JPCERT-AT-2017-0036 JPCERT/CC 2017-09-13 <<< JPCERT/CC Alert 2017-09-13 >>> Microsoft Releases September 2017 Security Updates https://www.jpcert.or.jp/english/at/2017/at170036.html I. Overview Microsoft has released September 2017 Security Updates. This contains updates that are rated as "critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code. Details on the vulnerabilities can be found at the following URL: September 2017 Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99 [Vulnerabilities addressed (Including Security Update Programs rated as "critical")] * Listing up Microsoft Knowledge Base (KB) that are rated as "critical" ADV170013 September 2017 Flash Security Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170013 - KB4038806 CVE-2017-0161 NetBIOS Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0161 - KB4038777, KB4038779, KB4038781, KB4038782, KB4038783, KB4038786, KB4038788, KB4038792, KB4038793, KB4038799 CVE-2017-8649 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8649 - KB4038782, KB4038788 CVE-2017-8660 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8660 - KB4038782, KB4038783, KB4038788 CVE-2017-8676 Windows GDI+ Information Disclosure Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8676 - KB4011134 CVE-2017-8682 Win32k Graphics Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8682 - KB3213638, KB3213641, KB4011134, KB4038777, KB4038779, KB4038781 KB4038782, KB4038783, KB4038786, KB4038788, KB4038792, KB4038793 KB4038799, KB4039384 CVE-2017-8686 Windows DHCP Server Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8686 - KB4038782, KB4038786, KB4038792, KB4038793, KB4038799 CVE-2017-8696 Microsoft Graphics Component Remote Code Execution https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8696 - KB3213631, KB3213632, KB3213649, KB4011125, KB4038777, KB4038779 KB4039384 CVE-2017-8728 Microsoft PDF Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8728 - KB4038781, KB4038782, KB4038783, KB4038786, KB4038788, KB4038792 KB4038793, KB4038799 CVE-2017-8729 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8729 - KB4038788 CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8731 - KB4038782 CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8734 - KB4038781, KB4038782, KB4038783, KB4038788 CVE-2017-8737 Microsoft PDF Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8737 - KB4038781, KB4038782, KB4038783, KB4038788, KB4038792, KB4038793 CVE-2017-8738 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8738 - KB4038781, KB4038782, KB4038783 CVE-2017-8740 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8740 - KB4038788 CVE-2017-8741 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8741 - KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788 KB4038792 CVE-2017-8747 Internet Explorer Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8747 - KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788 KB4038792 CVE-2017-8748 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8748 - KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788 KB4038792 CVE-2017-8749 Internet Explorer Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8749 - KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788 KB4038792 CVE-2017-8750 Microsoft Browser Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8750 - KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788 KB4038792 CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8751 - KB4038788 CVE-2017-8752 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8752 - KB4038782, KB4038783, KB4038788 CVE-2017-8753 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8753 - KB4038781, KB4038782, KB4038783, KB4038788 CVE-2017-8755 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8755 - KB4038782, KB4038783, KB4038788 CVE-2017-8756 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8756 - KB4038781, KB4038782, KB4038783, KB4038788 CVE-2017-8757 Microsoft Edge Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8757 - KB4038781, KB4038782, KB4038783, KB4038788 CVE-2017-11764 Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11764 - KB4038782, KB4038788 CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11766 - KB4038781, KB4038782, KB4038783, KB4038788 According to Microsoft, attacks leveraging the vulnerability CVE-2017-8759 (Important) has been observed in the wild. please apply the Please apply the security update programs as soon as possible. II. Solution Please apply the security update programs through Microsoft Update, Windows Update, etc. as soon as possible. Microsoft Update / Windows Update http://www.update.microsoft.com/ Microsoft Update Catalog https://catalog.update.microsoft.com/ III. References Microsoft Corporation September 2017 Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99 Microsoft Corporation Microsoft Security Updates for September 2017 (Monthly) (Japanese) https://blogs.technet.microsoft.com/jpsecurity/2017/09/13/201709-security-bulletin/ Microsoft Corporation Windows Update: FAQ https://support.microsoft.com/en-us/help/12373/windows-update-faq Adobe Systems Incorporated Security updates available for Flash Player | APSB17-28 https://helpx.adobe.com/security/products/flash-player/apsb17-28.html JPCERT/CC Alert Regarding Vulnerabilities in Adobe Flash Player (APSB17-28) https://www.jpcert.or.jp/at/2017/at170035.html If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/