Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET Framework CVE-2017-8759 .NET Framework Remote Code Execution Vulnerability
Adobe Flash Player ADV170013 September 2017 Flash Security Update
Device Guard CVE-2017-8746 Device Guard Security Feature Bypass Vulnerability
HoloLens CVE-2017-9417 Broadcom BCM43xx Remote Code Execution Vulnerability
Internet Explorer CVE-2017-8749 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-8747 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-8733 Internet Explorer Spoofing Vulnerability
Microsoft Bluetooth Driver CVE-2017-8628 Microsoft Bluetooth Driver Spoofing Vulnerability
Microsoft Browsers CVE-2017-8736 Microsoft Browser Information Disclosure Vulnerability
Microsoft Browsers CVE-2017-8750 Microsoft Browser Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8757 Microsoft Edge Remote Code Execution Vulnerability
Microsoft Edge CVE-2017-8597 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8723 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8648 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8735 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2017-8755 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8754 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8724 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8756 Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability
Microsoft Graphics Component CVE-2017-8688 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8685 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8695 Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8683 Win32k Graphics Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8696 Microsoft Graphics Component Remote Code Execution
Microsoft Graphics Component CVE-2017-8684 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8682 Win32k Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2017-8720 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2017-8676 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8725 Microsoft Office Publisher Remote Code Execution
Microsoft Office CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8743 PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2017-8742 PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2017-8745 Microsoft SharePoint Cross Site Scripting Vulnerability
Microsoft Office CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8567 Microsoft Office Remote Code Execution
Microsoft Office ADV170015 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2017-8629 Microsoft SharePoint XSS Vulnerability
Microsoft Office CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8738 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8729 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8739 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-8740 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8741 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8649 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8660 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8748 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11764 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8752 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8753 Scripting Engine Memory Corruption Vulnerability
Microsoft Uniscribe CVE-2017-8692 Uniscribe Remote Code Execution Vulnerability
Microsoft Windows CVE-2017-8699 Windows Shell Remote Code Execution Vulnerability
Microsoft Windows CVE-2017-8710 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2017-8716 Windows Security Feature Bypass Vulnerability
Microsoft Windows CVE-2017-8702 Windows Elevation of Privilege Vulnerability
Microsoft Windows PDF CVE-2017-8737 Microsoft PDF Remote Code Execution Vulnerability
Microsoft Windows PDF CVE-2017-8728 Microsoft PDF Remote Code Execution Vulnerability
Windows DHCP Server CVE-2017-8686 Windows DHCP Server Remote Code Execution Vulnerability
Windows Hyper-V CVE-2017-8712 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8713 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8714 Remote Desktop Virtual Host Remote Code Execution Vulnerability
Windows Hyper-V CVE-2017-8711 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8707 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8704 Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2017-8706 Hyper-V Information Disclosure Vulnerability
Windows Kernel CVE-2017-8719 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8708 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8679 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8709 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8687 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8681 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8675 Win32k Elevation of Privilege Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8678 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8677 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8680 Win32k Information Disclosure Vulnerability
Windows NetBIOS CVE-2017-0161 NetBIOS Remote Code Execution Vulnerability

CVE-2017-8597 - Microsoft Edge Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8597
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by changing how Microsoft Edge handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8597
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8597 Liu Long of Qihoo 360Vulcan Team
http://www.360.com/


CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8629
MITRE
NVD
CVE Title: Microsoft SharePoint XSS Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8629
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Server 2013 Service Pack 1 4011113 (Security Update) Important Elevation of Privilege 3203387 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8629 Jayson GraceSandia National Laboratories
www.sandia.gov


CVE-2017-8630 - Microsoft Office Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8630
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8630
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2016 (32-bit edition) 3203474 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 3203474 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8630 Debasish Mandal of McAfee IPS Vulnerability Research
https://twitter.com/debasishm89,https://www.mcafee.com/


CVE-2017-8631 - Microsoft Office Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8631
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8631
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions) 3191831 (Security Update) Important Remote Code Execution 3178678 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions) 3191831 (Security Update) Important Remote Code Execution 3178678 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 4011056 (Security Update) Important Remote Code Execution 3191902 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2007 Service Pack 3 4011062 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4011061 (Security Update) Important Remote Code Execution 3191907 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4011061 (Security Update) Important Remote Code Execution 3191907 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4011108 (Security Update) Important Remote Code Execution 3213537 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4011108 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4011108 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4011050 (Security Update) Important Remote Code Execution 3203477 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4011050 (Security Update) Important Remote Code Execution 3203477 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Excel for Mac 2011 3212225 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Excel Viewer 2007 Service Pack 3 4011065 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel Web App 2013 Service Pack 1 3213562 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Compatibility Pack Service Pack 3 4011064 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2013 Service Pack 1 3213562 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office Online Server 3213658 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8631 Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative


CVE-2017-8632 - Microsoft Office Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8632
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8632
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4011061 (Security Update) Important Remote Code Execution 3191907 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4011061 (Security Update) Important Remote Code Execution 3191907 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4011108 (Security Update) Important Remote Code Execution 3213537 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4011108 (Security Update) Important Remote Code Execution 3213537 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4011108 (Security Update) Important Remote Code Execution 3213537 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4011050 (Security Update) Important Remote Code Execution 3203477 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4011050 (Security Update) Important Remote Code Execution 3203477 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Excel for Mac 2011 3212225 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011064 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8632 Jaanus Kääp Clarified Security


CVE-2017-8675 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8675
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8675
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Elevation of Privilege 4034668 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Elevation of Privilege 4034668 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Elevation of Privilege 4034660 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Elevation of Privilege 4034660 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Elevation of Privilege 4034658 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Elevation of Privilege 4034658 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Elevation of Privilege 4034674 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Elevation of Privilege 4034674 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Elevation of Privilege 4034664
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Elevation of Privilege 4034664
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Elevation of Privilege 4034681
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Elevation of Privilege 4034681
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Elevation of Privilege 4034681 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Elevation of Privilege 4022887 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Elevation of Privilege 4022887 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Elevation of Privilege 4022887 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Elevation of Privilege 4022887 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Elevation of Privilege 4022887 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Elevation of Privilege 4034664
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Elevation of Privilege 4034664
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Elevation of Privilege 4034664
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Elevation of Privilege
4034665
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Elevation of Privilege
4034665
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Elevation of Privilege 4034681
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Elevation of Privilege 4034681
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Elevation of Privilege 4034658 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Elevation of Privilege 4034658 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8675 WenQunWang of Tencent's Xuanwu LAB
http://www.tencent.com/


CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8676
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability.

The security update addresses the vulnerability by correcting how GDI handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8676
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Live Meeting 2007 Add-in 4025869 (Security Update) Important Information Disclosure 4020736 Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Live Meeting 2007 Console 4025868 (Security Update) Important Information Disclosure 4020735 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (32-bit) 4025865 (Security Update) Important Information Disclosure 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (64-bit) 4025865 (Security Update) Important Information Disclosure 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (admin level install) 4025866 (Security Update) Important Information Disclosure 4020733 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (user level install) 4025867 (Security Update) Important Information Disclosure 4020734 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (32-bit) 4011107 (Security Update) Important Information Disclosure 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (64-bit) 4011107 (Security Update) Important Information Disclosure 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (32-bit) 4011107 (Security Update) Important Information Disclosure 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (64-bit) 4011107 (Security Update) Important Information Disclosure 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2007 Service Pack 3 3213641 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213638 (Security Update) Important Information Disclosure 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213638 (Security Update) Important Information Disclosure 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office for Mac 2011 3212225 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Word Viewer 4011134 (Security Update) Critical Information Disclosure 3203484 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (32-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (64-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (32-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (64-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 3.30
Temporal: 3.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8676 bear13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative


Weibo Wang (@ma1fan) of 360 SkyEye Labs
https://twitter.com/ma1fan


CVE-2017-8677 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8677
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8677
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8677 Mateusz Jurczyk, Google Project Zero


fanxiaocao and pjf of IceSword Lab, Qihoo 360
https://twitter.com/TinySecEx,http://weibo.com/jfpan


CVE-2017-8678 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8678
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8678
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8678 fanxiaocao and pjf of IceSword Lab, Qihoo 360
https://twitter.com/TinySecEx,http://weibo.com/jfpan


Mateusz Jurczyk, Google Project Zero


CVE-2017-8679 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8679
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8679
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4038874 (Security Update) Important Information Disclosure 4022013 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4038874 (Security Update) Important Information Disclosure 4022013 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4038874 (Security Update) Important Information Disclosure 4022013 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4038874 (Security Update) Important Information Disclosure 4022013 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4038874 (Security Update) Important Information Disclosure 4022013 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8679 fanxiaocao and pjf of IceSword Lab, Qihoo 360
https://twitter.com/TinySecEx,http://weibo.com/jfpan


CVE-2017-8680 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8680
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8680
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8680 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8681 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8681
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8681
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8681 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8682
MITRE
NVD
CVE Title: Win32k Graphics Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

There are multiple ways an attacker could exploit this vulnerability.

  • In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

  • In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.

The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8682
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 3213641 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213638 (Security Update) Critical Remote Code Execution 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213638 (Security Update) Critical Remote Code Execution 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4011134 (Security Update) Critical Remote Code Execution 3203484 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10 for 32-bit Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Critical Remote Code Execution 4034681 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.40
Temporal: 7.60
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8682 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8683
MITRE
NVD
CVE Title: Win32k Graphics Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8683
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8683 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8684 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8684
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
Description:

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8684
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8684 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8685 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8685
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
Description:

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8685
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8685 Mateusz Jurczyk of Google Project Zero
https://www.google.com


CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8686
MITRE
NVD
CVE Title: Windows DHCP Server Remote Code Execution Vulnerability
Description:

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.

To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed.

The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8686
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8686 None

CVE-2017-8687 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8687
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8687
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8687 Mateusz Jurczyk, Google Project Zero


CVE-2017-8688 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8688
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how GDI+ handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8688
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8688 Weibo Wang (@ma1fan) of 360 Skyeye Labs
https://twitter.com/ma1fan


CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-9417
MITRE
NVD
CVE Title: Broadcom BCM43xx Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Broadcom chipset in HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.

The update addresses the vulnerability by correcting how the Broadcom chipset in HoloLens handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-9417
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 8.80
Temporal: 8.20
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-9417 None

ADV170013 - September 2017 Flash Security Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV170013
MITRE
NVD
CVE Title: September 2017 Flash Security Update
Description:

This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB17-28: CVE-2017-11281, CVE-2017-11282.


FAQ:
How could an attacker exploit these vulnerabilities? 
In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.


Mitigations:

Workarounds:

Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.

  • Prevent Adobe Flash Player from running

    You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.

    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    To set the kill bit for the control in the registry, perform the following steps:

    1. Paste the following into a text file and save it with the .reg file extension.
      Windows Registry Editor Version 5.00
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      "Compatibility Flags"=dword:00000400
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      "Compatibility Flags"=dword:00000400
      
      
    2. Double-click the .reg file to apply it to an individual system.

      You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.

    Note You must restart Internet Explorer for your changes to take effect.

    Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer.

    How to undo the workaround. Delete the registry keys that were added in implementing this workaround.

 

  • Prevent Adobe Flash Player from running in Internet Explorer through Group Policy

    Note The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:

    Group Policy Overview

    What is Group Policy Object Editor?

    Core Group Policy tools and settings

    To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:

    Note This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.

    1. Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.
    2. Navigate to the following node:

      Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Add-on Management
    3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects.
    4. Change the setting to Enabled.
    5. Click Apply and then click OK to return to the Group Policy Management Console.
    6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect.

 

  • Prevent Adobe Flash Player from running in Office 2010 on affected systems

    Note This workaround does not prevent Adobe Flash Player from running in Internet Explorer.

    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

    To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:

    1. Create a text file named Disable_Flash.reg with the following contents:
      Windows Registry Editor Version 5.00
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      "Compatibility Flags"=dword:00000400
      
      
    2. Double-click the .reg file to apply it to an individual system.
    3. Note You must restart Internet Explorer for your changes to take effect.

      You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.

 

  • Prevent ActiveX controls from running in Office 2007 and Office 2010

    To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:

    1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
    2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.
    3. Click OK to save your settings.

    Impact of workaround. Office documents that use embedded ActiveX controls may not display as intended.

    How to undo the workaround.

    To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:

    1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
    2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.
    3. Click OK to save your settings.

 

  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

    You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.

    To raise the browsing security level in Internet Explorer, perform the following steps:

    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Security tab, and then click Internet.
    3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    4. Click Local intranet.
    5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    6. Click OK to accept the changes and return to Internet Explorer.

    Note If no slider is visible, click Default Level, and then move the slider to High.

    Note Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.

    Impact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".

     

  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

    You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:

    1. In Internet Explorer, click Internet Options on the Tools menu.
    2. Click the Security tab.
    3. Click Internet, and then click Custom Level.
    4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    5. Click Local intranet, and then click Custom Level.
    6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    7. Click OK to return to Internet Explorer, and then click OK again.

    Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.

    Impact of workaround. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".

     

  • Add sites that you trust to the Internet Explorer Trusted sites zone

    After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.

    To do this, perform the following steps:

    1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
    2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
    3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
    4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
    5. Repeat these steps for each site that you want to add to the zone.
    6. Click OK two times to accept the changes and return to Internet Explorer.

    Note Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and they require an ActiveX control to install the update.


Revision:
1.0    2017-09-12T07:00:00    Information Published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV170013
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Adobe Flash Player on Windows 10 for 32-bit Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for x64-based Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for 32-bit systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for x64-based systems 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.1 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 R2 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2016 4038806 (Security Update) Critical Remote Code Execution 4034662 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
ADV170013 None

CVE-2017-8744 - Microsoft Office Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8744
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information Published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8744
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 3213646 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213626 (Security Update) Important Remote Code Execution 3203461 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213626 (Security Update) Important Remote Code Execution 3203461 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 3213564 (Security Update) Important Remote Code Execution 3203392 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 3213564 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 3213564 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 3213551 (Security Update) Important Remote Code Execution 3203383 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 3213551 (Security Update) Important Remote Code Execution 3203383 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8744 MSRC Vulnerabilities and Mitigations Team


Lucas Leong of Trend Micro working with Trend Micro's Zero Day Initiative


CVE-2017-8745 - Microsoft SharePoint Cross Site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8745
MITRE
NVD
CVE Title: Microsoft SharePoint Cross Site Scripting Vulnerability
Description:

A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information Published.
Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8745
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Foundation 2013 Service Pack 1 4011117 (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8745 None

CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8737
MITRE
NVD
CVE Title: Microsoft PDF Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit the vulnerability on Windows 10 systems with Microsoft Edge set as the default browser, an attacker could host a specially crafted website that contains malicious PDF content and then convince users to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted PDF content to such sites. Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website. The browsers for all other affected operating systems do not automatically render PDF content, so an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to open a specially crafted PDF document, typically by way of an enticement in an email or instant message or by way of an email attachment.

The update addresses the vulnerability by modifying how affected systems handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Moderate Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8737
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 for 32-bit Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4038782 (Security Update) Moderate Remote Code Execution 4034658 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Critical Remote Code Execution 4034681 Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Moderate Remote Code Execution
4034665
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Moderate Remote Code Execution
4034665
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Moderate Remote Code Execution 4034681
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Moderate Remote Code Execution 4034681
Base: 2.60
Temporal: 2.40
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8737 Giwan Go of STEALIEN & HIT working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2017-8748 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8748
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8748
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 11 on Windows 10 for 32-bit Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4036586 (IE Cumulative)
Critical Remote Code Execution 4034664
4034733
Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4036586 (IE Cumulative)
Critical Remote Code Execution 4034664
4034733
Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4036586 (IE Cumulative)
Critical Remote Code Execution 4034681
4034733
Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4036586 (IE Cumulative)
Critical Remote Code Execution 4034681
4034733
Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4038792 (Monthly Rollup) Critical Remote Code Execution 4034681 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4036586 (IE Cumulative)
Moderate Remote Code Execution 4034664
4034733
Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4038792 (Monthly Rollup)
4036586 (IE Cumulative)
Moderate Remote Code Execution 4034681
4034733
Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4038782 (Security Update) Moderate Remote Code Execution 4034658 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4038782 (Security Update) Moderate Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8748 None

CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8758
MITRE
NVD
CVE Title: Microsoft Exchange Cross-Site Scripting Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link.

The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.

Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8758
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Exchange Server 2016 Cumulative Update 6 4036108 (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8758 Cem Onat Karagun Kocaeli University
https://www.linkedin.com/in/cemkaragun


ADV170015 - Microsoft Office Defense in Depth Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV170015
MITRE
NVD
CVE Title: Microsoft Office Defense in Depth Update
Description:

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Unkwown Defense in Depth

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected Exploitation Detected Not Applicable Yes Yes

Affected Software

The following tables list the affected software details for the vulnerability.

ADV170015
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011063 (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011055 (Security Update) None Defense in Depth 3213624 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011055 (Security Update) None Defense in Depth 3213624 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4011103 (Security Update) None Defense in Depth 3213555 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011103 (Security Update) None Defense in Depth 3213555 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011103 (Security Update) None Defense in Depth 3213555 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011126 (Security Update)
4011038 (Security Update)
None Defense in Depth 3213545
3191943
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011126 (Security Update)
4011038 (Security Update)
None Defense in Depth 3213545
3191943
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2007 Service Pack 3 4011086 (Security Update) None Defense in Depth 3213643 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack 2 (32-bit editions) 4011089 (Security Update) None Defense in Depth 2956078 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack 2 (64-bit editions) 4011089 (Security Update) None Defense in Depth 2956078 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 (32-bit editions) 4011090 (Security Update) None Defense in Depth 4011078 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 (64-bit editions) 4011090 (Security Update) None Defense in Depth 4011078 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 RT Service Pack 1 4011090 (Security Update) None Defense in Depth 4011078 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (32-bit edition) 4011091 (Security Update) None Defense in Depth 4011052 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (64-bit edition) 4011091 (Security Update) None Defense in Depth 4011052 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
ADV170015 None

CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-0161
MITRE
NVD
CVE Title: NetBIOS Remote Code Execution Vulnerability
Description:

A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted system.

An attacker who successfully exploits the vulnerability could execute arbitrary code on the target.

The security update addresses the vulnerability by correcting how NetBT sequences certain operations.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-0161
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Critical Remote Code Execution 4034668 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Critical Remote Code Execution 4034681 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Critical Remote Code Execution
4034665
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Critical Remote Code Execution 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-0161 Peter Hlavaty (@zer0mem), KeenLab, Tencent
https://twitter.com/zer0mem,http://keenlab.tencent.com/en/


CVE-2017-8567 - Microsoft Office Remote Code Execution

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8567
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8567
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel for Mac 2011 3212225 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8567 Jin Chen of Paloaltonetworks
https://www.paloaltonetworks.com/


CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8628
MITRE
NVD
CVE Title: Microsoft Bluetooth Driver Spoofing Vulnerability
Description:

A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.

To exploit the vulnerability, the attacker needs to be within the physical proximity of the targeted user, and the user's computer needs to have Bluetooth enabled. The attacker can then initiate a Bluetooth connection to the target computer without the user's knowledge.

The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8628
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Spoofing 4034668 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Spoofing 4034668 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Spoofing 4034660 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Spoofing 4034660 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Spoofing 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Spoofing 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Spoofing 4034674 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Spoofing 4034674 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Spoofing 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Spoofing 4034664
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Spoofing 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Spoofing 4034681
Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Spoofing 4034681 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4034786 (Security Update) Important Spoofing 4019276 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4034786 (Security Update) Important Spoofing 4019276 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4034786 (Security Update) Important Spoofing None Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4034786 (Security Update) Important Spoofing 4019276 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4034786 (Security Update) Important Spoofing 4019276 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Spoofing 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Spoofing 4034658 Base: 8.10
Temporal: 7.30
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8628 Ben Seri and Gregory Vishnepolsky of Armis, Inc.
https://armis.com


CVE-2017-8643 - Microsoft Edge Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8643
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events.

For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities.

The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8643
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4038782 (Security Update) Low Information Disclosure 4034658 Base: 2.40
Temporal: 2.20
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8643 Giorgi Maisuradze, CISPA
https://cispa.saarland/


CVE-2017-8648 - Microsoft Edge Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8648
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The update addresses the vulnerability by modifying how Microsoft Edge handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8648
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8648 Maksymilian Motyl from CERT Orange Poland
https://www.cert.orange.pl/


Zhong Zhaochen (@asnine) of Neusoft
http://asnine.com,http://www.neusoft.com/


CVE-2017-8649 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8649
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8649
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4038782 (Security Update) Moderate Remote Code Execution 4034658 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8649 Microsoft ChakraCore Team


CVE-2017-8660 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8660
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8660
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Critical Remote Code Execution 4034660 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Critical Remote Code Execution 4034658 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Critical Remote Code Execution 4034674 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4038782 (Security Update) Moderate Remote Code Execution 4034658 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8660 Microsoft ChakraCore Team


CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8692
MITRE
NVD
CVE Title: Uniscribe Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

There are multiple ways an attacker could exploit this vulnerability:

  • In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.

  • In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8692
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Remote Code Execution 4034668 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Remote Code Execution 4034668 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Remote Code Execution 4034660 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Remote Code Execution 4034660 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Remote Code Execution 4034674 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Remote Code Execution 4034674 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Remote Code Execution 4034681 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Remote Code Execution
4034665
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Remote Code Execution
4034665
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8692 Jaanus Kp Clarified Security working with Trend Micro's Zero Day Initiative


Yong Chuan Koh (@yongchuank) of MWR Labs
https://labs.mwrinfosecurity.com/


CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8695
MITRE
NVD
CVE Title: Graphics Component Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.

The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8695
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Live Meeting 2007 Add-in 4025869 (Security Update) Important Information Disclosure 4020736 Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Live Meeting 2007 Console 4025868 (Security Update) Important Information Disclosure 4020735 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (32-bit) 4025865 (Security Update) Important Information Disclosure 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (64-bit) 4025865 (Security Update) Important Information Disclosure 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (admin level install) 4025866 (Security Update) Important Information Disclosure 4020733 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (user level install) 4025867 (Security Update) Important Information Disclosure 4020734 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (32-bit) 4011107 (Security Update)
3213568 (Security Update)
Important Information Disclosure 3191939
3191937
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (64-bit) 4011107 (Security Update)
3213568 (Security Update)
Important Information Disclosure 3191939
3191937
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (32-bit) 4011107 (Security Update)
3213568 (Security Update)
Important Information Disclosure 3191939
3191937
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (64-bit) 4011107 (Security Update)
3213568 (Security Update)
Important Information Disclosure 3191939
3191937
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2007 Service Pack 3 3213641 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213638 (Security Update) Important Information Disclosure 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213638 (Security Update) Important Information Disclosure 3191848 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4011134 (Security Update) Important Information Disclosure 3203484 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (32-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (64-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (32-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (64-bit) 4011040 (Security Update) Important Information Disclosure 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Information Disclosure 4034668 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Information Disclosure 4034660 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Information Disclosure 4034658 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Information Disclosure 4034674 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup) Important Information Disclosure 4034681 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Important Information Disclosure 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Important Information Disclosure 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Information Disclosure 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4038786 (Security Only)
4038799 (Monthly Rollup)
Important Information Disclosure
4034665
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Information Disclosure 4034681
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 4038782 (Security Update) Important Information Disclosure 4034658 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4038782 (Security Update) Important Information Disclosure 4034658 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8695 Axel Souchet of MSRC Vulnerabilities & Mitigations


CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8696
MITRE
NVD
CVE Title: Microsoft Graphics Component Remote Code Execution
Description:

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

There are multiple ways an attacker could exploit this vulnerability:

  • In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.

  • In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8696
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Live Meeting 2007 Add-in 4025869 (Security Update) Important Remote Code Execution 4020736 Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Live Meeting 2007 Console 4025868 (Security Update) Important Remote Code Execution 4020735 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (32-bit) 4025865 (Security Update) Important Remote Code Execution 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 (64-bit) 4025865 (Security Update) Important Remote Code Execution 4020732 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (admin level install) 4025866 (Security Update) Important Remote Code Execution 4020733 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2010 Attendee (user level install) 4025867 (Security Update) Important Remote Code Execution 4020734 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (32-bit) 4011107 (Security Update) Important Remote Code Execution 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync 2013 Service Pack 1 (64-bit) 4011107 (Security Update) Important Remote Code Execution 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (32-bit) 4011107 (Security Update) Important Remote Code Execution 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Basic 2013 Service Pack 1 (64-bit) 4011107 (Security Update) Important Remote Code Execution 3191939 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2007 Service Pack 3 3213649 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213631 (Security Update) Critical Remote Code Execution 3191844 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213631 (Security Update) Critical Remote Code Execution 3191844 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2010 Service Pack 2 3213632 (Security Update) Critical Remote Code Execution 3203466 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4011125 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (32-bit) 4011040 (Security Update) Important Remote Code Execution 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 (64-bit) 4011040 (Security Update) Important Remote Code Execution 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (32-bit) 4011040 (Security Update) Important Remote Code Execution 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business 2016 Basic (64-bit) 4011040 (Security Update) Important Remote Code Execution 3203382 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4039384 (Security Update) Critical Remote Code Execution 4022887 Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4038777 (Monthly Rollup)
4038779 (Security Only)
Critical Remote Code Execution 4034664
Base: 7.50
Temporal: 6.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2017-8696 Axel Souchet of MSRC Vulnerabilities & Mitigations


CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-8699
MITRE
NVD
CVE Title: Windows Shell Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, a user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by helping to ensure that Windows Shell validates file copy destinations.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2017-09-12T07:00:00    Information published.
Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8699
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4038781 (Security Update) Important Remote Code Execution 4034668 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4038781 (Security Update) Important Remote Code Execution 4034668 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4038783 (Security Update) Important Remote Code Execution 4034660 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4038783 (Security Update) Important Remote Code Execution 4034660 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4038782 (Security Update) Important Remote Code Execution 4034658 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4038788 (Security Update) Important Remote Code Execution 4034674 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4038788 (Security Update) Important Remote Code Execution 4034674 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Remote Code Execution 4034664
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4038777 (Monthly Rollup)
4038779 (Security Only)
Important Remote Code Execution 4034664
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4038792 (Monthly Rollup)
4038793 (Security Only)
Important Remote Code Execution 4034681
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4038792 (Monthly Rollup)