Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0144 Security updates for Microsoft Edge 13 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-11766 CVE-2017-11764 CVE-2017-8757 CVE-2017-8756 CVE-2017-8755 CVE-2017-8754 CVE-2017-8753 CVE-2017-8752 CVE-2017-8751 CVE-2017-8750 CVE-2017-8748 CVE-2017-8741 CVE-2017-8740 CVE-2017-8739 CVE-2017-8738 CVE-2017-8737 CVE-2017-8736 CVE-2017-8735 CVE-2017-8734 CVE-2017-8731 CVE-2017-8729 CVE-2017-8728 CVE-2017-8724 CVE-2017-8723 CVE-2017-8660 CVE-2017-8649 CVE-2017-8648 CVE-2017-8643 CVE-2017-8597 Member content until: Friday, October 13 2017 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2017. [1] This update resolves 29 vulnerabilities across the following products: Microsoft Edge IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-11764 Remote Code Execution Critical CVE-2017-11766 Remote Code Execution Critical CVE-2017-8597 Information Disclosure Important CVE-2017-8643 Information Disclosure Important CVE-2017-8648 Information Disclosure Important CVE-2017-8649 Remote Code Execution Critical CVE-2017-8660 Remote Code Execution Critical CVE-2017-8723 Security Feature Bypass Moderate CVE-2017-8724 Spoofing Important CVE-2017-8728 Remote Code Execution Critical CVE-2017-8729 Remote Code Execution Critical CVE-2017-8731 Remote Code Execution Critical CVE-2017-8734 Remote Code Execution Critical CVE-2017-8735 Spoofing Moderate CVE-2017-8736 Information Disclosure Important CVE-2017-8737 Remote Code Execution Critical CVE-2017-8738 Remote Code Execution Critical CVE-2017-8739 Information Disclosure Important CVE-2017-8740 Remote Code Execution Critical CVE-2017-8741 Remote Code Execution Critical CVE-2017-8748 Remote Code Execution Critical CVE-2017-8750 Remote Code Execution Critical CVE-2017-8751 Remote Code Execution Critical CVE-2017-8752 Remote Code Execution Critical CVE-2017-8753 Remote Code Execution Critical CVE-2017-8754 Security Feature Bypass Important CVE-2017-8755 Remote Code Execution Critical CVE-2017-8756 Remote Code Execution Critical CVE-2017-8757 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1] KB4038783, KB4038782, KB4038781, KB4038788 REFERENCES [1] Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWbiB94x+lLeg9Ub1AQjd6Q/+PK+4YGV3H3ilauFDbSMSlIK1OECt7yyC qpnXjqPB3lxYa/VlnqRmASNErM1M1wYUcJAAqS2bgFXaQICQB4rQGcUqqGxwxWv4 x5f5sQla6OEzkH3h3ANsss/Nh71RcbRVETHAlzY8lNbRw+EBZ0lJQkn2ak4S7Zx5 hrSWyBr1ZxOX+pfAHIkrBL2f/H/ctTNQOnoNhhiIhTw4y3x3H2aRT0Xtde2n6SBG NF7A598h0QVQCXB2JPw7O1EpvPpeQiy8L34GkoQjNXFbwx50LTjhn8qDmsqWCUz0 /ApwIUKe2WD9cciq/ymIQJRPQ2rBR82O4ODwMVMH5tDwg0PGTeIs3zLO6RP96rI0 Kq82CpxoKqMOn9ug02LdNFvLDjY1OksFfquaO/avBSjvmjp5dnAgRLDoyPmfH9Ct 7PNZtwGa1OyIJXJbNOH215qSgLZD4UEcKk8v3PQg02pB0cK7XHenkLTKq7ZUKyZg oriel9IZr0NW+OFvdC6AcZfgy5nuagLVG58S0v2FQfj3IXO6WeP4utZNBCU+MnDn +rY7WdxTfRTOQrMJxyZ5IbUjQ4RicMaWPsPJQ6f4Pwdonpm4wa/FrnzSJwLaIQts Id1p4njQwnxW7NZwYmBfZ4WDeROIfINa+IzR2ZB1NmMjv8Scn1Gyb9z/Z6T4+O/E 27CBWC8DX6o= =Pc2+ -----END PGP SIGNATURE-----