13 September 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0147 Security updates for Microsoft Skype for Business and Lync 13 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Skype for Business and Lync Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-8696 CVE-2017-8695 CVE-2017-8676 Member content until: Friday, October 13 2017 Reference: ASB-2017.0142 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2017.  This update resolves 3 vulnerabilities across the following products: Microsoft Lync 2010 (32-bit) Microsoft Lync 2010 (64-bit) Microsoft Lync 2010 Attendee (admin level install) Microsoft Lync 2010 Attendee (user level install) Microsoft Lync 2013 Service Pack 1 (32-bit) Microsoft Lync 2013 Service Pack 1 (64-bit) Microsoft Lync Basic 2013 Service Pack 1 (32-bit) Microsoft Lync Basic 2013 Service Pack 1 (64-bit) Skype for Business 2016 (32-bit) Skype for Business 2016 (64-bit) Skype for Business 2016 Basic (32-bit) Skype for Business 2016 Basic (64-bit) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-8676 Information Disclosure Important CVE-2017-8695 Information Disclosure Important CVE-2017-8696 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles.  KB3213568, KB4025865, KB4025866, KB4011107, KB4011040 KB4025867 REFERENCES  Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWbiHv4x+lLeg9Ub1AQjIwQ//Z4X2a2q2WkmS5s/xj1834HL3FDT65FF4 G65RFY2DBSJgUIu2xVHv3zJleNFw2s8IihG0ZeH1OQvGG8R/t9rwApHepc+kIgJt Ek6wLRR/nsTueEgW5uv4UaihEH5kv4aUVZ+WAFwgn/dqz2sxx0FJo+A5PMPSVVCZ TPS6JqMdExjDPhbTdo8d7DQ9VDugIPbbNS2+rEq8xE27ZS5TZjwearBpD2dceimD T3kIrYPIg9QIk5/LNVvIAVRze04z3DON2uwsvHtrNJezFvSmZfPp6YiruhuzsJcM BH9kzsiZm3EpixLQWzIhBC2vlCdiinoy2zgE12DWKNRQJz35Jdw8rSO9De4t6A16 7HiERNQOkdPAHDuZolRLSZwoWnGvsxySJmMzV4I0+SzkI96tOnBZ8jpsLKoBT9YF iPzNSphZM6O0XJDa6vavPQCHIgUQllb0O7HbuhSLS3uTyYkiZf/orvxTgLkPR0+2 J2cw5y8tEtQtsONQvcTI3bHztRAuEQyw9F9BYRkcJoWkLJ+rXTJQ+/jxnN9+Ko4r gy8sbyvW6WJEdUgyZm4Adsvh+KottEOh8MR5ReLTdnB7mdKceVvL+ujlTOs8jncQ XJXRoNpKzRz7kIJ5ptTWciL5pJpnFRUNDp98drQP8GRCIJrEAvBUpqCa8bfTItBr gBwVg+Pue+M= =L+xv -----END PGP SIGNATURE-----