Microsoft Patch Tuesday September 2017
Below we do have our quick summary table for today's Microsoft patches. I am still working on getting this set up a bit better based on the new Microsoft patch Tuesday process.
Title |
CVE |
Publicly Disclosed? |
Exploited? |
Impact |
Rating |
.NET Framework Remote Code Execution Vulnerability |
CVE-2017-8759 |
Not Publicly Disclosed |
Exploited! |
Remote Code Execution |
Important |
Broadcom BCM43xx Remote Code Execution Vulnerability |
CVE-2017-9417 |
Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Device Guard Security Feature Bypass Vulnerability |
CVE-2017-8746 |
Publicly Disclosed |
Not Exploited |
Security Feature Bypass |
Important |
Graphics Component Information Disclosure Vulnerability |
CVE-2017-8695 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Hyper-V Denial of Service Vulnerability |
CVE-2017-8704 |
Not Publicly Disclosed |
Not Exploited |
Denial of Service |
Important |
Hyper-V Information Disclosure Vulnerability |
CVE-2017-8706 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Hyper-V Information Disclosure Vulnerability |
CVE-2017-8707 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Hyper-V Information Disclosure Vulnerability |
CVE-2017-8711 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Hyper-V Information Disclosure Vulnerability |
CVE-2017-8712 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Hyper-V Information Disclosure Vulnerability |
CVE-2017-8713 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Internet Explorer Memory Corruption Vulnerability |
CVE-2017-8747 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Internet Explorer Memory Corruption Vulnerability |
CVE-2017-8749 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Internet Explorer Spoofing Vulnerability |
CVE-2017-8733 |
Not Publicly Disclosed |
Not Exploited |
Spoofing |
Important |
Microsoft Bluetooth Driver Spoofing Vulnerability |
CVE-2017-8628 |
Not Publicly Disclosed |
Not Exploited |
Spoofing |
Important |
Microsoft Browser Information Disclosure Vulnerability |
CVE-2017-8736 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Microsoft Browser Memory Corruption Vulnerability |
CVE-2017-8750 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Information Disclosure Vulnerability |
CVE-2017-8597 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Microsoft Edge Information Disclosure Vulnerability |
CVE-2017-8643 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Microsoft Edge Information Disclosure Vulnerability |
CVE-2017-8648 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Microsoft Edge Memory Corruption Vulnerability |
CVE-2017-11766 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Memory Corruption Vulnerability |
CVE-2017-8731 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Memory Corruption Vulnerability |
CVE-2017-8734 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Memory Corruption Vulnerability |
CVE-2017-8751 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Remote Code Execution Vulnerability |
CVE-2017-8757 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Edge Security Feature Bypass Vulnerability |
CVE-2017-8723 |
Publicly Disclosed |
Not Exploited |
Security Feature Bypass |
Moderate |
Microsoft Edge Security Feature Bypass Vulnerability |
CVE-2017-8754 |
Not Publicly Disclosed |
Not Exploited |
Security Feature Bypass |
Important |
Microsoft Edge Spoofing Vulnerability |
CVE-2017-8724 |
Not Publicly Disclosed |
Not Exploited |
Spoofing |
Important |
Microsoft Edge Spoofing Vulnerability |
CVE-2017-8735 |
Not Publicly Disclosed |
Not Exploited |
Spoofing |
Moderate |
Microsoft Exchange Cross-Site Scripting Vulnerability |
CVE-2017-8758 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
Microsoft Exchange Information Disclosure Vulnerability |
CVE-2017-11761 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Microsoft Graphics Component Remote Code Execution |
CVE-2017-8696 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft Office Defense in Depth Update |
ADV170015 |
Publicly Disclosed |
Exploited! |
Defense in Depth |
N/A |
Microsoft Office Memory Corruption Vulnerability |
CVE-2017-8630 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft Office Memory Corruption Vulnerability |
CVE-2017-8631 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft Office Memory Corruption Vulnerability |
CVE-2017-8632 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft Office Memory Corruption Vulnerability |
CVE-2017-8744 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft Office Publisher Remote Code Execution |
CVE-2017-8725 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft Office Remote Code Execution |
CVE-2017-8567 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Microsoft PDF Remote Code Execution Vulnerability |
CVE-2017-8728 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft PDF Remote Code Execution Vulnerability |
CVE-2017-8737 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Microsoft SharePoint Cross Site Scripting Vulnerability |
CVE-2017-8745 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
Microsoft SharePoint XSS Vulnerability |
CVE-2017-8629 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
NetBIOS Remote Code Execution Vulnerability |
CVE-2017-0161 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
PowerPoint Remote Code Execution Vulnerability |
CVE-2017-8742 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
PowerPoint Remote Code Execution Vulnerability |
CVE-2017-8743 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Remote Desktop Virtual Host Remote Code Execution Vulnerability |
CVE-2017-8714 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Scripting Engine Information Disclosure Vulnerability |
CVE-2017-8739 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-11764 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8649 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8660 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8729 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8738 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8740 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8741 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8748 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8752 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8753 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8755 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Scripting Engine Memory Corruption Vulnerability |
CVE-2017-8756 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
September 2017 Flash Security Update |
ADV170013 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Uniscribe Remote Code Execution Vulnerability |
CVE-2017-8692 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
Win32k Elevation of Privilege Vulnerability |
CVE-2017-8675 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
Win32k Elevation of Privilege Vulnerability |
CVE-2017-8720 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
Win32k Graphics Information Disclosure Vulnerability |
CVE-2017-8683 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Win32k Graphics Remote Code Execution Vulnerability |
CVE-2017-8682 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Win32k Information Disclosure Vulnerability |
CVE-2017-8677 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Win32k Information Disclosure Vulnerability |
CVE-2017-8678 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Win32k Information Disclosure Vulnerability |
CVE-2017-8680 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Win32k Information Disclosure Vulnerability |
CVE-2017-8681 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Win32k Information Disclosure Vulnerability |
CVE-2017-8687 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows DHCP Server Remote Code Execution Vulnerability |
CVE-2017-8686 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Critical |
Windows Elevation of Privilege Vulnerability |
CVE-2017-8702 |
Not Publicly Disclosed |
Not Exploited |
Elevation of Privilege |
Important |
Windows GDI+ Information Disclosure Vulnerability |
CVE-2017-8676 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Critical |
Windows GDI+ Information Disclosure Vulnerability |
CVE-2017-8684 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows GDI+ Information Disclosure Vulnerability |
CVE-2017-8685 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows GDI+ Information Disclosure Vulnerability |
CVE-2017-8688 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Information Disclosure Vulnerability |
CVE-2017-8710 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Kernel Information Disclosure Vulnerability |
CVE-2017-8679 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Kernel Information Disclosure Vulnerability |
CVE-2017-8708 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Kernel Information Disclosure Vulnerability |
CVE-2017-8709 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Kernel Information Disclosure Vulnerability |
CVE-2017-8719 |
Not Publicly Disclosed |
Not Exploited |
Information Disclosure |
Important |
Windows Security Feature Bypass Vulnerability |
CVE-2017-8716 |
Not Publicly Disclosed |
Not Exploited |
Security Feature Bypass |
Important |
Windows Shell Remote Code Execution Vulnerability |
CVE-2017-8699 |
Not Publicly Disclosed |
Not Exploited |
Remote Code Execution |
Important |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|
I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022
|
Johannes

4479 Posts ISC HandlerSep 13th 2017 |
Coud you add the KB value for the patch update for searching into "security monthly quality rollup" on the "microsoft update catalog"
example : 2017-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4038777)
|
Stephane 
3 Posts |
Are any of these considered patch now? Thanks.
|
JeffSoh 
31 Posts |
Server side I wouldn't patch out of band, but always good to put patches through their paces in a test lab.
|
Anonymous
|
Curious as to why CVE-2017-8759 is only labeled as Important if it is being actively exploited and is part of a high profile campaign (FINSPY)
|
Anonymous
|
I second that request.
Thanks!
|
Anonymous
|
I third the motion to list KB numbers. *please*
|
Anonymous
|
I also agree with having the KB number.
Can we also have the colour coding on the rating and exploited column (red/amber/green) back too please?
|
L2actual 
3 Posts |
I second the request for colour coding, it really helped call-out the patch now updates.
|
PW 
69 Posts |
Would it be possible to have this data available as a spreadsheet download? Or is it available and I don't see it? Thank you.
|
Anonymous
|