Security Alert (A17-09-03): Multiple Vulnerabilities in Microsoft Products (September 2017)


 

Published on: 13 September 2017

  
  

Description:

Microsoft has released 80 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them enhancing the security as a defense in depth measure.

Exploitation has been reported in the wild.

 

Affected Systems:

  • Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
  • Microsoft Office Compatibility Pack
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft Office Web Apps Server 2013
  • Microsoft Office Word Viewer
  • Office Online Server
  • Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
  • Microsoft Excel Viewer 2007
  • Microsoft Excel Web App 2013
  • Excel Services
  • Microsoft PowerPoint 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft PowerPoint Viewer 2007
  • Microsoft Live Meeting 2007 Add-in, 2007 Console
  • Microsoft Lync 2010, 2010 Attendee, 2013, Basic 2013
  • Microsoft Outlook 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft Exchange Server 2013, 2016
  • Microsoft Publisher 2007, 2010
  • Microsoft SharePoint Foundation 2013, Server 2013, Enterprise Server 2016
  • Skype for Business 2016, 2016 Basic

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service, security feature bypass or spoofing.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99
https://support.microsoft.com/en-us/help/20170912/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170015
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://www.hkcert.org/my_url/en/alert/17091301
https://www.us-cert.gov/ncas/current-activity/2017/09/12/Microsoft-Releases-September-2017-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8628 (to CVE-2017-8632)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8675 (to CVE-2017-8688)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8706 (to CVE-2017-8714)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8723 (to CVE-2017-8725)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8733 (to CVE-2017-8759)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11766

 



Tag: Microsoft , .NET Framework , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Excel , Powerpoint , Live Meeting , Lync , Outlook , Publisher , SharePoint , Skype , Exchange Server
Tags