June 2017 - Microsoft Releases 15 Security Patches
Advisory Date: JUN 14, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its June batch of patches:
- MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Risk Rating: Critical
This security update resolves a vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. - MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
Risk Rating: Critical
This security update resolves three vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. - MS10-061 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
Risk Rating: Critical
This security update resolves a vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. - MS14-068 | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
Risk Rating: Critical
This security update resolves a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. - MS17-010 | Security Update for Microsoft Windows SMB Server (4013389)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. - MS17-013 | Security Update for Microsoft Graphics Component (4013075)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. - CVE-2017-0176 | Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 )
Risk Rating: Critical
A remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. - CVE-2017-0222| Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222)
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. - CVE-2017-0231 | Microsoft Browser Spoofing Vulnerability
Risk Rating: Critical
This vulnerability exists in Internet Explorer 11 and Microsoft Edge browsers. The vulnerability lies in the rendering of SmartScreen Filter. - CVE-2017-0267 - CVE-2017-0280 | Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280)
Risk Rating: Critical
Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server. - CVE-2017-7269 | WebDAV Remote Code Execution Vulnerability (CVE-2017-7269)
Risk Rating: Critical
A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. - CVE-2017-8461 | Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
Risk Rating: Critical
A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - CVE-2017-8464 | LNK Remote Code Execution Vulnerability (CVE-2017-8464)
Risk Rating: Critical
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. - CVE-2017-8487 | Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487)
Risk Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. - CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
Risk Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. - CVE-2017-8552 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
CVE-2017-8529 | 1008444 | Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2017-8529) | 14-June-17 | YES |
CVE-2017-8547 | 1008446 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547) | 14-June-17 | YES |
CVE-2017-8509 | 1008441 | Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509) | 14-June-17 | YES |
CVE-2017-8464 | 1008435 | Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464) | 14-June-17 | YES |
CVE-2017-8346 | 1008428 | ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) | 14-June-17 | YES |
CVE-2017-8496 | 1008439 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496) | 14-June-17 | YES |
CVE-2017-0215 | 1008434 | Microsoft Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215) | 14-June-17 | YES |
CVE-2017-8510 | 1008442 | Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510) | 14-June-17 | YES |
CVE-2017-8465, CVE-2017-8466, CVE-2017-8468 | 1008448 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (June-2017) | 14-June-17 | YES |
CVE-2017-8497 | 1008440 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497) | 14-June-17 | YES |
CVE-2017-8524 | 1008443 | Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524) | 14-June-17 | YES |