Security Alert (A17-06-01): Multiple Vulnerabilities in Microsoft Products (June 2017)


 

Published on: 14 June 2017

Last update on: 22 June 2017

  
  

Description:

Microsoft has released 79 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

 

Affected Systems:

> Microsoft Internet Explorer 9, 10, 11
> Microsoft Edge
> Microsoft Windows XP, Vista, 7, 8, 8.1, RT 8.1, 10
> Microsoft Windows Server 2003, 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016
> Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run
> Microsoft Office Compatibility Pack
> Microsoft Office Web Apps 2010 Web Apps Server 2010, 2013
> Microsoft Office Online Server 2016
> Microsoft OneNote 2010
> Microsoft Outlook 2007, 2010, 2013, 2016, 2016 for Mac
> Microsoft Excel 2013 RT
> Microsoft PowerPoint 2007, 2013 RT
> Microsoft PowerPoint for Mac 2011, 2016
> Microsoft Project Server 2013
> Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
> Microsoft Word for Mac 2011, 2016
> Microsoft Word Viewer
> Microsoft SharePoint Server 2007, 2013
> Microsoft SharePoint Enterprise Server 2013, 2016
> Microsoft Silverlight 5
> Microsoft Live Meeting 2007
> Microsoft Lync 2010, 2010 Attendee, 2013
> Skype for Business 2016
> Word Automation Services 

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of service, elevation of privilege, information disclosure, remote code execution, security restriction bypass, spoofing, or tampering.

 

Recommendation:

  1. Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

    Microsoft has released several critical security updates to protect against widespread hacking, citing an "elevated risk of cyber attacks", please follow the guidance from Microsoft to prioritise the patches accordingly:

    Guidance for supported platforms
    https://support.microsoft.com/en-us/help/4025686/microsoft-security-advisory-4025685-guidance-for-supported-platforms

    For end-of-support platforms including Windows XP, Vista, 8 and Server 2003, Microsoft has also released additional security updates to mitigate the rising risk. System administrators are requested to follow the guidance to patch the affected systems:

    Guidance for older platforms
    https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

  2. System administrators should also verify and confirm whether the security patches were successfully applied on all Windows-based computers, even the Windows platform supports automatic updates.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99
https://technet.microsoft.com/en-us/library/security/4025685
https://www.hkcert.org/my_url/en/alert/17061401
https://www.us-cert.gov/ncas/current-activity/2017/06/13/Microsoft-Releases-June-2017-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0215 (to CVE-2017-0216)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0218 (to CVE-2017-0219)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0282 (to CVE-2017-0289)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0291 (to CVE-2017-0292)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0294 (to CVE-2017-0300)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8464 (to CVE-2017-8466)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8468 (to CVE-2017-8485)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8488 (to CVE-2017-8494)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8496 (to CVE-2017-8499)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8506 (to CVE-2017-8515)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8519 (to CVE-2017-8524)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8527 (to CVE-2017-8534)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8543 (to CVE-2017-8545)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8547 (to CVE-2017-8553)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8579
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , OneNote , Outlook , Project Server , SharePoint , Silverlight , Live Meeting , Lync , Skype
Tags