JPCERT-AT-2017-0022
JPCERT/CC
2017-06-14
<<< JPCERT/CC Alert 2017-06-14 >>>
Microsoft Releases June 2017 Security Updates
https://www.jpcert.or.jp/english/at/2017/at170022.html
I. Overview
Microsoft has released June 2017 Security Updates. This contains updates
that are rated as "critical". Remote attackers leveraging these
vulnerabilities may be able to execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
June 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
ADV170007
June Flash Security Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170007
- KB4022730
CVE-2017-0283
Windows Uniscribe Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0283
- KB3191837, KB3191844, KB3191939, KB3203382, KB3203427, KB4020732,
KB4020733, KB4020734, KB4020735, KB4020736, KB4022714, KB4022715,
KB4022717, KB4022718, KB4022719, KB4022722, KB4022724, KB4022725,
KB4022726, KB4022727, KB4022884, KB4023307
CVE-2017-0291
Windows PDF Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0291
- KB4022714, KB4022715, KB4022717, KB4022718, KB4022724, KB4022725,
KB4022726, KB4022727
CVE-2017-0292
Windows PDF Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0292
- KB4022714, KB4022715, KB4022717, KB4022718, KB4022724, KB4022725,
KB4022726, KB4022727
CVE-2017-0294
Windows Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0294
- KB4022008, KB4022714, KB4022715, KB4022717, KB4022718, KB4022719,
KB4022722, KB4022724, KB4022725, KB4022726, KB4022727
CVE-2017-8464
LNK Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464
- KB4021903, KB4022714, KB4022715, KB4022717, KB4022718, KB4022719,
KB4022722, KB4022724, KB4022725, KB4022726, KB4022727
CVE-2017-8496
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8496
- KB4022715
CVE-2017-8497
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8497
- KB4022715
CVE-2017-8499
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8499
- KB4022725
CVE-2017-8517
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8517
- KB4021558, KB4022714, KB4022715, KB4022725, KB4022726, KB4022727
CVE-2017-8520
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8520
- KB4022725
CVE-2017-8522
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8522
- KB4021558, KB4022714, KB4022715, KB4022725, KB4022726, KB4022727
CVE-2017-8524
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8524
- KB4021558, KB4022714, KB4022715, KB4022725, KB4022726, KB4022727
CVE-2017-8527
Windows Graphics Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8527
- KB3191837, KB3191844, KB3191939, KB3203382, KB4022714, KB4022715,
KB4022717, KB4022718, KB4022719, KB4022722, KB4022724, KB4022725,
KB4022726, KB4022727, KB4022884, KB4023307
CVE-2017-8528
Windows Uniscribe Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8528
- KB3191828, KB3191848, KB4022717, KB4022718, KB4022719, KB4022722,
KB4022724, KB4022726, KB4022884
CVE-2017-8543
Windows Search Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8543
- KB4022714, KB4022715, KB4022717, KB4022718, KB4022719, KB4022722,
KB4022724, KB4022725, KB4022726, KB4022727, KB4024402
CVE-2017-8548
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8548
- KB4022714, KB4022715, KB4022725, KB4022727
CVE-2017-8549
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8549
- KB4022714, KB4022715, KB4022725, KB4022727
According to Microsoft, attacks leveraging the vulnerabilities
CVE-2017-8464 (Critical) and CVE-2017-8543 (Critical) have been observed
in the wild.
Please apply the security update programs as soon as possible.
In addition, related to this security update release, Microsoft has
also released the security update programs for Microsoft Windows XP
and Windows Server 2003 which is no longer supported.
For details, please refer to the follwing.
Guidance related to June 2017 security update release
https://technet.microsoft.com/en-us/library/security/4025685
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update
http://www.update.microsoft.com/
Windows Update
http://windowsupdate.microsoft.com/
Microsoft Update Catalog
https://catalog.update.microsoft.com/
The security update programs for Microsoft Windows XP and Windows Server
2003 which is no longer supported are available from Microsoft Update
Catalog or the link to the download center at the following URL.
Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms
III. References
Microsoft Corporation
June 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99
Microsoft Corporation
Microsoft Security Updates for June 2017 (Monthly) (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2017/05/10/201705-security-update/
Microsoft Corporation
Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms
Microsoft Corporation
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Adobe Systems Incorporated
Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
JPCERT/CC
Alert Regarding Vulnerabilities in Adobe Flash Player (APSB17-17)
https://www.jpcert.or.jp/english/at/2017/at170021.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top