Operating System:

[Win]

Published:

14 June 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0089
                    Microsoft Windows Security Updates
                               14 June 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Windows
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Increased Privileges            -- Existing Account            
                      Modify Arbitrary Files          -- Existing Account            
                      Denial of Service               -- Remote/Unauthenticated      
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Existing Account            
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-8553 CVE-2017-8544 CVE-2017-8543
                      CVE-2017-8534 CVE-2017-8533 CVE-2017-8532
                      CVE-2017-8531 CVE-2017-8528 CVE-2017-8527
                      CVE-2017-8515 CVE-2017-8494 CVE-2017-8493
                      CVE-2017-8492 CVE-2017-8491 CVE-2017-8490
                      CVE-2017-8489 CVE-2017-8488 CVE-2017-8485
                      CVE-2017-8484 CVE-2017-8483 CVE-2017-8482
                      CVE-2017-8481 CVE-2017-8480 CVE-2017-8479
                      CVE-2017-8478 CVE-2017-8477 CVE-2017-8476
                      CVE-2017-8475 CVE-2017-8474 CVE-2017-8473
                      CVE-2017-8472 CVE-2017-8471 CVE-2017-8470
                      CVE-2017-8469 CVE-2017-8468 CVE-2017-8466
                      CVE-2017-8465 CVE-2017-8464 CVE-2017-8462
                      CVE-2017-8460 CVE-2017-0300 CVE-2017-0299
                      CVE-2017-0298 CVE-2017-0297 CVE-2017-0296
                      CVE-2017-0295 CVE-2017-0294 CVE-2017-0292
                      CVE-2017-0291 CVE-2017-0289 CVE-2017-0288
                      CVE-2017-0287 CVE-2017-0286 CVE-2017-0285
                      CVE-2017-0284 CVE-2017-0283 CVE-2017-0282
                      CVE-2017-0260 CVE-2017-0219 CVE-2017-0218
                      CVE-2017-0216 CVE-2017-0215 CVE-2017-0193
                      CVE-2017-0173  
Member content until: Friday, July 14 2017
Reference:            ASB-2017.0088
                      ASB-2017.0087
                      ASB-2017.0086

Comment: CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability is
         being exploited in the wild. 
         CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
         CVE-2017-8464 | LNK Remote Code Execution Vulnerability is being 
         exploited in the wild. 
         CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

OVERVIEW

        Microsoft has released its monthly security patch update for the 
        month of June 2017 for Microsoft Windows. [1]
        
        This update resolves 64 vulnerabilities across the following
        products:
        
        Windows 10 for 32-bit Systems
        Windows 10 for x64-based Systems
        Windows 10 Version 1511 for 32-bit Systems
        Windows 10 Version 1511 for x64-based Systems
        Windows 10 Version 1607 for 32-bit Systems
        Windows 10 Version 1607 for x64-based Systems
        Windows 10 Version 1703 for 32-bit Systems
        Windows 10 Version 1703 for x64-based Systems
        Windows 7 for 32-bit Systems Service Pack 1
        Windows 7 for x64-based Systems Service Pack 1
        Windows 8.1 for 32-bit systems
        Windows 8.1 for x64-based systems
        Windows RT 8.1
        Windows Server 2008 for 32-bit Systems Service Pack 2
        Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
        Windows Server 2008 for Itanium-Based Systems Service Pack 2
        Windows Server 2008 for x64-based Systems Service Pack 2
        Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
        Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
        Windows Server 2008 R2 for x64-based Systems Service Pack 1
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
        Windows Server 2012
        Windows Server 2012 R2
        Windows Server 2012 R2 (Server Core installation)
        Windows Server 2012 (Server Core installation)
        Windows Server 2016
        Windows Server 2016  (Server Core installation)


IMPACT

        Microsoft has given the following details regarding these 
        vulnerabilities:
        
        Details		Impact			Severity
        CVE-2017-0173	Security Feature Bypass	Important
        CVE-2017-0193	Elevation of Privilege	Important
        CVE-2017-0215	Security Feature Bypass	Important
        CVE-2017-0216	Security Feature Bypass	Important
        CVE-2017-0218	Security Feature Bypass	Important
        CVE-2017-0219	Security Feature Bypass	Important
        CVE-2017-0260	Remote Code Execution	Important
        CVE-2017-0282	Information Disclosure	Important
        CVE-2017-0283	Remote Code Execution	Critical
        CVE-2017-0284	Information Disclosure	Important
        CVE-2017-0285	Information Disclosure	Important
        CVE-2017-0286	Information Disclosure	Important
        CVE-2017-0287	Information Disclosure	Important
        CVE-2017-0288	Information Disclosure	Important
        CVE-2017-0289	Information Disclosure	Important
        CVE-2017-0291	Remote Code Execution	Critical
        CVE-2017-0292	Remote Code Execution	Critical
        CVE-2017-0294	Remote Code Execution	Critical
        CVE-2017-0295	Tampering		Important
        CVE-2017-0296	Elevation of Privilege	Important
        CVE-2017-0297	Elevation of Privilege	Important
        CVE-2017-0298	Information Disclosure	Important
        CVE-2017-0299	Information Disclosure	Important
        CVE-2017-0300	Information Disclosure	Important
        CVE-2017-8460	Information Disclosure	Important
        CVE-2017-8462	Information Disclosure	Important
        CVE-2017-8464	Remote Code Execution	Critical
        CVE-2017-8465	Elevation of Privilege	Important
        CVE-2017-8466	Elevation of Privilege	Important
        CVE-2017-8468	Elevation of Privilege	Important
        CVE-2017-8469	Information Disclosure	Important
        CVE-2017-8470	Information Disclosure	Important
        CVE-2017-8471	Information Disclosure	Important
        CVE-2017-8472	Information Disclosure	Important
        CVE-2017-8473	Information Disclosure	Important
        CVE-2017-8474	Information Disclosure	Important
        CVE-2017-8475	Information Disclosure	Important
        CVE-2017-8476	Information Disclosure	Important
        CVE-2017-8477	Information Disclosure	Important
        CVE-2017-8478	Information Disclosure	Important
        CVE-2017-8479	Information Disclosure	Important
        CVE-2017-8480	Information Disclosure	Important
        CVE-2017-8481	Information Disclosure	Important
        CVE-2017-8482	Information Disclosure	Important
        CVE-2017-8483	Information Disclosure	Important
        CVE-2017-8484	Information Disclosure	Important
        CVE-2017-8485	Information Disclosure	Important
        CVE-2017-8488	Information Disclosure	Important
        CVE-2017-8489	Information Disclosure	Important
        CVE-2017-8490	Information Disclosure	Important
        CVE-2017-8491	Information Disclosure	Important
        CVE-2017-8492	Information Disclosure	Important
        CVE-2017-8493	Security Feature Bypass	Important
        CVE-2017-8494	Elevation of Privilege	Important
        CVE-2017-8515	Denial of Service	Important
        CVE-2017-8527	Remote Code Execution	Critical
        CVE-2017-8528	Remote Code Execution	Critical
        CVE-2017-8531	Information Disclosure	Important
        CVE-2017-8532	Information Disclosure	Important
        CVE-2017-8533	Information Disclosure	Important
        CVE-2017-8534	Information Disclosure	Important
        CVE-2017-8543	Remote Code Execution	Critical
        CVE-2017-8544	Information Disclosure	Important
        CVE-2017-8553	Information Disclosure	Important


MITIGATION

        Microsoft recommends updating the software with the version 
        made available on the Microsoft Update Cataloge for the following 
        Knowledge Base articles. [1]
        
        KB3217845
        KB4018106
        KB4021903
        KB4021923
        KB4022008
        KB4022010
        KB4022013
        KB4022714
        KB4022715
        KB4022717
        KB4022718
        KB4022719
        KB4022722
        KB4022724
        KB4022725
        KB4022726
        KB4022727
        KB4022883
        KB4022884
        KB4022887
        KB4024402


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWUCsPIx+lLeg9Ub1AQgTURAAnhyq30RDg0+kgXyKPVRaiqy1hhTr4mpv
KnQjX2k8ptUEy53n7a8N3bBLIVcpgCn73petUV/hgB6D/Iskt5OsAE3CutYcxkak
isg1Yj3DQbjCwQkYsRkkznjyB883cOzBnBT7QjgUJWlVAZgVbxVUYA2xfBx+By3W
Pj7/gOq6qRezOrx7rwIdfmsEOOtL06ye09OGsPAtUCSd5FmtH2V+bg2P0FucLMfS
ETjW7kCHqDvw3H+JlaPdx4ofJed2IaA1iwcOHiaKrJULP2T+BSNGROdaOxVLojV5
0AStWR/B8BhBY6tzncGVDN0A3jmyMicQ4iw+Hdhjj4DQcLFcRn6s93PBjRl+aTxw
itA74cR6uiDw2TYdNysKHvhpoLEoD3o9e5Qp6qvXuGDHbktoI7STWwJDGEAGDT+C
hA/z4iCJUUp33M4WEI7NJCBnPSBnq9s4d2FbGJsXCM7nS0zIy05y8kbRAcxW5OGz
Q66RUjbQcnep3vQEiYZSZs+bTO+IcFarCXxknMfjcAuuE0mVl/S2rWu5xaWp23tG
tkw5twLimnf33n+S+nB4R6q+GQLi9XGMmbDhciSldMo5iq9rpXxKyITNGnSOma9I
pncbi+rJpuTEmsxoEV1Aupw2WjLnMdcO4O+DFblbN8bI9iv6z8F7TpXgjVV6waZ6
88g4iHKmgxM=
=CfX8
-----END PGP SIGNATURE-----