Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
6. In the News - NotPetya
https://www.ivanti.com/blog/global-ransomware-attack-based-on-a-petya-variant-
threatens-repeat-of-wannacry/
“…businesses fall prey to cyberattacks because many are in denial, believing that
cyberattacks aren’t an issue for them or that it’s a lot of hype that affects large
companies.”
“…don’t know how to compute effectively what they could be at risk from.”
And even of those who do take the necessary steps, not all are fully aware of what
they’re getting out of it, which leads to a false sense of confidence.
“…still get an awful number of clients where the response you get is, ‘Well, we’re
not being targeted – why should we care?’” David Ferbrache, Technical Director
of Cyber Security at KPMG explained.
http://home.bt.com/tech-gadgets/computing/security/wannacry-petya-ransomware-attack-security-advice-11364194074533
RedHat is retiring Red Hat Network Classic subscriptions by end of July. To
continue service you must convert to Red Hat Subscription Management.
7. Public Disclosures
• CVE-2017-8584 – Vulnerability in HoloLens which could allow remote code execution. This vulnerability affects Windows
10 1607 and Server 2016 and could allow an attacker to send a specially crafted wifi packet and take control of an affected
system.
• CVE-2017-8587 – Vulnerability in Windows Explorer which could allow a denial of service attack. This vulnerability affects
Windows 7 up to Windows 10 1511 and Server 2008 up to Server 2012 R2 and how Windows Explorer attempts to open a
non-existent file. This vulnerability could target a user by hosting a specially crafted website containing the reference to the
non-existing file which would cause the users system to stop responding.
• CVE-2017-8602 – Vulnerability in Internet Explorer 11 and Edge browsers parsing of HTTP content which could allow for a
spoofing attack. The attacker could trick a user by redirecting them to a specially crafted website which could spoof
content or serve as a pivot to chain an attack with other web services exploits. Attacks are user targeted and could take
the form of phishing or watering hole attacks.
• CVE-2017-8611 – Vulnerability in Microsoft Edge browser parsing of HTTP content which could allow for a spoofing attack.
The attacker could trick a user by redirecting them to a specially crafted website which could spoof content or serve as a
pivot to chain an attack with other web services exploits. Attacks are user targeted and could take the form of phishing or
watering hole attacks.
• CVE-2017-3080 – Vulnerabilty in Adobe Flash Player that could allow Security Feature Bypass leading to Information
Disclosure. Adobe is aware that some details of this vulnerability were publicly published on July 3rd, 2017.
More disclosures post release: LDAP and RDP vulnerabilities with handling NTLM
https://www.preempt.com/video/ldap-rdp-relay-vulnerabilities-ntlm-demonstration/
8. Known Issues Things to be aware of
• The Exchange update this month applies only in specific circumstances.
• Adobe Flash for Win 10 1703 released after our content team wrapped up the
release last night. Support for the Flash update on Win 10 1703 just released into
Shavlik Protect catalog.
• MS17-07-2K8 KB4025872 only applies if PowerShell 3.0 is installed on Server
2008.
• Adobe released an out of cycle for Acrobat and Reader DC late in the day.
Continuous branch, not classic. Does not appear there is a security bulletin. Just
released in Shavlik Protect catalog this morning, might see a security bulletin for
Classic here soon, but not yet.
• Oracle Quarterly CPU coming next week Tuesday. Expect updates for Java JRE
and JDK next Tuesday the 18th.
• KB4022883 released for POSReady 2009 which originally released for Server
2008 in June. This snuck in, so don’t be surprised if you see this all of the sudden.
10. MS17-07-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 1511, 1607, and 1703, Server 2016, and
Microsoft Edge
Description: This bulletin references 4 KB articles.
Impact: Full range of impacts including Remote Code Execution
Fixes 43 Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-
2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564,
CVE-2017-8565, CVE-2017-8566, CVE-2017-8573, CVE-2017-8574, CVE-2017-8577, CVE-2017-8578, CVE-2017-
8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8584, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-
2017-8590, CVE-2017-8592, CVE-2017-8595, CVE-2017-8596, CVE-2017-8598, CVE-2017-8599, CVE-2017-8601,
CVE-2017-8602, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-
8608, CVE-2017-8609, CVE-2017-8610, CVE-2017-8611, CVE-2017-8617, CVE-2017-8619
Restart Required: Requires Restart
Known Issues: If an iSCSI target becomes unavailable, attempts to reconnect will
cause a leak. Initiating a new connection to an available target will work as expected.
Consult KB 4034879 if you patch CVE-2017-8563 for added security directions.
11. MS17-07-2K8: Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008
Description: Vulnerabilities related to Kerberos and Powershell could be exploited for
security bypass or remote code execution. This bulletin references 14 KB articles.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 21 vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-
8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8563, CVE-2017-8564, CVE-
2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581,
CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-
8592
Restart Required: Requires Restart
Known Issues: Consult KB 4034879 if you patch CVE-2017-8563 for added security
directions.
12. MS17-07-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB4022719 (released June 27, 2017). This bulletin includes updates for IE.
This bulletin is based on KB4025341.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 21 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-
8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8563, CVE-
2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580,
CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-
8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: Consult KB 4034879 if you patch CVE-2017-8563 for added security
directions.
13. MS17-07-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: This security update includes improvements and fixes that were a part of
update KB4022721 (released June 27, 2017). This bulletin includes updates for IE.
This bulletin is based on KB4025331.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 23 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-
8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-
2017-8562, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577,
CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-
8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: Consult KB 4034879 if you patch CVE-2017-8563 for added security
directions.
14. MS17-07-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB4022720 (released June 27, 2017) This bulletin includes updates for IE.
This bulletin is based on KB4025336.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 23 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-
8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-
2017-8562, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577,
CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-
8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak.
Initiating a new connection to an available target will work as expected. Consult KB 4034879 if you
patch CVE-2017-8563 for added security directions.
15. MS17-07-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Security updates to Microsoft Graphics Component, Windows Search,
Windows kernel-mode drivers, Windows Virtualization, Windows Server, Windows
Storage and File Systems, Datacenter Networking, Windows shell, ASP.NET, Microsoft
PowerShell, Windows kernel, and Microsoft NTFS. This bulletin is based on KB4025337.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation
of Privilege and Information Disclosure
Fixes 21 Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486,
CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8563, CVE-2017-8564, CVE-2017-
8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-
2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: Consult KB 4034879 if you patch CVE-2017-8563 for added security
directions.
16. MS17-07-SO8: Security-only Update Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: Security updates to Windows kernel, ASP.NET, Internet Explorer 10,
Windows SearchWindows Storage and File Systems, Datacenter Networking, Windows
Virtualization, Windows Server, Windows shell, Microsoft NTFS, Microsoft PowerShell,
Windows kernel-mode drivers, and Microsoft Graphics Component. This bulletin is
based on KB4025343.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
Fixes 23 Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-
2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564,
CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-
8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: Consult KB 4034879 if you patch CVE-2017-8563 for added security
directions.
17. MS17-07-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1 and Server 2012 R2
Description: Security updates to Windows kernel, ASP.NET, Internet Explorer 11, Windows
Search, Windows Storage and File Systems, Datacenter Networking, Windows Virtualization,
Windows Server, Windows shell, Microsoft NTFS, Microsoft PowerShell, Windows Kernel-Mode
Drivers, and Microsoft Graphics Component. This bulletin is based on KB4025333.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege and Information Disclosure
Fixes 23 Vulnerabilities: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-
2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8561, CVE-2017-8562, CVE-2017-8563, CVE-2017-8564,
CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-
8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592
Restart Required: Requires Restart
Known Issues: If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak.
Initiating a new connection to an available target will work as expected. Consult KB 4034879 if you
patch CVE-2017-8563 for added security directions.
18. MS17-07-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: This security update resolves several reported vulnerabilities in Internet
Explorer. The most severe of these vulnerabilities could allow remote code execution if
a user views a specially crafted webpage in Internet Explorer. The fixes included in
Security Update for Internet Explorer 4025252 are also included in the July 2017
Security Monthly Quality Rollup. Installing either the Security Update for Internet
Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved in
this update. This bulletin references 8 KB articles.
Impact: Remote Code Execution, Security Feature Bypass, Spoofing
Fixes 7 vulnerabilities: CVE-2017-8592, CVE-2017-8594, CVE-2017-8602, CVE-
2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618
Restart Required: Requires Browser Restart
19. MS17-07-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player if it's
installed on any supported edition of Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version
1607, Windows 10 Version 1703, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB4025376.
Impact: Remote Code Execution
Fixes 3 vulnerabilities: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Restart Required: Requires Application Restart
20. APSB17-21: Security Update for Adobe Flash Player
Maximum Severity: Critical (Priority 1)
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates
address critical vulnerabilities that could potentially allow an attacker to take control of
the affected system.
Impact: Remote Code Execution
Fixes 3 vulnerabilities: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Restart Required: Requires Application Restart
21. MS17-07-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Microsoft Office 2007-2016 for Windows and Mac, Microsoft
Sharepoint Server 2013 and 2106. Separate fixes for Excel 2007-2016.
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office files. There is an
elevation of privilege issue when upgrading from Sharepoint server 2013 to 2016. This
bulletin references 19 KB articles.
Impact: Remote Code Execution and Elevation of Privilege for Sharepoint Server
2016
Fixes 5 vulnerabilities: CVE-2017-0243, CVE-2017-8501, CVE-2017-8502, CVE-
2017-8569, CVE-2017-8570
Restart Required: Requires Restart
22. MS17-07-EX: Security Updates for Exchange Server
Maximum Severity: Moderate
Affected Products: Microsoft Exchange Server 2010, 2013 and 2016
Description: This security update resolves a vulnerability in Microsoft Exchange
Outlook Web Access (OWA). The vulnerability could allow remote code execution in
Microsoft Exchange Server if an attacker sends an email that has a specially crafted
attachment to a vulnerable Exchange server. This bulletin is based on KB4018588.
Impact: Elevation of Privilege and Spoofing
Fixes 3 vulnerabilities: CVE-2017-8559, CVE-2017-8560, CVE-2017-8621
Restart Required: Requires Restart
Known Issues: Only applies to specific CUs
• Microsoft Exchange Server 2013 SP1
• Microsoft Exchange Server 2013 CU 16
• Microsoft Exchange Server 2016 CU 5
23. Non-Security Updates
Maximum Severity: Recommended
Affected Products: Opera, CCleaner
Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.
24. Between Patch Tuesday’s
• New Product Support: Blue Jeans, Camtasia, Subline Text, System Center
Operations Manager 2016, Exchange Server 2016 CU6, Exchange Server
2013 CU17
• Secuirty Updates: Adobe Creative Cloud (1), Google Chrome (3), Thunderbird
(2), Microsoft (4), Notepad++ (1), UltraVNC (1), Adobe Flash (1), Libre Office
(1), Opera (3), Vmware Workstation (2), Apache Tomcat (3), Skype (1),
Firefox (1), Foxit Reader (1), Nitro Pro (1), RealTimes RealPlayer (1), Splunk
Universal Forwarder (1), Putty (1), ToroiseSVN (1),
• Non-Security Updates: Microsoft (28), Nmap (1), GoodSync (1), Citrix
Receiver (1), Goto Meeting (2), WinSCP (1), Dropbox (1), BlueJeans (1),
PDFCreator (1), Camtasia (1), Plex Media Server (1), Sublime Text (1), GOM
Player (1), PDF-Xchange Pro (1), Webex Productivity Tools (1), Box Sync (1),
Keep in mind that since May 9, 2017, customers running Windows 10 version 1507 are no longer receiving security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. There are 18 vulnerabilities fixed for Microsoft Edge.
No known issues with this one.
No known issues with this one.
Same known issue with iSCSI as per Win 10 bulletin.
Pay careful attention to the version of Office you are using. Many of these patches will only update with the proper service pack already in place. For example, Office 2007 must have SP3 installed for the patch to be applied.
The Exchange update this month applies only in specific circumstances. This update applies only if you are on the following:
Microsoft Exchange Server 2013 SP1
Microsoft Exchange Server 2013 CU 16
Microsoft Exchange Server 2016 CU 5
If you have deployed the recently released 2013 CU 17 or 2016 CU 6 or happen to be on an earlier CU than either, the update will not apply. The update is rated as moderate, so a little less urgent.