JPCERT-AT-2017-0032
JPCERT/CC
2017-08-09
<<< JPCERT/CC Alert 2017-08-09 >>>
Microsoft Releases August 2017 Security Updates
https://www.jpcert.or.jp/english/at/2017/at170032.html
I. Overview
Microsoft has released August 2017 Security Updates. This contains
updates that are rated as "critical". Remote attackers leveraging these
vulnerabilities may be able to execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
August 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
ADV170010
August Flash Security Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170010
- KB4034662
CVE-2017-0250
Microsoft JET Database Engine Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0250
- KB4034658, KB4034660, KB4034664, KB4034665, KB4034666, KB4034668,
KB4034672, KB4034674, KB4034679, KB4034681, KB4034775
CVE-2017-0293
Windows PDF Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0293
- KB4034658, KB4034660, KB4034664, KB4034665, KB4034666, KB4034668,
KB4034672, KB4034674, KB4034679, KB4034681
CVE-2017-8591
Windows IME Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8591
- KB4034658, KB4034660, KB4034665, KB4034666, KB4034668, KB4034672,
KB4034674, KB4034681
CVE-2017-8620
Windows Search Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8620
- KB4034034, KB4034658, KB4034660, KB4034664, KB4034665, KB4034666,
KB4034668, KB4034672, KB4034674, KB4034679, KB4034681
CVE-2017-8622
Windows Subsystem for Linux Elevation of Privilege Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8622
- KB4034674
CVE-2017-8634
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8634
- KB4034674
CVE-2017-8635
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8635
- KB4034658, KB4034660, KB4034668, KB4034674, KB4034681, KB4034733
CVE-2017-8636
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8636
- KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681
KB4034733
CVE-2017-8638
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8638
- KB4034674
CVE-2017-8639
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8639
- KB4034658, KB4034674
CVE-2017-8640
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8640
- KB4034658, KB4034660, KB4034668, KB4034674
CVE-2017-8641
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8641
- KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681
KB4034733
CVE-2017-8645
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8645
- KB4034658, KB4034660, KB4034674
CVE-2017-8646
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8646
- KB4034658, KB4034660, KB4034674
CVE-2017-8647
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8647
- KB4034674
CVE-2017-8653
Microsoft Browser Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8653
- KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681
KB4034733
CVE-2017-8655
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8655
- KB4034658, KB4034660, KB4034668, KB4034674
CVE-2017-8656
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8656
- KB4034658, KB4034674
CVE-2017-8657
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8657
- KB4034658, KB4034660, KB4034674
CVE-2017-8661
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8661
- KB4034658, KB4034674
CVE-2017-8669
Microsoft Browser Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8669
- KB4034658, KB4034660, KB4034668, KB4034674, KB4034681, KB4034733
CVE-2017-8670
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8670
- KB4034658, KB4034674
CVE-2017-8671
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8671
- KB4034658, KB4034660, KB4034674
CVE-2017-8672
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8672
- KB4034658, KB4034660, KB4034674
CVE-2017-8674
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8674
According to Microsoft, attacks leveraging the vulnerabilities
has not been observed in the wild. However, please apply the
security update programs as soon as possible.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update / Windows Update
http://www.update.microsoft.com/
Microsoft Update Catalog
https://catalog.update.microsoft.com/
III. References
Microsoft Corporation
August 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
Microsoft Corporation
Microsoft Security Updates for August 2017 (Monthly) (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2017/08/09/201708-security-bulletin/
Microsoft Corporation
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Adobe Systems Incorporated
Security updates available for Flash Player | APSB17-23
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
JPCERT/CC
Alert Regarding Vulnerabilities in Adobe Flash Player (APSB17-23)
https://www.jpcert.or.jp/english/at/2017/at170030.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top