Zero-Day 2017- Úvod Graf Katal

Zero-Day 2017- Úvod Graf Katalog Zranitelností OWASP Webové útoky (103) Vulnerebility Web Vul. Top 50 in years CVE Defination ATT&CK Matrix for Enterprise

2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009

Microsoft Patch Tuesday – December 2017
This month the vendor has patched 32 vulnerabilities, 19 of which are rated Critical.
This month, Microsoft has patched 32 vulnerabilities, 19 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the December 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Internet Explorer
Microsoft Edge
Microsoft ChakraCore
Microsoft Office
Microsoft Exchange Server
Microsoft Windows
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11889) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11893) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11894) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11895) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11914) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11905) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11908) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11909) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11910) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11911) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11912) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11918) MS Rating: Critical

Scripting Engine Information Disclosure Vulnerability (CVE-2017-11919) MS Rating: Important

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11930) MS Rating: Important

Scripting Engine Information Disclosure Vulnerability (CVE-2017-11887) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

Scripting Engine Information Disclosure Vulnerability (CVE-2017-11906) MS Rating: Important

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913) MS Rating: Important

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11916) MS Rating: Important

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Cumulative Security Update for Microsoft Office

Microsoft Exchange Spoofing Vulnerability (CVE-2017-11932) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this issue to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information.

Microsoft PowerPoint Information Disclosure Vulnerability (CVE-2017-11934) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker can exploit this issue to obtain sensitive information to compromise the user computer or data.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2017-11936) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office Information Disclosure Vulnerability (CVE-2017-11939) MS Rating: Important

An information disclosure vulnerability exists when Visual Basic macros in Office improperly export a user's private key from the certificate store while saving a document. An attacker can exploit this issue to gain access to the user private key.

Cumulative Security Update for Microsoft Windows

Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885) MS Rating: Important

A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system.

Microsoft Windows Security Bypass Vulnerability (CVE-2017-11899) MS Rating: Important

A security bypass vulnerability exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this issue could make an unsigned file appear to be signed.

Microsoft Windows Information Disclosure Vulnerability (CVE-2017-11927) MS Rating: Important

An information disclosure vulnerability exists when the Windows protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This may result in the disclosure of sensitive information to a malicious site.

Microsoft Patch Tuesday – November 2017
This month the vendor has patched 53 vulnerabilities, 19 of which are rated Critical.
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 53 vulnerabilities, 19 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the November 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Browsers
Microsoft Office
ASP.NET
Windows Kernel
Windows Graphics Component
Windows Media Player
Microsoft Windows
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11862) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11836) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11838) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11866) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11870) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11871) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2017-11827) MS Rating: Important

Microsoft Edge information disclosure Vulnerability (CVE-2017-11803) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Edge information disclosure Vulnerability (CVE-2017-11833) MS Rating: Important

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser.

Microsoft Edge information disclosure Vulnerability (CVE-2017-11844) MS Rating: Important

Microsoft Edge security bypass Vulnerability (CVE-2017-11863) MS Rating: Important

A security bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

Microsoft Edge security bypass Vulnerability (CVE-2017-11872) MS Rating: Important

A security bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored.

Microsoft Edge security bypass Vulnerability (CVE-2017-11874) MS Rating: Important

A security bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution.

Scripting Engine information disclosure Vulnerability (CVE-2017-11791) MS Rating: Important

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Scripting Engine information disclosure Vulnerability (CVE-2017-11834) MS Rating: Important

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Internet Explorer information disclosure Vulnerability (CVE-2017-11848) MS Rating: Moderate

An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specially crafted website.

Cumulative Security Update for Microsoft Office

Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854) MS Rating: Important

Microsoft Excel security bypass Vulnerability (CVE-2017-11877) MS Rating: Important

A security bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security bypass by itself does not allow arbitrary code execution.

Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2017-11884) MS Rating: Important

Microsoft Project Server Elevation of Privilege Vulnerability (CVE-2017-11876) MS Rating: Moderate

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site.

Cumulative Security Update for Microsoft ASP.NET

ASP.NET CORE Denial Of Service Vulnerability (CVE-2017-11770) MS Rating: Important

A denial of service vulnerability exists when . NET Core improperly handles web requests.

ASP.NET Core Elevation Of Privilege Vulnerability (CVE-2017-11879) MS Rating: Important

An open redirect vulnerability exists in ASP. NET Core that could lead to Elevation of privilege.

ASP.NET Core information disclosure Vulnerability (CVE-2017-11883) MS Rating: Important

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.

ASP.NET Core information disclosure Vulnerability (CVE-2017-8700) MS Rating: Moderate

An information disclosure vulnerability exists in ASP. net Core that allows bypassing Cross-origin Resource Sharing (CORS) configurations.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel information disclosure Vulnerability (CVE-2017-11842) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-11847) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Kernel information disclosure Vulnerability (CVE-2017-11849) MS Rating: Important

Windows Kernel information disclosure Vulnerability (CVE-2017-11851) MS Rating: Important

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Kernel information disclosure Vulnerability (CVE-2017-11853) MS Rating: Important

Windows Kernel information disclosure Vulnerability (CVE-2017-11831) MS Rating: Important

Windows Kernel information disclosure Vulnerability (CVE-2017-11880) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.

Cumulative Security Update for Microsoft Windows Graphics Component

Microsoft Graphics Component information disclosure Vulnerability (CVE-2017-11850) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows GDI information disclosure Vulnerability (CVE-2017-11852) MS Rating: Important

Cumulative Security Update for Microsoft Windows Media Player

Windows Media Player information disclosure Vulnerability (CVE-2017-11768) MS Rating: Important

An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.

Cumulative Security Update for Microsoft Windows

Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11832) MS Rating: Important

An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11835) MS Rating: Important

Windows Search Denial of Service Vulnerability (CVE-2017-11788) MS Rating: Important

A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

Device Guard security bypass Vulnerability (CVE-2017-11830) MS Rating: Important

A security bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed.

Microsoft Patch Tuesday – October 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 62 vulnerabilities, 27 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Graphics
Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft Skype for Business
Microsoft JET Database Engine
Microsoft Windows
Chakra Core
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Graphics

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2017-11762) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2017-11763) MS Rating: Critical

Windows Graphics Component Elevation of Privilege Vulnerability (CVE-2017-11824) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Microsoft Graphics Information Disclosure Vulnerability (CVE-2017-8693) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2017-11816) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11792) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11796) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11799) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11804) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11805) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11806) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11807) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11808) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11809) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11812) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-11813) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8727) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Information Disclosure Vulnerability (CVE-2017-11797) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11801) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-11821) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822) MS Rating: Critical

Internet Explorer Information Disclosure Vulnerability (CVE-2017-11790) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8726) MS Rating: Important

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-11794) MS Rating: Important

Cumulative Security Update for Microsoft Office

Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2017-11774) MS Rating: Important

A security bypass vulnerability exists when Microsoft Office improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11775) MS Rating: Important

A cross site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Outlook Information Disclosure Vulnerability (CVE-2017-11776) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Outlook fails to establish a secure connection. An attacker who exploited the vulnerability could use it to obtain the email content of a user.

Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11777) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11820) MS Rating: Important

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-11825) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) MS Rating: Important

Cumulative Security Update for Microsoft Skype for Business

Skype for Business Elevation of Privilege Vulnerability (CVE-2017-11786) MS Rating: Important

A privilege escalation vulnerability exists when Skype for Business fails to properly handle specific authentication requests.

Cumulative Security Update for Microsoft JET Database Engine

Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717) MS Rating: Important

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system.

Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718) MS Rating: Important

Cumulative Security Update for Microsoft Windows

Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779) MS Rating: Critical

A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI. dll when it fails to properly handle DNS responses.

Windows Search Remote Code Execution Vulnerability (CVE-2017-11771) MS Rating: Critical

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Windows Shell Remote Code Execution Vulnerability (CVE-2017-11819) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user

Windows Kernel Information Disclosure Vulnerability (CVE-2017-11765) MS Rating: Important

TRIE Remote Code Execution Vulnerability (CVE-2017-11769) MS Rating: Important

A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Search Information Disclosure Vulnerability (CVE-2017-11772) MS Rating: Important

An information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows SMB Remote Code Execution Vulnerability (CVE-2017-11780) MS Rating: Important

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1. 0 (SMBv1) server handles certain requests.

Windows SMB Denial of Service Vulnerability (CVE-2017-11781) MS Rating: Important

Windows SMB Elevation of Privilege Vulnerability (CVE-2017-11782) MS Rating: Important

A privilege escalation vulnerability exists in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. An unauthenticated attacker who successfully exploits this configuration error could remotely send specially crafted requests to certain services that accept requests via named pipes.

Windows Elevation of Privilege Vulnerability (CVE-2017-11783) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-11784) MS Rating: Important

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-11785) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2017-11814) MS Rating: Important

Windows Information Disclosure Vulnerability (CVE-2017-11817) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

Windows Storage Security Feature Bypass Vulnerability (CVE-2017-11818) MS Rating: Important

An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level.

Microsoft Windows Security Feature Bypass (CVE-2017-11823) MS Rating: Important

A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2017-8689) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2017-8694) MS Rating: Important

Windows Subsystem for Linux Denial of Service Vulnerability (CVE-2017-8703) MS Rating: Important

A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system.

Windows Security Feature Bypass Vulnerability (CVE-2017-8715) MS Rating: Important

Windows SMB Information Disclosure Vulnerability (CVE-2017-11815) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

Windows Update Delivery Optimization Elevation of Privilege Vulnerability (CVE-2017-11829) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions.

Microsoft Patch Tuesday – August 2017
This month Microsoft has patched 48 vulnerabilities, 26 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the August 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Internet Explorer and Edge
Microsoft Office
Windows Kernel
Windows Hyper-V
Microsoft Windows
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Internet Explorer and Edge

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8634) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8635) MS Rating: Critical

A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8636) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8638) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8639) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8640) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8645) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8646) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8647) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8653) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8655) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8656) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8651) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8661) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8669) MS Rating: Critical

A remote code execution vulnerability exists in the way scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8670) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8672) MS Rating: Critical

Microsoft Edge privilege escalation Vulnerability (CVE-2017-8503) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this issue could gain elevated privileges and break out of the Edge AppContainer sandbox.

Internet Explorer Security Bypass Vulnerability (CVE-2017-8625) MS Rating: Important

A security bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. An attacker can exploit this issue to bypass Device Guard UCMI policies.

Scripting Engine security bypass Vulnerability (CVE-2017-8637) MS Rating: Important

A security bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Arbitrary Code Guard (ACG) to be bypassed. By itself, this ACG bypass vulnerability does not allow arbitrary code execution.

Microsoft Edge privilege escalation Vulnerability (CVE-2017-8642) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8644) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.

Microsoft Edge security bypass Vulnerability (CVE-2017-8650) MS Rating: Moderate

A security bypass vulnerability exists when Microsoft Edge does not properly enforce same-origin policies. This may allow an attacker to access information from origins outside the current one.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652) MS Rating: Important

Scripting Engine Information Disclosure Vulnerability (CVE-2017-8659) MS Rating: Important

An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8662) MS Rating: Important

An information disclosure vulnerability for Microsoft Edge exists as a result of how strings are validated in specific scenarios. This may allow an attacker to read sensitive data from memory and thereby potentially bypass Address Space Layout Randomization (ASLR).

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8674) MS Rating: Important

Cumulative Security Update for Microsoft Office

Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2017-8654) MS Rating: Important

Cumulative Security Update for Windows Kernel

Win32k privilege escalation Vulnerability (CVE-2017-8593) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.

Win32k Information Disclosure Vulnerability (CVE-2017-8666) MS Rating: Important

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.

Cumulative Security Update for Microsoft Hyper-V Component

Windows Hyper-V Denial of Service Vulnerability (CVE-2017-8623) MS Rating: Important

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the issue could cause the host server to crash.

Hyper-V Remote Code Execution Vulnerability (CVE-2017-8664) MS Rating: Important

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

Cumulative Security Update for Microsoft Windows

Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250) MS Rating: Critical

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this issue could take complete control of an affected system.

Windows PDF Remote Code Execution Vulnerability (CVE-2017-0293) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Windows IME Remote Code Execution Vulnerability (CVE-2017-8591) MS Rating: Critical

A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.

Windows Search Remote Code Execution Vulnerability (CVE-2017-8620) MS Rating: Critical

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.

Windows Subsystem for Linux privilege escalation Vulnerability (CVE-2017-8622) MS Rating: Critical

A privilege escalation vulnerability exists in the way that the Windows Subsystem for Linux handles NT pipes. An attacker who successfully exploited the issue could execute code with elevated permissions.

Windows NetBIOS Denial of Service Vulnerability (CVE-2017-0174)MS Rating: Important

A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this issue could cause a target computer to become completely unresponsive.

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability (CVE-2017-8516) MS Rating: Important

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.

Windows CLFS privilege escalation Vulnerability (CVE-2017-8624) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects inmemory.

Windows Subsystem for Linux Denial of Service Vulnerability (CVE-2017-8627) MS Rating: Important

A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this issue could cause a denial of service against the local system.

Windows Error Reporting privilege escalation Vulnerability (CVE-2017-8633) MS Rating: Important

A privilege escalation vulnerability exists in Windows Error Reporting (WER). The vulnerability could allow privilege escalation if successfully exploited by an attacker.

Volume Manager Extension Driver Information Disclosure Vulnerability (CVE-2017-8668) MS Rating: Important

An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.

Windows Remote Desktop Protocol Denial of Service Vulnerability (CVE-2017-8673) MS Rating: Important

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this issue could cause the RDP service on the target system to stop responding.

Express Compressed Fonts Remote Code Execution Vulnerability (CVE-2017-8691) MS Rating: Important

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system.

Microsoft Patch Tuesday – July 2017
This month Microsoft has patched 54 vulnerabilities, 19 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the July 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Internet Explorer and Edge
Microsoft Office
Microsoft Exchange Server
Windows Kernel
Windows Graphics Component
Microsoft Windows
Windows PowerShell
WordPad
Kerberos
.NET Framework
HoloLens
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Internet Explorer and Edge

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594) MS Rating: Critical

Internet Explorer Remote Code Execution Vulnerability (CVE-2017-8618) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Internet Explorer Security Feature Bypass (CVE-2017-8592) MS Rating: Important

An security feature bypass vulnerability exists when Microsoft Browsers improperly handle redirect requests. This vulnerability allows Microsoft Browsers to bypass CORS redirect restrictions and to follow redirect requests that should otherwise be ignored.

Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617) MS Rating: Critical

A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8599) MS Rating: Important

A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content.

Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8619) MS Rating: Critical

Microsoft Edge Spoofing Vulnerability (CVE-2017-8611) MS Rating: Moderate

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8595) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8596) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8604) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8606) MS Rating: Critical

A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8607) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8608) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8609) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8610) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8598) MS Rating: Critical

Microsoft Browser Spoofing Vulnerability (CVE-2017-8602) MS Rating: Important

A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

Cumulative Security Update for Microsoft Office

Microsoft Office Memory Corruption Vulnerability (CVE-2017-8501) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2017-8502) MS Rating: Important

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243) MS Rating: Important

SharePoint Server XSS Vulnerability (CVE-2017-8569) MS Rating: Important

Office Remote Code Execution Vulnerability (CVE-2017-8570) MS Rating: Important

Cumulative Security Update for Microsoft Exchange Server

Microsoft Exchange Cross-Site Scripting Vulnerability (CVE-2017-8559) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

Microsoft Exchange Cross-Site Scripting Vulnerability (CVE-2017-8560) MS Rating: Important

Microsoft Exchange Open Redirect Vulnerability (CVE-2017-8560) MS Rating: Moderate

Cumulative Security Update for Windows Kernel

Win32k Elevation of Privilege Vulnerability (CVE-2017-8467) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Information Disclosure Vulnerability (CVE-2017-8486) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Win32k Elevation of Privilege Vulnerability (CVE-2017-8577) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2017-8578) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2017-8580) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2017-8581) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-8561) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2017-8564) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process.

Cumulative Security Update for Microsoft Graphics Component

Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8573) MS Rating: Important

Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8574) MS Rating: Important

Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8556) MS Rating: Important

Cumulative Security Update for Microsoft Windows

Windows Performance Monitor Information Disclosure Vulnerability (CVE-2017-0170) MS Rating: Moderate

An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Windows Explorer Remote Code Execution Vulnerability (CVE-2017-8463) MS Rating: Critical

An Remote Code Execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user.

Windows System Information Console Information Disclosure Vulnerability (CVE-2017-8557) MS Rating: Important

An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Windows ALPC Elevation of Privilege Vulnerability (CVE-2017-8562) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Windows Elevation of Privilege Vulnerability (CVE-2017-8563) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a domain controller.

Windows IME Elevation of Privilege Vulnerability (CVE-2017-8566) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled.

Windows Explorer Denial of Service Vulnerability (CVE-2017-8587) MS Rating: Important

A Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service.

Windows Search Remote Code Execution Vulnerability (CVE-2017-8589) MS Rating: Critical

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Windows CLFS Elevation of Privilege Vulnerability (CVE-2017-8590) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system.

Https.sys Information Disclosure Vulnerability (CVE-2017-8582) MS Rating: Important

An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memoryAn attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.

Security Update for Windows PowerShell

Windows PowerShell Remote Code Execution Vulnerability (CVE-2017-8565) MS Rating: Important

A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.

Security Update for Windows WordPad

WordPad Remote Code Execution Vulnerability (CVE-2017-8588) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad.

Security Update for Kerberos

Kerberos SNAME Security Feature Bypass Vulnerability (CVE-2017-8495) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.

Security Update for .NET Framework

.NET Denial of Service Vulnerability (CVE-2017-8585) MS Rating: Important

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application.

Cumulative Security Update for HoloLens

Hololens Remote Code Execution Vulnerability (CVE-2017-8584) MS Rating: Critical

A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system.

Microsoft Patch Tuesday – June 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 94 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the June 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Microsoft Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft Hyper-V
Microsoft Uniscribe
Windows Graphics
Microsoft Windows
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Internet Explorer and Edge

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8496) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8497) MS Rating: Critical

A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8517) MS Rating: Critical

A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8520) MS Rating: Critical

A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory.This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8522) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8548) MS Rating: Critical

Scripting Engine Remote Code Execution Vulnerability (CVE-2017-8549) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8499) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8519) MS Rating: Important

Scripting Engine Memory Corruption Vulnerability (CVE-2017-8521) MS Rating: Important

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8523) MS Rating: Important

A security bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker can exploit this issue to trick a user into loading a page with malicious content.

Microsoft Browser Information Disclosure Vulnerability (CVE-2017-8529) MS Rating: Important

An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8530) MS Rating: Important

A security bypass vulnerability that affects Microsoft Edge.

Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547) MS Rating: Important

Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8555) MS Rating: Important

A security bypass vulnerability exists when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker can exploit this issue to trick a user into loading a web page with malicious content.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8498) MS Rating: Moderate

An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it.

Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8504) MS Rating: Low

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request.

Cumulative Security Update for Microsoft Office

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0260) MS Rating: Important

A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8506) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2017-8507) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.

Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-8508) MS Rating: Important

A security bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. The security bypass by itself does not allow arbitrary code execution.

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509) MS Rating: Important

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510) MS Rating: Important

MicrosoftOffice Remote Code Execution Vulnerability (CVE-2017-8511) MS Rating: Important

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8512) MS Rating: Important

Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8513) MS Rating: Important

Microsoft SharePoint Reflective XSS Vulnerability (CVE-2017-8514) MS Rating: Important

A cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2017-8545) MS Rating: Important

A spoofing vulnerability exists when Microsoft Outlook for Mac does not sanitize html or treat it in a safe manner. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.

Microsoft SharePoint XSS vulnerability (CVE-2017-8551) MS Rating: Important

A privilege escalation vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. Successful exploits may allow an attacker to perform cross-site scripting attacks.

Cumulative Security Update for Microsoft Windows Hyper-V

Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2017-0193) MS Rating: Important

A privilege escalation vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this issue could gain elevated privileges on a target guest operating system.

Cumulative Security Update for Skype for Business

Skype for Business Remote Code Execution Vulnerability (CVE-2017-8550) MS Rating: Critical

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content. An authenticated attacker who successfully exploited this issue could execute HTML and JavaScript content in the Skype for Business or Lync context.

Cumulative Security Update for Microsoft Windows Uniscribe

Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8527) MS Rating: Critical

A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this issue could take control of the affected system.

Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8528) MS Rating: Critical

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.

Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0283) MS Rating: Critical

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker can exploit this issue could take control of the affected system.

Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0282) MS Rating: Important

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.

Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0284) MS Rating: Important

Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285) MS Rating: Important

Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-8534) MS Rating: Important

Cumulative Security Update for Microsoft Windows Graphics

Windows Graphics Information Disclosure Vulnerability (CVE-2017-0286) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.

Windows Graphics Information Disclosure Vulnerability (CVE-2017-0287) MS Rating: Important

Windows Graphics Information Disclosure Vulnerability (CVE-2017-0288) MS Rating: Important

Windows Graphics Information Disclosure Vulnerability (CVE-2017-0289) MS Rating: Important

Windows Graphics Information Disclosure Vulnerability (CVE-2017-8531) MS Rating: Important

Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532) MS Rating: Important

Windows Graphics Information Disclosure Vulnerability (CVE-2017-8533) MS Rating: Important

Cumulative Security Update for Microsoft Windows Kernel-Mode Drivers

Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-0297) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited this issue could execute code with elevated permissions.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-0299) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-0300) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-8462) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.

Win32k Elevation of Privilege Vulnerability (CVE-2017-8465) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.

Win32k Elevation of Privilege Vulnerability (CVE-2017-8468) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.

Windows Kernel Information Disclosure Vulnerability (CVE-2017-8469) MS Rating: Important