Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday August 2017 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday August 2017

When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsoft's patches. Finally, I think we have a way to get at least some of it back, and this is our first take on it. Please let me know if I should change anything. I know a few people wrote scripts to parse the table. I would recommend that you use Microsoft's own API to do so in the future. The layout of the table may change and screen-scraping is never a good idea.

What do the fields mean:

  • Description: Microsoft's description of the flaw
  • MSFT Severity: The highest severity Microsoft assigned to the flaw. Sometimes, Microsoft assigns different severities to different versions of the product affected by the flaw.
  • CVE: CVE Number
  • Disclosed/Exploited: Has the vulnerability been publicly disclosed or exploited in the wild prior to the release of the patch
  • Exploitablity: How likley is it, that this vulnerability will be exploited. (old: oldest supported version of the sooftware, current: current software version)
  • Client Severity: The severity we (ISC) assigned to this vulnerability for clients (Desktops)
  • Server Severtiy: The severity we (ISC) assigned to this vulnerability to servers (servers run software like IIS and are more exposed to the internet)

Expect a few updates as I am refining the table. Use our contact form for feedback.

Description MSFT Severity
CVE Disclosed/Exploited Exploitability (old/current) Client Severity Server Severity
Scripting Engine Security Feature Bypass Vulnerability Important
CVE-2017-8637 No/No ?/? Important Important
Windows Subsystem for Linux Denial of Service Vulnerability  
CVE-2017-8627 Yes/No ?/?    
August 2017 Flash Update Critical
ADV170010 No/No ?/? Critical Critical
Volume Manager Extension Driver Information Disclosure Vulnerability Important
CVE-2017-8668 No/No Less Likely/Less Likely Important Important
Windows Error Reporting Elevation of Privilege Vulnerability Important
CVE-2017-8633 Yes/No More Likely/More Likely Important Important
Microsoft Edge Memory Corruption Vulnerability Critical
CVE-2017-8661 No/No ?/? Critical Critical
Windows Subsystem for Linux Elevation of Privilege Vulnerability  
CVE-2017-8622 No/No ?/?    
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important
CVE-2017-8673 No/No ?/? Important Important
Microsoft Edge Security Feature Bypass Vulnerability Moderate
CVE-2017-8650 No/No ?/? Moderate Moderate
Scripting Engine Memory Corruption Vulnerability Critical
CVE-2017-8634 No/No ?/? Critical Critical
CVE-2017-8635 No/No More Likely/More Likely  
CVE-2017-8636 No/No More Likely/More Likely  
CVE-2017-8638 No/No ?/?  
CVE-2017-8639 No/No ?/?  
CVE-2017-8640 No/No ?/?  
CVE-2017-8670 No/No ?/?  
CVE-2017-8671 No/No ?/?  
CVE-2017-8672 No/No ?/?  
CVE-2017-8641 No/No More Likely/More Likely  
CVE-2017-8645 No/No ?/?  
CVE-2017-8646 No/No ?/?  
CVE-2017-8647 No/No ?/?  
CVE-2017-8655 No/No ?/?  
CVE-2017-8656 No/No ?/?  
CVE-2017-8657 No/No ?/?  
CVE-2017-8674 No/No ?/?  
Windows Hyper-V Remote Code Execution Vulnerability Important
CVE-2017-8664 No/No Less Likely/Less Likely Important Important
Microsoft Browser Memory Corruption Vulnerability Critical
CVE-2017-8669 No/No More Likely/More Likely Critical Critical
CVE-2017-8653 No/No More Likely/More Likely  
Win32k Information Disclosure Vulnerability Important
CVE-2017-8666 No/No More Likely/More Likely Important Important
Express Compressed Fonts Remote Code Execution Vulnerability Important
CVE-2017-8691 No/No Less Likely/Less Likely Important Important
Windows NetBIOS Denial of Service Vulnerability Important
CVE-2017-0174 No/No Less Likely/Less Likely Important Important
Windows CLFS Elevation of Privilege Vulnerability Important
CVE-2017-8624 No/No More Likely/More Likely Important Important
Windows IME Remote Code Execution Vulnerability Critical
CVE-2017-8591 No/No Less Likely/Less Likely Critical Critical
Microsoft Office SharePoint XSS Vulnerability Important
CVE-2017-8654 No/No Unlikely/Unlikely Important Important
Windows Search Remote Code Execution Vulnerability Critical
CVE-2017-8620 No/No More Likely/More Likely Critical Critical
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Important
CVE-2017-8516 No/No Unlikely/Unlikely Important Important
Scripting Engine Information Disclosure Vulnerability Important
CVE-2017-8659 No/No ?/? Important Important
Windows Hyper-V Denial of Service Vulnerability Important
CVE-2017-8623 No/No Unlikely/Unlikely Important Important
Microsoft Edge Elevation of Privilege Vulnerability Important
CVE-2017-8503 No/No ?/? Important Important
CVE-2017-8642 No/No ?/?  
Microsoft Edge Information Disclosure Vulnerability  
CVE-2017-8662 No/No ?/?    
CVE-2017-8644 No/No ?/?  
CVE-2017-8652 No/No ?/?  
Windows PDF Remote Code Execution Vulnerability Critical
CVE-2017-0293 No/No Less Likely/Less Likely Critical Critical
Win32k Elevation of Privilege Vulnerability Important
CVE-2017-8593 No/No More Likely/More Likely Important Important
Internet Explorer Security Feature Bypass Vulnerability Important
CVE-2017-8625 No/No Less Likely/Less Likely Important Important
Microsoft JET Database Engine Remote Code Execution Vulnerability Critical
CVE-2017-0250 No/No Unlikely/Unlikely Critical Critical
Internet Explorer Memory Corruption Vulnerability  
CVE-2017-8651 No/No ?/?    

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019

 Johannes

3652 Posts
ISC Handler
Subscribe Aug 8th 2017
2 years ago
The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.
 REB

3 Posts
Quote Aug 8th 2017
2 years ago
LOL the "Windows Subsystem for Linux" Vulnerability
 Anonymous
Quote Aug 8th 2017
2 years ago
Quoting REB:The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.


Seconded
 Dean

135 Posts
Quote Aug 8th 2017
2 years ago
Any news about the SANS API about MS bulletins? I mean:

https://isc.sans.edu/api/#getmspatchcves
https://isc.sans.edu/api/#getmspatch
 Emin

5 Posts
Quote Aug 8th 2017
2 years ago
Thirded.

Thanks for trying to fix their mess.
 mole

1 Posts
Quote Aug 8th 2017
2 years ago
Thanks for this. Its great to see a proper evaluation of the various vulnerabilities and patches again.

I'm just wondering is there some reason there are no severity ratings (M$FT or your own) for the following:
* Windows Subsystem for Linux Denial of Service Vulnerability
CVE 2017-8627
* Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE 2017-8622
* Microsoft Edge Information Disclosure Vulnerability
CVE 2017-8662
CVE 2017-8644
CVE 2017-8652
* Internet Explorer Memory Corruption Vulnerability
CVE 2017-8651
 Anonymous
Quote Aug 9th 2017
2 years ago

Sign Up for Free or Log In to start participating in the conversation!