Security Alert (A17-07-03): Multiple Vulnerabilities in Microsoft Products (July 2017)

Description:

Microsoft has released 59 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them referring to previous security bulletins which have undergone a major revision increment.

Affected Systems:

• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
• Microsoft Office Compatibility Pack Service Pack 3
• Microsoft Office Web Apps 2010
• Microsoft Office Online Server 2016
• Microsoft Excel 2007, 2010, 2013, 2016
• Microsoft Excel Viewer 2007
• Excel Services
• Microsoft SharePoint Enterprise Server 2013, 2016
• Microsoft Business Productivity Servers 2010
• Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7
• Microsoft Exchange Server 2010, 2013, 2016

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of service, elevation of privilege, information disclosure, remote code execution, security feature bypass or spoofing.

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99
https://www.hkcert.org/my_url/en/alert/17061401
https://www.us-cert.gov/ncas/current-activity/2017/07/11/Microsoft-Releases-July-2017-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8559 (to CVE-2017-8566)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8573 (to CVE-2017-8582)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8587 (to CVE-2017-8590)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8594 (to CVE-2017-8596)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8601 (to CVE-2017-8611)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8617 (to CVE-2017-8619)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8621