Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday August 2017 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday August 2017

When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsoft's patches. Finally, I think we have a way to get at least some of it back, and this is our first take on it. Please let me know if I should change anything. I know a few people wrote scripts to parse the table. I would recommend that you use Microsoft's own API to do so in the future. The layout of the table may change and screen-scraping is never a good idea.

What do the fields mean:

  • Description: Microsoft's description of the flaw
  • MSFT Severity: The highest severity Microsoft assigned to the flaw. Sometimes, Microsoft assigns different severities to different versions of the product affected by the flaw.
  • CVE: CVE Number
  • Disclosed/Exploited: Has the vulnerability been publicly disclosed or exploited in the wild prior to the release of the patch
  • Exploitablity: How likley is it, that this vulnerability will be exploited. (old: oldest supported version of the sooftware, current: current software version)
  • Client Severity: The severity we (ISC) assigned to this vulnerability for clients (Desktops)
  • Server Severtiy: The severity we (ISC) assigned to this vulnerability to servers (servers run software like IIS and are more exposed to the internet)

Expect a few updates as I am refining the table. Use our contact form for feedback.

Description MSFT Severity
CVE Disclosed/Exploited Exploitability (old/current) Client Severity Server Severity
Scripting Engine Security Feature Bypass Vulnerability Important
CVE 2017-8637 No/No ?/? Important Important
Windows Subsystem for Linux Denial of Service Vulnerability  
CVE 2017-8627 Yes/No ?/?    
August 2017 Flash Update Critical
ADV170010 No/No ?/? Critical Critical
Volume Manager Extension Driver Information Disclosure Vulnerability Important
CVE 2017-8668 No/No Less Likely/Less Likely Important Important
Windows Error Reporting Elevation of Privilege Vulnerability Important
CVE 2017-8633 Yes/No More Likely/More Likely Important Important
Microsoft Edge Memory Corruption Vulnerability Critical
CVE 2017-8661 No/No ?/? Critical Critical
Windows Subsystem for Linux Elevation of Privilege Vulnerability  
CVE 2017-8622 No/No ?/?    
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important
CVE 2017-8673 No/No ?/? Important Important
Microsoft Edge Security Feature Bypass Vulnerability Moderate
CVE 2017-8650 No/No ?/? Moderate Moderate
Scripting Engine Memory Corruption Vulnerability Critical
CVE 2017-8634 No/No ?/? Critical Critical
CVE 2017-8635 No/No More Likely/More Likely  
CVE 2017-8636 No/No More Likely/More Likely  
CVE 2017-8638 No/No ?/?  
CVE 2017-8639 No/No ?/?  
CVE 2017-8640 No/No ?/?  
CVE 2017-8670 No/No ?/?  
CVE 2017-8671 No/No ?/?  
CVE 2017-8672 No/No ?/?  
CVE 2017-8641 No/No More Likely/More Likely  
CVE 2017-8645 No/No ?/?  
CVE 2017-8646 No/No ?/?  
CVE 2017-8647 No/No ?/?  
CVE 2017-8655 No/No ?/?  
CVE 2017-8656 No/No ?/?  
CVE 2017-8657 No/No ?/?  
CVE 2017-8674 No/No ?/?  
Windows Hyper-V Remote Code Execution Vulnerability Important
CVE 2017-8664 No/No Less Likely/Less Likely Important Important
Microsoft Browser Memory Corruption Vulnerability Critical
CVE 2017-8669 No/No More Likely/More Likely Critical Critical
CVE 2017-8653 No/No More Likely/More Likely  
Win32k Information Disclosure Vulnerability Important
CVE 2017-8666 No/No More Likely/More Likely Important Important
Express Compressed Fonts Remote Code Execution Vulnerability Important
CVE 2017-8691 No/No Less Likely/Less Likely Important Important
Windows NetBIOS Denial of Service Vulnerability Important
CVE 2017-0174 No/No Less Likely/Less Likely Important Important
Windows CLFS Elevation of Privilege Vulnerability Important
CVE 2017-8624 No/No More Likely/More Likely Important Important
Windows IME Remote Code Execution Vulnerability Critical
CVE 2017-8591 No/No Less Likely/Less Likely Critical Critical
Microsoft Office SharePoint XSS Vulnerability Important
CVE 2017-8654 No/No Unlikely/Unlikely Important Important
Windows Search Remote Code Execution Vulnerability Critical
CVE 2017-8620 No/No More Likely/More Likely Critical Critical
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Important
CVE 2017-8516 No/No Unlikely/Unlikely Important Important
Scripting Engine Information Disclosure Vulnerability Important
CVE 2017-8659 No/No ?/? Important Important
Windows Hyper-V Denial of Service Vulnerability Important
CVE 2017-8623 No/No Unlikely/Unlikely Important Important
Microsoft Edge Elevation of Privilege Vulnerability Important
CVE 2017-8503 No/No ?/? Important Important
CVE 2017-8642 No/No ?/?  
Microsoft Edge Information Disclosure Vulnerability  
CVE 2017-8662 No/No ?/?    
CVE 2017-8644 No/No ?/?  
CVE 2017-8652 No/No ?/?  
Windows PDF Remote Code Execution Vulnerability Critical
CVE 2017-0293 No/No Less Likely/Less Likely Critical Critical
Win32k Elevation of Privilege Vulnerability Important
CVE 2017-8593 No/No More Likely/More Likely Important Important
Internet Explorer Security Feature Bypass Vulnerability Important
CVE 2017-8625 No/No Less Likely/Less Likely Important Important
Microsoft JET Database Engine Remote Code Execution Vulnerability Critical
CVE 2017-0250 No/No Unlikely/Unlikely Critical Critical
Internet Explorer Memory Corruption Vulnerability  
CVE 2017-8651 No/No ?/?    

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

 Johannes

3058 Posts
ISC Handler
Reply Subscribe Aug 8th 2017
2 months ago
The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.
 REB

3 Posts Posts
Reply Quote Aug 8th 2017
2 months ago
LOL the "Windows Subsystem for Linux" Vulnerability
 Anonymous

Posts
Reply Quote Aug 8th 2017
2 months ago
Quoting REB:The change by Microsoft has been the bane of my existence. Thank you so much for trying to make things easier for those of us coordinating vulnerability remediation.


Seconded
 Anonymous

Posts
Reply Quote Aug 8th 2017
2 months ago
Any news about the SANS API about MS bulletins? I mean:

https://isc.sans.edu/api/#getmspatchcves
https://isc.sans.edu/api/#getmspatch
 Emin

5 Posts Posts
Reply Quote Aug 8th 2017
2 months ago
Thirded.

Thanks for trying to fix their mess.
 mole

1 Posts Posts
Reply Quote Aug 8th 2017
2 months ago
Thanks for this. Its great to see a proper evaluation of the various vulnerabilities and patches again.

I'm just wondering is there some reason there are no severity ratings (M$FT or your own) for the following:
* Windows Subsystem for Linux Denial of Service Vulnerability
CVE 2017-8627
* Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE 2017-8622
* Microsoft Edge Information Disclosure Vulnerability
CVE 2017-8662
CVE 2017-8644
CVE 2017-8652
* Internet Explorer Memory Corruption Vulnerability
CVE 2017-8651
 Anonymous

Posts
Reply Quote Aug 9th 2017
2 months ago

Sign Up for Free or Log In to start participating in the conversation!