Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0100 Microsoft Windows Security Updates 12 July 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Administrator Compromise -- Existing Account Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-8592 CVE-2017-8590 CVE-2017-8589 CVE-2017-8588 CVE-2017-8587 CVE-2017-8584 CVE-2017-8582 CVE-2017-8581 CVE-2017-8580 CVE-2017-8578 CVE-2017-8577 CVE-2017-8574 CVE-2017-8573 CVE-2017-8566 CVE-2017-8565 CVE-2017-8564 CVE-2017-8563 CVE-2017-8562 CVE-2017-8561 CVE-2017-8557 CVE-2017-8556 CVE-2017-8495 CVE-2017-8486 CVE-2017-8467 CVE-2017-8463 CVE-2017-0170 Member content until: Friday, August 11 2017 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2017. [1] This update resolves 26 vulnerabilities across the following products: Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-0170 Information Disclosure Moderate CVE-2017-8463 Remote Code Execution Critical CVE-2017-8467 Elevation of Privilege Important CVE-2017-8486 Information Disclosure Important CVE-2017-8495 Security Feature Bypass Important CVE-2017-8556 Elevation of Privilege Important CVE-2017-8557 Information Disclosure Important CVE-2017-8561 Elevation of Privilege Important CVE-2017-8562 Elevation of Privilege Important CVE-2017-8563 Elevation of Privilege Important CVE-2017-8564 Information Disclosure Important CVE-2017-8565 Remote Code Execution Important CVE-2017-8566 Elevation of Privilege Important CVE-2017-8573 Elevation of Privilege Important CVE-2017-8574 Elevation of Privilege Important CVE-2017-8577 Elevation of Privilege Important CVE-2017-8578 Elevation of Privilege Important CVE-2017-8580 Elevation of Privilege Important CVE-2017-8581 Elevation of Privilege Important CVE-2017-8582 Information Disclosure Important CVE-2017-8584 Remote Code Execution Critical CVE-2017-8587 Denial of Service Important CVE-2017-8588 Remote Code Execution Important CVE-2017-8589 Remote Code Execution Critical CVE-2017-8590 Elevation of Privilege Important CVE-2017-8592 Security Feature Bypass Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1] KB4026061, KB4025240, KB4022914, KB4025497, KB4025397 KB4025398, KB4032955, KB4025336, KB4025337, KB4025331 KB4025333, KB4025338, KB4026059, KB4025339, KB4022746 KB4025409, KB4022748, KB4025877, KB4025344, KB4025341 KB4025872, KB4025343, KB4025342, KB4025674 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWWWPL4x+lLeg9Ub1AQjJPBAAnTNYPa+ykS9qsOfHr0kMN+D0WCCtVh05 TPp3ca/y4VcOJw7bQmhCucuWenq+FFO3S9D4lyqPqC/tl+tWg2Wus0NyeCHp0Thx a8H+JYW5iOMMLOXsbN138WjZ2JYZwyhpJNozjqM3HRZ2L/hppBg1anQhEUVcbFGE SrxFdq6V6g3bu4vCNchgT+Yy4KowioVUztU/8dhSkkjBjGszD93DMhrC6+vCxEYm Eyz78/eyhMKVS18sPBKc7yJQRlZwFRBQnvwvt4eyMdkEWsMZYJsMZ2HNEFCPMG3m wsYEj+qLYOsTFcloBRvUR4sdXTu4YNgSxDFozGzxAoscp7izt2veO3TJ0kBkdiQk Dk/kxq/4f7fZ5RrNy/zhodm7bxPv6xB3a9QuKmia46OGbhV0K0V0kPyWyghJpd/6 ZKwDmkKa6a5f4aR0kG6m55kdTrizublFByU5Ns7RstJsY3iUapMlqqDf4FPhvIcZ WN4vRmZNPGjL68a50olRFrbk00hCgxcKebVo4GlUbRQvLQsogMTPQrJswvcU0K0t z1m0b9VK+wooT0r7roPwpqNTPqgfr5TC/VixN5VOVAsw5TLwEOA7VhSpLUqUYa9a 1ux43X5k+oWbKUR5acepd0mZdLNO3Use22fx7r0WnmKWlw6GsNrnjYzkOB66edfK 9rG04bsqBxw= =5sYu -----END PGP SIGNATURE-----