JPCERT-AT-2017-0032 JPCERT/CC 2017-08-09 <<< JPCERT/CC Alert 2017-08-09 >>> Microsoft Releases August 2017 Security Updates https://www.jpcert.or.jp/english/at/2017/at170032.html I. Overview Microsoft has released August 2017 Security Updates. This contains updates that are rated as "critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code. Details on the vulnerabilities can be found at the following URL: August 2017 Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99 [Vulnerabilities addressed (Including Security Update Programs rated as "critical")] * Listing up Microsoft Knowledge Base (KB) that are rated as "critical" ADV170010 August Flash Security Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170010 - KB4034662 CVE-2017-0250 Microsoft JET Database Engine Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0250 - KB4034658, KB4034660, KB4034664, KB4034665, KB4034666, KB4034668, KB4034672, KB4034674, KB4034679, KB4034681, KB4034775 CVE-2017-0293 Windows PDF Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0293 - KB4034658, KB4034660, KB4034664, KB4034665, KB4034666, KB4034668, KB4034672, KB4034674, KB4034679, KB4034681 CVE-2017-8591 Windows IME Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8591 - KB4034658, KB4034660, KB4034665, KB4034666, KB4034668, KB4034672, KB4034674, KB4034681 CVE-2017-8620 Windows Search Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8620 - KB4034034, KB4034658, KB4034660, KB4034664, KB4034665, KB4034666, KB4034668, KB4034672, KB4034674, KB4034679, KB4034681 CVE-2017-8622 Windows Subsystem for Linux Elevation of Privilege Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8622 - KB4034674 CVE-2017-8634 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8634 - KB4034674 CVE-2017-8635 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8635 - KB4034658, KB4034660, KB4034668, KB4034674, KB4034681, KB4034733 CVE-2017-8636 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8636 - KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681 KB4034733 CVE-2017-8638 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8638 - KB4034674 CVE-2017-8639 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8639 - KB4034658, KB4034674 CVE-2017-8640 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8640 - KB4034658, KB4034660, KB4034668, KB4034674 CVE-2017-8641 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8641 - KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681 KB4034733 CVE-2017-8645 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8645 - KB4034658, KB4034660, KB4034674 CVE-2017-8646 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8646 - KB4034658, KB4034660, KB4034674 CVE-2017-8647 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8647 - KB4034674 CVE-2017-8653 Microsoft Browser Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8653 - KB4034658, KB4034660, KB4034664, KB4034668, KB4034674, KB4034681 KB4034733 CVE-2017-8655 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8655 - KB4034658, KB4034660, KB4034668, KB4034674 CVE-2017-8656 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8656 - KB4034658, KB4034674 CVE-2017-8657 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8657 - KB4034658, KB4034660, KB4034674 CVE-2017-8661 Microsoft Edge Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8661 - KB4034658, KB4034674 CVE-2017-8669 Microsoft Browser Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8669 - KB4034658, KB4034660, KB4034668, KB4034674, KB4034681, KB4034733 CVE-2017-8670 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8670 - KB4034658, KB4034674 CVE-2017-8671 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8671 - KB4034658, KB4034660, KB4034674 CVE-2017-8672 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8672 - KB4034658, KB4034660, KB4034674 CVE-2017-8674 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8674 According to Microsoft, attacks leveraging the vulnerabilities has not been observed in the wild. However, please apply the security update programs as soon as possible. II. Solution Please apply the security update programs through Microsoft Update, Windows Update, etc. as soon as possible. Microsoft Update / Windows Update http://www.update.microsoft.com/ Microsoft Update Catalog https://catalog.update.microsoft.com/ III. References Microsoft Corporation August 2017 Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99 Microsoft Corporation Microsoft Security Updates for August 2017 (Monthly) (Japanese) https://blogs.technet.microsoft.com/jpsecurity/2017/08/09/201708-security-bulletin/ Microsoft Corporation Windows Update: FAQ https://support.microsoft.com/en-us/help/12373/windows-update-faq Adobe Systems Incorporated Security updates available for Flash Player | APSB17-23 https://helpx.adobe.com/security/products/flash-player/apsb17-23.html JPCERT/CC Alert Regarding Vulnerabilities in Adobe Flash Player (APSB17-23) https://www.jpcert.or.jp/english/at/2017/at170030.html If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/