July 2017 - Microsoft Releases 54 Security Patches
Publish date: August 18, 2017
Advisory Date: JUL 11, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its July batch of patches:
- CVE-2017-0243 | Microsoft Office Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. This security update addresses the vulnerability by correcting how Microsoft Office handles files in memory. - CVE-2017-8569 | SharePoint Server XSS Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. - CVE-2017-8570 | Microsoft Office Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory. - CVE-2017-8573 | Microsoft Graphics Component Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8574 | Microsoft Graphics Component Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8577 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8578 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8580 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8581 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. The update addresses the vulnerability by correcting how the Windows kernel-mode driver handles objects in memory. - CVE-2017-8582 | Https.sys Information Disclosure Vulnerability
Risk Rating: Important
An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory. The update addresses the vulnerability by correcting how the HTTP.sys server application handles objects in memory. - CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting how Hololens handles objects in memory. - CVE-2017-8585 | .NET Denial of Service Vulnerability
Risk Rating: Important
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. The update addresses the vulnerability by correcting how the .NET web application handles web requests. - CVE-2017-8587 | Windows Explorer Denial of Service Vulnerability
Risk Rating: Important
An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service. The update addresses the vulnerability by correcting how Windows Explorer handles open attempts for non-existent files. - CVE-2017-8588 | WordPad Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. The update addresses the vulnerability by correcting the way that Microsoft WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft WordPad will leverage to resolve the identified issue. - CVE-2017-8589 | Windows Search Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - CVE-2017-8590 | Windows CLFS Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.The update addresses the vulnerability by correcting how CLFS handles objects in memory. - CVE-2017-8592 | Microsoft Browser Security Feature Bypass
Risk Rating: Important
A security feature bypass vulnerability exists when Microsoft Browsers improperly handle redirect requests. This vulnerability allows Microsoft Browsers to bypass CORS redirect restrictions and to follow redirect requests that should otherwise be ignored. The security update addresses the vulnerability by modifying how affected Microsoft Browsers handle redirect requests. - CVE-2017-8594 | Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-8595 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8596 | Microsoft Edge Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8617 | Microsoft Edge Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8618 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Moderate
A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory. - CVE-2017-8619 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8621 | Microsoft Exchange Open Redirect Vulnerability
Risk Rating: Moderate
An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. The update addresses the vulnerability by correcting how Exchange handles open redirect requests. - CVE-2017-0170 | Windows Performance Monitor Information Disclosure Vulnerability
Risk Rating: Moderate
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. The update addresses the vulnerability by modifying the way that the Windows Performance Monitor Console parses XML input. - CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be less affected. The update addresses the vulnerability by correcting how Windows Explorer handles executable files and shares during rename operations. - CVE-2017-8467 | Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8486 | Win32k Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Win32k handles objects in memory. - CVE-2017-8495 | Kerberos SNAME Security Feature Bypass Vulnerability
Risk Rating: Important
A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. The update addresses this vulnerability by adding integrity protection to the SNAME field. - CVE-2017-8501 | Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory. The security update addresses the vulnerability by correcting how Office handles objects in memory. - CVE-2017-8502 | Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory. - CVE-2017-8556 | Microsoft Graphics Component Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory. - CVE-2017-8557 | Windows System Information Console Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input. - CVE-2017-8560 | Microsoft Exchange Cross-Site Scripting Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests. - CVE-2017-8559 | Microsoft Exchange Cross-Site Scripting Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests. - CVE-2017-8561| Windows Kernel Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. - CVE-2017-8562 | Windows ALPC Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). The update addresses the vulnerability by correcting how Windows handles calls to ALPC. - CVE-2017-8563 | Windows Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. The update addresses this vulnerability by incorporating enhancements to authentication protocols designed to mitigate authentication attacks. It revolves around the concept of channel binding information. - CVE-2017-8564 | Windows Kernel Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. - CVE-2017-8565 | Windows PowerShell Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.The update addresses the vulnerability by correcting how PowerShell deserializes user supplied scripts. - CVE-2017-8566| Windows IME Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The security update addresses this vulnerability by correcting how Windows IME handles parameters in a method of a DCOM class. - CVE-2017-8598 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8599| Microsoft Edge Security Feature Bypass Vulnerability
Risk Rating: Important
A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content. The update addresses the vulnerability by correcting the Same Origin Policy check for scripts attempting to manipulate HTML elements in other browser windows. - CVE-2017-8601 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the Chakra JavaScript scripting engine handles objects in memory. - CVE-2017-8602 | Microsoft Browser Spoofing Vulnerability
Risk Rating: Important
A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.The security update addresses the vulnerability by correcting how Microsoft browsers parse HTTP responses. - CVE-2017-8603 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8604 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8605 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8606 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Moderate
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory. - CVE-2017-8607 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory. - CVE-2017-8608 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory. - CVE-2017-8609 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Moderate
A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the Scripting Engine handles objects in memory. - CVE-2017-8610 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-8611 | Microsoft Edge Spoofing Vulnerability
Risk Rating: Moderate
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
CVE-2017-8617 | 1008486 | Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617) | 11-Jul-17 | YES |
CVE-2017-8598 | 1008483 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8598) | 11-Jul-17 | YES |
CVE-2017-8601 | 1008484 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601) | 11-Jul-17 | YES |
CVE-2017-8605 | 1008485 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605) | 11-Jul-17 | YES |
CVE-2017-8619 | 1008487 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8619) | 11-Jul-17 | YES |
CVE-2017-8594 | CVE-2017-8594 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594) | 11-Jul-17 | YES |
CVE-2017-8618 | 1008488 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-8618) | 11-Jul-17 | YES |
CVE-2017-0243 | 1008340 | Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243) | 11-Jul-17 | YES |
CVE-2017-8592 | 1008481 | Microsoft Windows Security Feature Bypass Vulnerability (CVE-2017-8592) | 11-Jul-17 | YES |
CVE-2017-8577 | 1008489 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities | 11-Jul-17 | YES |
CVE-2017-8578 | 1008489 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities | 11-Jul-17 | YES |
CVE-2017-8580 | 1008489 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities | 11-Jul-17 | YES |
SOLUTION
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more