Microsoft Patch Tuesday September 2017
Below we do have our quick summary table for today's Microsoft patches. I am still working on getting this set up a bit better based on the new Microsoft patch Tuesday process.
| Title | CVE | ||
|---|---|---|---|
| Publicly Disclosed? | Exploited? | Impact | Rating |
| .NET Framework Remote Code Execution Vulnerability | CVE-2017-8759 | ||
| Not Publicly Disclosed | Exploited! | Remote Code Execution | Important |
| Broadcom BCM43xx Remote Code Execution Vulnerability | CVE-2017-9417 | ||
| Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Device Guard Security Feature Bypass Vulnerability | CVE-2017-8746 | ||
| Publicly Disclosed | Not Exploited | Security Feature Bypass | Important |
| Graphics Component Information Disclosure Vulnerability | CVE-2017-8695 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Hyper-V Denial of Service Vulnerability | CVE-2017-8704 | ||
| Not Publicly Disclosed | Not Exploited | Denial of Service | Important |
| Hyper-V Information Disclosure Vulnerability | CVE-2017-8706 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Hyper-V Information Disclosure Vulnerability | CVE-2017-8707 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Hyper-V Information Disclosure Vulnerability | CVE-2017-8711 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Hyper-V Information Disclosure Vulnerability | CVE-2017-8712 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Hyper-V Information Disclosure Vulnerability | CVE-2017-8713 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Internet Explorer Memory Corruption Vulnerability | CVE-2017-8747 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Internet Explorer Memory Corruption Vulnerability | CVE-2017-8749 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Internet Explorer Spoofing Vulnerability | CVE-2017-8733 | ||
| Not Publicly Disclosed | Not Exploited | Spoofing | Important |
| Microsoft Bluetooth Driver Spoofing Vulnerability | CVE-2017-8628 | ||
| Not Publicly Disclosed | Not Exploited | Spoofing | Important |
| Microsoft Browser Information Disclosure Vulnerability | CVE-2017-8736 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Microsoft Browser Memory Corruption Vulnerability | CVE-2017-8750 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2017-8597 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2017-8643 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2017-8648 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2017-11766 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2017-8731 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2017-8734 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2017-8751 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Remote Code Execution Vulnerability | CVE-2017-8757 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Edge Security Feature Bypass Vulnerability | CVE-2017-8723 | ||
| Publicly Disclosed | Not Exploited | Security Feature Bypass | Moderate |
| Microsoft Edge Security Feature Bypass Vulnerability | CVE-2017-8754 | ||
| Not Publicly Disclosed | Not Exploited | Security Feature Bypass | Important |
| Microsoft Edge Spoofing Vulnerability | CVE-2017-8724 | ||
| Not Publicly Disclosed | Not Exploited | Spoofing | Important |
| Microsoft Edge Spoofing Vulnerability | CVE-2017-8735 | ||
| Not Publicly Disclosed | Not Exploited | Spoofing | Moderate |
| Microsoft Exchange Cross-Site Scripting Vulnerability | CVE-2017-8758 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| Microsoft Exchange Information Disclosure Vulnerability | CVE-2017-11761 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Microsoft Graphics Component Remote Code Execution | CVE-2017-8696 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft Office Defense in Depth Update | ADV170015 | ||
| Publicly Disclosed | Exploited! | Defense in Depth | N/A |
| Microsoft Office Memory Corruption Vulnerability | CVE-2017-8630 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft Office Memory Corruption Vulnerability | CVE-2017-8631 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft Office Memory Corruption Vulnerability | CVE-2017-8632 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft Office Memory Corruption Vulnerability | CVE-2017-8744 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft Office Publisher Remote Code Execution | CVE-2017-8725 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft Office Remote Code Execution | CVE-2017-8567 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Microsoft PDF Remote Code Execution Vulnerability | CVE-2017-8728 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft PDF Remote Code Execution Vulnerability | CVE-2017-8737 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Microsoft SharePoint Cross Site Scripting Vulnerability | CVE-2017-8745 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| Microsoft SharePoint XSS Vulnerability | CVE-2017-8629 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| NetBIOS Remote Code Execution Vulnerability | CVE-2017-0161 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| PowerPoint Remote Code Execution Vulnerability | CVE-2017-8742 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| PowerPoint Remote Code Execution Vulnerability | CVE-2017-8743 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Remote Desktop Virtual Host Remote Code Execution Vulnerability | CVE-2017-8714 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Scripting Engine Information Disclosure Vulnerability | CVE-2017-8739 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-11764 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8649 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8660 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8729 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8738 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8740 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8741 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8748 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8752 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8753 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8755 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2017-8756 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| September 2017 Flash Security Update | ADV170013 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Uniscribe Remote Code Execution Vulnerability | CVE-2017-8692 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2017-8675 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2017-8720 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| Win32k Graphics Information Disclosure Vulnerability | CVE-2017-8683 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Win32k Graphics Remote Code Execution Vulnerability | CVE-2017-8682 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Win32k Information Disclosure Vulnerability | CVE-2017-8677 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Win32k Information Disclosure Vulnerability | CVE-2017-8678 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Win32k Information Disclosure Vulnerability | CVE-2017-8680 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Win32k Information Disclosure Vulnerability | CVE-2017-8681 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Win32k Information Disclosure Vulnerability | CVE-2017-8687 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows DHCP Server Remote Code Execution Vulnerability | CVE-2017-8686 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Critical |
| Windows Elevation of Privilege Vulnerability | CVE-2017-8702 | ||
| Not Publicly Disclosed | Not Exploited | Elevation of Privilege | Important |
| Windows GDI+ Information Disclosure Vulnerability | CVE-2017-8676 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Critical |
| Windows GDI+ Information Disclosure Vulnerability | CVE-2017-8684 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows GDI+ Information Disclosure Vulnerability | CVE-2017-8685 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows GDI+ Information Disclosure Vulnerability | CVE-2017-8688 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Information Disclosure Vulnerability | CVE-2017-8710 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2017-8679 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2017-8708 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2017-8709 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2017-8719 | ||
| Not Publicly Disclosed | Not Exploited | Information Disclosure | Important |
| Windows Security Feature Bypass Vulnerability | CVE-2017-8716 | ||
| Not Publicly Disclosed | Not Exploited | Security Feature Bypass | Important |
| Windows Shell Remote Code Execution Vulnerability | CVE-2017-8699 | ||
| Not Publicly Disclosed | Not Exploited | Remote Code Execution | Important |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|
Keywords:
9 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 22nd - Sep 27th 2025 |
×
![modal content]()
Diary Archives
Comments
example : 2017-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4038777)
Anonymous
Sep 13th 2017
7 years ago
Anonymous
Sep 13th 2017
7 years ago
Anonymous
Sep 13th 2017
7 years ago
Anonymous
Sep 13th 2017
7 years ago
Thanks!
Anonymous
Sep 13th 2017
7 years ago
Anonymous
Sep 13th 2017
7 years ago
Can we also have the colour coding on the rating and exploited column (red/amber/green) back too please?
Anonymous
Sep 14th 2017
7 years ago
Anonymous
Sep 14th 2017
7 years ago
Anonymous
Sep 14th 2017
7 years ago