Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday September 2017 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday September 2017

 

Below we do have our quick summary table for today's Microsoft patches. I am still working on getting this set up a bit better based on the new Microsoft patch Tuesday process.

Title CVE
Publicly Disclosed? Exploited? Impact Rating
.NET Framework Remote Code Execution Vulnerability CVE-2017-8759
Not Publicly Disclosed Exploited! Remote Code Execution Important
Broadcom BCM43xx Remote Code Execution Vulnerability CVE-2017-9417
Publicly Disclosed Not Exploited Remote Code Execution Important
Device Guard Security Feature Bypass Vulnerability CVE-2017-8746
Publicly Disclosed Not Exploited Security Feature Bypass Important
Graphics Component Information Disclosure Vulnerability CVE-2017-8695
Not Publicly Disclosed Not Exploited Information Disclosure Important
Hyper-V Denial of Service Vulnerability CVE-2017-8704
Not Publicly Disclosed Not Exploited Denial of Service Important
Hyper-V Information Disclosure Vulnerability CVE-2017-8706
Not Publicly Disclosed Not Exploited Information Disclosure Important
Hyper-V Information Disclosure Vulnerability CVE-2017-8707
Not Publicly Disclosed Not Exploited Information Disclosure Important
Hyper-V Information Disclosure Vulnerability CVE-2017-8711
Not Publicly Disclosed Not Exploited Information Disclosure Important
Hyper-V Information Disclosure Vulnerability CVE-2017-8712
Not Publicly Disclosed Not Exploited Information Disclosure Important
Hyper-V Information Disclosure Vulnerability CVE-2017-8713
Not Publicly Disclosed Not Exploited Information Disclosure Important
Internet Explorer Memory Corruption Vulnerability CVE-2017-8747
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Internet Explorer Memory Corruption Vulnerability CVE-2017-8749
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Internet Explorer Spoofing Vulnerability CVE-2017-8733
Not Publicly Disclosed Not Exploited Spoofing Important
Microsoft Bluetooth Driver Spoofing Vulnerability CVE-2017-8628
Not Publicly Disclosed Not Exploited Spoofing Important
Microsoft Browser Information Disclosure Vulnerability CVE-2017-8736
Not Publicly Disclosed Not Exploited Information Disclosure Important
Microsoft Browser Memory Corruption Vulnerability CVE-2017-8750
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Information Disclosure Vulnerability CVE-2017-8597
Not Publicly Disclosed Not Exploited Information Disclosure Important
Microsoft Edge Information Disclosure Vulnerability CVE-2017-8643
Not Publicly Disclosed Not Exploited Information Disclosure Important
Microsoft Edge Information Disclosure Vulnerability CVE-2017-8648
Not Publicly Disclosed Not Exploited Information Disclosure Important
Microsoft Edge Memory Corruption Vulnerability CVE-2017-11766
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Memory Corruption Vulnerability CVE-2017-8731
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Memory Corruption Vulnerability CVE-2017-8734
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Memory Corruption Vulnerability CVE-2017-8751
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Remote Code Execution Vulnerability CVE-2017-8757
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Edge Security Feature Bypass Vulnerability CVE-2017-8723
Publicly Disclosed Not Exploited Security Feature Bypass Moderate
Microsoft Edge Security Feature Bypass Vulnerability CVE-2017-8754
Not Publicly Disclosed Not Exploited Security Feature Bypass Important
Microsoft Edge Spoofing Vulnerability CVE-2017-8724
Not Publicly Disclosed Not Exploited Spoofing Important
Microsoft Edge Spoofing Vulnerability CVE-2017-8735
Not Publicly Disclosed Not Exploited Spoofing Moderate
Microsoft Exchange Cross-Site Scripting Vulnerability CVE-2017-8758
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
Microsoft Exchange Information Disclosure Vulnerability CVE-2017-11761
Not Publicly Disclosed Not Exploited Information Disclosure Important
Microsoft Graphics Component Remote Code Execution CVE-2017-8696
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft Office Defense in Depth Update ADV170015
Publicly Disclosed Exploited! Defense in Depth N/A
Microsoft Office Memory Corruption Vulnerability CVE-2017-8630
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft Office Memory Corruption Vulnerability CVE-2017-8631
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft Office Memory Corruption Vulnerability CVE-2017-8632
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft Office Memory Corruption Vulnerability CVE-2017-8744
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft Office Publisher Remote Code Execution CVE-2017-8725
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft Office Remote Code Execution CVE-2017-8567
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Microsoft PDF Remote Code Execution Vulnerability CVE-2017-8728
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft PDF Remote Code Execution Vulnerability CVE-2017-8737
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Microsoft SharePoint Cross Site Scripting Vulnerability CVE-2017-8745
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
Microsoft SharePoint XSS Vulnerability CVE-2017-8629
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
NetBIOS Remote Code Execution Vulnerability CVE-2017-0161
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
PowerPoint Remote Code Execution Vulnerability CVE-2017-8742
Not Publicly Disclosed Not Exploited Remote Code Execution Important
PowerPoint Remote Code Execution Vulnerability CVE-2017-8743
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Remote Desktop Virtual Host Remote Code Execution Vulnerability CVE-2017-8714
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Scripting Engine Information Disclosure Vulnerability CVE-2017-8739
Not Publicly Disclosed Not Exploited Information Disclosure Important
Scripting Engine Memory Corruption Vulnerability CVE-2017-11764
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8649
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8660
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8729
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8738
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8740
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8741
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8748
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8752
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8753
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8755
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Scripting Engine Memory Corruption Vulnerability CVE-2017-8756
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
September 2017 Flash Security Update ADV170013
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Uniscribe Remote Code Execution Vulnerability CVE-2017-8692
Not Publicly Disclosed Not Exploited Remote Code Execution Important
Win32k Elevation of Privilege Vulnerability CVE-2017-8675
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
Win32k Elevation of Privilege Vulnerability CVE-2017-8720
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
Win32k Graphics Information Disclosure Vulnerability CVE-2017-8683
Not Publicly Disclosed Not Exploited Information Disclosure Important
Win32k Graphics Remote Code Execution Vulnerability CVE-2017-8682
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Win32k Information Disclosure Vulnerability CVE-2017-8677
Not Publicly Disclosed Not Exploited Information Disclosure Important
Win32k Information Disclosure Vulnerability CVE-2017-8678
Not Publicly Disclosed Not Exploited Information Disclosure Important
Win32k Information Disclosure Vulnerability CVE-2017-8680
Not Publicly Disclosed Not Exploited Information Disclosure Important
Win32k Information Disclosure Vulnerability CVE-2017-8681
Not Publicly Disclosed Not Exploited Information Disclosure Important
Win32k Information Disclosure Vulnerability CVE-2017-8687
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows DHCP Server Remote Code Execution Vulnerability CVE-2017-8686
Not Publicly Disclosed Not Exploited Remote Code Execution Critical
Windows Elevation of Privilege Vulnerability CVE-2017-8702
Not Publicly Disclosed Not Exploited Elevation of Privilege Important
Windows GDI+ Information Disclosure Vulnerability CVE-2017-8676
Not Publicly Disclosed Not Exploited Information Disclosure Critical
Windows GDI+ Information Disclosure Vulnerability CVE-2017-8684
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows GDI+ Information Disclosure Vulnerability CVE-2017-8685
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows GDI+ Information Disclosure Vulnerability CVE-2017-8688
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Information Disclosure Vulnerability CVE-2017-8710
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Kernel Information Disclosure Vulnerability CVE-2017-8679
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Kernel Information Disclosure Vulnerability CVE-2017-8708
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Kernel Information Disclosure Vulnerability CVE-2017-8709
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Kernel Information Disclosure Vulnerability CVE-2017-8719
Not Publicly Disclosed Not Exploited Information Disclosure Important
Windows Security Feature Bypass Vulnerability CVE-2017-8716
Not Publicly Disclosed Not Exploited Security Feature Bypass Important
Windows Shell Remote Code Execution Vulnerability CVE-2017-8699
Not Publicly Disclosed Not Exploited Remote Code Execution Important

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022

 Johannes

4479 Posts
ISC Handler
Sep 13th 2017
Thread locked Subscribe Sep 13th 2017
4 years ago
Coud you add the KB value for the patch update for searching into "security monthly quality rollup" on the "microsoft update catalog"
example : 2017-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4038777)
 Stephane

3 Posts
Quote Sep 13th 2017
4 years ago
Are any of these considered patch now? Thanks.
 JeffSoh

31 Posts
Quote Sep 13th 2017
4 years ago
Server side I wouldn't patch out of band, but always good to put patches through their paces in a test lab.
 Anonymous
Quote Sep 13th 2017
4 years ago
Curious as to why CVE-2017-8759 is only labeled as Important if it is being actively exploited and is part of a high profile campaign (FINSPY)
 Anonymous
Quote Sep 13th 2017
4 years ago
I second that request.
Thanks!
 Anonymous
Quote Sep 13th 2017
4 years ago
I third the motion to list KB numbers. *please*
 Anonymous
Quote Sep 13th 2017
4 years ago
I also agree with having the KB number.

Can we also have the colour coding on the rating and exploited column (red/amber/green) back too please?
 L2actual

3 Posts
Quote Sep 14th 2017
4 years ago
I second the request for colour coding, it really helped call-out the patch now updates.
 PW

69 Posts
Quote Sep 14th 2017
4 years ago
Would it be possible to have this data available as a spreadsheet download? Or is it available and I don't see it? Thank you.
 Anonymous
Quote Sep 14th 2017
4 years ago

Sign Up for Free or Log In to start participating in the conversation!