Jump to content


Photo

MS Security Updates - June 2017


  • Please log in to reply
2 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,824 posts

Posted 13 June 2017 - 12:52 PM

FYI...

MS Security Updates - June 2017
- https://portal.msrc....curity-guidance
June 13, 2017
> https://portal.msrc....uidance/summary
Total items: 85 [June 14, 2017] / Total items: 88 [June 22, 2017] / Total items: 89 [June 23, 2017]

- https://portal.msrc....db-000d3a32fc99
June 13, 2017 - "The June security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Silverlight
    Skype for Business and Lync
    Adobe Flash Player ..."

June 2017 security update release
- https://blogs.techne...update-release/
June 13, 2017

MS Security Advisory 4025685
Guidance related to June 2017 security update release
- https://technet.micr...ty/4025685.aspx
June 13, 2017

- http://www.securityt....com/id/1038667
CVE Reference: CVE-2017-8543
Jun 13 2017
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
Description: A vulnerability was reported in Windows Search. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted SMB data to trigger an object memory handling error in Windows Search and execute arbitrary code on the target system.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix.
- https://portal.msrc....y/CVE-2017-8543
___

June 2017 Office Update Release
- https://blogs.techne...update-release/
June 9, 2017 - "... This month, there are 51 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4023935*.
A new version of Office 2013 Click-To-Run is available: 15.0.4937.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7182.5000"

* https://support.micr...icrosoft-office
Last Review: Jun 13, 2017 - Rev: 9
___

Additional references:
- http://www.securityt....com/id/1038659
- http://www.securityt....com/id/1038661
- http://www.securityt....com/id/1038662
- http://www.securityt....com/id/1038663
- http://www.securityt....com/id/1038664
- http://www.securityt....com/id/1038666
- http://www.securityt....com/id/1038667
- http://www.securityt....com/id/1038668
- http://www.securityt....com/id/1038669
- http://www.securityt....com/id/1038670
- http://www.securityt....com/id/1038671
- http://www.securityt....com/id/1038673
- http://www.securityt....com/id/1038674
- http://www.securityt....com/id/1038675
- http://www.securityt....com/id/1038676
- http://www.securityt....com/id/1038678
- http://www.securityt....com/id/1038680

- http://www.securityt....com/id/1038701
- http://www.securityt....com/id/1038702
Jun 15 2017
___

ghacks Analysis:
- https://www.ghacks.n...e-2017-release/
Microsoft Security Patches for June 2017 - [See 'Executive Summary']

- https://www.thezdi.c...y-update-review
June 13, 2017 - [Scroll down to: 'Microsoft Patches for June 2017']

Qualys Analysis:
- https://blog.qualys....ive-june-update
June 13, 2017 - "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months... Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543* and other Font, Outlook, Office, Edge and IE issues are sure to keep system administrators and security teams busy."
* https://portal.msrc....y/CVE-2017-8543
___

- https://www.us-cert....ecurity-Updates
June 13, 2017
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 23 June 2017 - 11:52 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,824 posts

Posted 19 June 2017 - 02:54 PM

FYI...

MS Security Advisory 4025685: Guidance for older platforms
- https://support.micr...older-platforms
Last Review: 19-Jun-2017 - Rev: 26
___

Cumulative security update for Internet Explorer
- https://support.micr...er-june-13-2017
Last Review: Jun 23, 2017 - Rev: 5
"... Known issues in this security update:
When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:
404 – Not Found
(A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)
This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.
There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.
Microsoft is researching this problem and will post more information in this article when the information becomes available."
___

Description of the security update for Outlook 2010
- https://support.micr...2010june13,2017
Last Review: Jun 20, 2017 - Rev: 19
"... Known issues in this security update: ..."
 

:ninja: :ninja:


Edited by AplusWebMaster, 23 June 2017 - 04:58 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,824 posts

Posted 23 June 2017 - 11:14 AM

FYI...

June 2017 Security Updates
> https://portal.msrc....db-000d3a32fc99
See: "... Known Issues..." ref. KB numbers listed
Jun 23, 2017
___

CVE-2017-8558 | MS Malware Protection Engine Remote Code Execution Vuln
- https://portal.msrc....y/CVE-2017-8558
6/23/2017
- http://www.securityt....com/id/1038783
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
The following product versions are affected:
Microsoft Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Windows Intune Endpoint Protection ...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

- http://www.securityt....com/id/1038784
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
Microsoft Security Essentials is also affected...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

CVE-2017-8529 | MS Browser Information Disclosure Vuln
- https://portal.msrc....y/CVE-2017-8529
Last Updated: 06/22/2017
v3.0 - 06/22/2017: Microsoft is announcing the release of update 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to address a known issue customers may experience when printing from Internet Explorer. Only customers who are experiencing print issues after installing Internet Explorer Cumulative update 4021558 should install update 4032782 because update 4032782 addresses the known issue by removing the protection from CVE-2017-8529. The update is available via the Microsoft Update Catalog only.
___

- http://windowssecret...from-last-week/
June 22, 2017 - "... known issues have been documented... Office known issues... there will be an update expected on June 27th fixing the issue..."
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, Yesterday, 08:06 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!