Summer Security: Another Backlog of Updates
Microsoft announced it is making multiple updates to historic content for critical security updates.
These are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new and some are for older platforms that we are making publicly available today.
$8 Trillion Dollars
The ransomware crisis that swept the world last month highlights what we’ve known for years: the global IT infrastructure is incredibly vulnerable. If you need any more convincing, cybercrime is estimated to cost global business $8 trillion in the next five years.
The following table summarizes the updates available for vulnerabilities that Microsoft presumes to be at risk of imminent attack. Customers should prioritize deployment of these updates and plan to migrate to supported platforms if you have not already done so.
Robert Brown, Director of Services for Verismic says: “As we saw last month, ransomware has the ability to infiltrate the largest companies in the world, if those companies fail to patch their systems.”START FREE TRIAL
Microsoft Updates
Microsoft have taken another unprecedented step of releasing old content in order to protect their customers. In case Microsoft knows something we don’t, we recommend deploying these updates as quickly as possible where needed. Full details of the Microsoft statement can be found here.
| Bulletin or CVE ID | Title and Executive Summary | Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
| MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644) This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft, Windows XP and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| MS10-061 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| MS14-068 | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. |
Critical Elevation of Privilege |
Restart required | Microsoft Windows |
| MS17-010 | Security Update for Microsoft Windows SMB Server (4013389) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| MS17-013 | Security Update for Microsoft Graphics Component (4013075) This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. |
Critical
Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-0176 | Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 ) A remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-0222 | Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222) A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Critical Remote Code Execution |
Restart required | Microsoft Internet Explorer |
| CVE-2017-0267 – CVE-2017-0280 | Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280 Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-7269 | WebDAV Remote Code Execution Vulnerability (CVE-2017-7269) A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-8461 | Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461) A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-8464 | LNK Remote Code Execution Vulnerability (CVE-2017-8464) A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-8487 | Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487) A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability (CVE-2017-8543) A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Critical Remote Code Execution |
Restart required | Microsoft Windows |
| CVE-2017-8552 | Win32k Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Important Remote Code Execution |
Restart required | Microsoft Windows |
Microsoft have addressed 94 vulnerabilities in Windows, Internet Explorer, Edge, Office, and SharePoint. The vulnerabilities could allow an attacker to execute arbitrary code, gain escalated privileges, bypass security protections, view sensitive information, or cause a denial of service. We have chosen a few updates to prioritize this mont. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
| Bulletin or CVE ID | Vulnerability Alert | CVSS Base Score | Recommended |
| CVE-2017-0283 | Microsoft Windows Uniscribe Remote Code Execution Vulnerability | 8.8 | Yes |
| CVE-2017-8506 | Microsoft Office Arbitrary Code Execution Vulnerability | 8.8 | Yes |
| CVE-2017-8527 | Microsoft Windows Graphics Remote Code Execution Vulnerability | 8.8 | Yes |
| CVE-2017-8528 | Microsoft Windows Uniscribe Remote Code Execution Vulnerability | 8.8 | Yes |
| CVE-2017-8543 | Microsoft Windows Search Arbitrary Code Execution Vulnerability | 8.1 | Yes |
| CVE-2017-0294 | Microsoft Windows Arbitrary Code Execution Vulnerability | 8 | Yes |
| CVE-2017-0193 | Microsoft Windows Hyper-V Hypervisor Privilege Escalation Vulnerability | 7.8 | Yes |
| CVE-2017-0260 | Microsoft Office Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8507 | Microsoft Outlook Memory Corruption Vulnerability | 7.8 | Yes |
| CVE-2017-8509 | Microsoft Office Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8510 | Microsoft Office Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8511 | Microsoft Office Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8512 | Microsoft Office Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8513 | Microsoft PowerPoint Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-8464 | Microsoft Windows Shortcut Handling Arbitrary Code Execution Vulnerability | 7.5 | |
| CVE-2017-8517 | Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability | 7.5 | |
| CVE-2017-8519 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | |
| CVE-2017-8547 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | |
| CVE-2017-8548 | Microsoft Edge Memory Corruption Vulnerability | 7.5 | |
| CVE-2017-0296 | Microsoft Windows TDX Driver Privilege Escalation Vulnerability | 7 | |
| CVE-2017-0297 | Microsoft Windows Kernel Privilege Escalation Vulnerability | 7 | |
| CVE-2017-8465 | Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability | 7 | |
| CVE-2017-8466 | Microsoft Windows Cursor Privilege Escalation Vulnerability | 7 | |
| CVE-2017-8468 | Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability | 7 | |
| CVE-2017-8494 | Microsoft Windows Privilege Escalation Vulnerability | 7 | |
| CVE-2017-0298 | Microsoft Windows COM Session Privilege Escalation Vulnerability | 6.6 | |
| CVE-2017-8514 | Microsoft SharePoint Cross-Site Scripting Vulnerability | 6.4 | |
| CVE-2017-8529 | Microsoft Edge and Internet Explorer Information Disclosure Vulnerability | 6.4 | |
| CVE-2017-8545 | Microsoft Outlook for Mac Security Bypass Vulnerability | 6.1 | |
| CVE-2017-8550 | Microsoft Skype for Business Information Disclosure Vulnerability | 6.1 | |
| CVE-2017-8551 | Microsoft Project Server Cross-Site Scripting Vulnerability | 6.1 | |
| CVE-2017-8493 | Microsoft Windows Security Bypass Vulnerability | 5.6 | |
| CVE-2017-8530 | Microsoft Edge Security Feature Vulnerability | 5.4 | |
| CVE-2017-0173 | Microsoft Windows Device Guard Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0215 | Microsoft Windows Device Guard Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0216 | Microsoft Windows Device Guard Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0218 | Microsoft Windows Device Guard Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0219 | Microsoft Windows Device Guard Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0295 | Microsoft Windows Default Folder Spoofing Vulnerability | 4.8 | |
| CVE-2017-0299 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-0300 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8462 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8469 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8470 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8471 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8472 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8473 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8474 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8475 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8476 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8477 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8478 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8479 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8480 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8481 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8482 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8483 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8484 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8485 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8488 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8489 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8490 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8491 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8492 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8515 | Microsoft Windows Virtual Memory Denial of Service Vulnerability | 4.7 | |
| CVE-2017-8534 | Microsoft Windows Uniscribe Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-8553 | Microsoft Windows Graphics Component Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-0282 | Microsoft Windows Uniscribe Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0284 | Microsoft Windows Uniscribe Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0285 | Microsoft Windows Uniscribe Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0286 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0287 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0288 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0289 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-8531 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-8532 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-8533 | Microsoft Windows Graphics Information Disclosure Vulnerability | 4.4 | |
| CVE-2017-0291 | Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability | 4.3 | |
| CVE-2017-0292 | Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability | 4.3 | |
| CVE-2017-8460 | Microsoft Windows PDF Handling Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-8498 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-8504 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-8508 | Microsoft Outlook Security Bypass Vulnerability | 4.3 | |
| CVE-2017-8523 | Microsoft Edge Security Bypass Vulnerability | 4.3 | |
| CVE-2017-8555 | Microsoft Edge Security Feature Bypass Vulnerability | 4.3 | |
| CVE-2017-8496 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8497 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8499 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8520 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8521 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8522 | Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8524 | Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-8549 | Microsoft Edge Scripting Engine Information Vulnerability | 4.2 | |
| CVE-2017-8544 | Microsoft Windows Search Information Disclosure Vulnerability | 3.3 |
Get Started
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.
START YOUR FREE TRIAL OF SYXSENSE
