bypass Vulnerability				Important
CVE-2017-8625	No/No	Less Likely/Less Likely	Important	Important
Microsoft JET Database Engine Remote Code Execution Vulnerability				Critical
CVE-2017-0250	No/No	Unlikely/Unlikely	Critical	Critical
Internet Explorer Memory Corruption Vulnerability
CVE-2017-8651	No/No	?/?

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3697 Posts
ISC Handler

The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.

REB

3 Posts

LOL the "Windows Subsystem for Linux" Vulnerability

Anonymous

Quoting REB:The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.

Seconded

Dean

135 Posts

Any news about the SANS API about MS bulletins? I mean:

https://isc.sans.edu/api/#getmspatchcves
https://isc.sans.edu/api/#getmspatch

Emin

5 Posts

Thirded.

Thanks for trying to fix their mess.

mole

1 Posts

Thanks for this. Its great to see a proper evaluation of the various vulnerabilities and patches again.

I'm just wondering is there some reason there are no severity ratings (M$FT or your own) for the following:
* Windows Subsystem for Linux Denial of Service Vulnerability
CVE 2017-8627
* Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE 2017-8622
* Microsoft Edge Information Disclosure Vulnerability
CVE 2017-8662
CVE 2017-8644
CVE 2017-8652
* Internet Explorer Memory Corruption Vulnerability
CVE 2017-8651

Anonymous