The document provides an overview of a Patch Tuesday webinar that took place on September 13, 2017, discussing significant security vulnerabilities and updates for various Microsoft products. It highlights notable breaches, including the Equifax breach, and outlines the severity and impact of several disclosed vulnerabilities. Specific Microsoft updates addressing these vulnerabilities are detailed, including required actions and known issues related to installation.

1. Patch Tuesday Webinar
Wednesday, September 13, 2017
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 806 026 253

2. Agenda
September 2017 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News -
 The Breach is back! Equifax has made pretty significant headlines. As much
for the circumstances around the disclosure as the breach itself.
 https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/
 The Shadow Brokers released another round of hacking tools.
 http://thehackernews.com/2017/09/shadowbrokers-unitedrake-hacking.html
 BlueBourne BlueTooth vulnerabilities leave millions of devices exposed.
 http://www.pcgamer.com/newly-discovered-bluetooth-vulnerability-exposes-billions-of-devices/
 https://techcrunch.com/2017/09/12/new-bluetooth-vulnerability-can-hack-a-phone-in-ten-
seconds/
 https://www.theregister.co.uk/2017/09/12/bluetooth_bugs_bedevil_billions_of_devices/

7. In the News -
 Def Con – Hackers Rick Roll a WinVote voting machine.
 https://www.nbcnews.com/tech/tech-news/hackers-were-able-breach-then-
rick-roll-voting-machine-within-n788001
 Something fishy coming from the IoT device managing the fish tank.
 https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-
fish-tank-helped-hack-a-casino/?utm_term=.d249d4ac92b7

8. Top 5 Fish Related Security Puns
Sounds like they were finding Nemo: and his DOB, and his social security
number, and his credit card info…
A new meaning to Phish and chips.
One fish, Two fish, Don’t Scam Me, Phish!
Craps! Phishing a casino
Security vulnerabilities always bubble up

9. Public Disclosures
 CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability
 An attacker who exploited the bypass could trick a user into loading a page
containing malicious content. To exploit the bypass, an attacker must trick a user
into either loading a page containing malicious content or visiting a malicious
website. The attacker could also inject the malicious page into either a compromised
website or an advertisement network.
 CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability
 An attacker who successfully exploited this vulnerability could inject code into a
trusted PowerShell process to bypass the Device Guard Code Integrity policy on the
local machine. To exploit the vulnerability, an attacker would first have to access the
local machine, and then inject malicious code into a script that is trusted by the Code
Integrity policy. The injected code would then run with the same trust level as the
script and bypass the Code Integrity policy.

10. Public Disclosures and Zero Day Vulnerabilities
 CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution
 An attacker who successfully exploited this vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. To exploit this vulnerability, an
attacker would need to send a specially crafted WiFi packet.
 Exploited
 CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability
 An attacker who successfully exploited this vulnerability in software using the
.NET framework could take control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new accounts with
full user rights. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.

11. Known Issues Things to be aware of
 NPS authentication may break, and wireless clients may fail to connect.
 https://support.microsoft.com/en-us/help/4034663
 Japanese IME may hang in certain scenarios.
 https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792
 https://support.microsoft.com/en-us/help/4038793/windows-8-1-update-kb4038793
 Reports of the August Preview of Monthly Quality Rollup causing some trouble.

12.  Bulletins

13. MS17-09-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 1511, 1607, and 1703, Server 2016, and
Microsoft Edge
 Description: This bulletin references KB articles 4038781, 4038782, 4038783, and
4038788. See bulletins for extensive list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege and Information Disclosure
 Fixes 60 Vulnerabilities: CVE-2017-8723, CVE-2017-8746, and CVE-2017-9417
are publicly disclosed. See Details column of Security Update Guide for complete list.
 Restart Required: Requires Restart
 Known Issues: Installing KB4034674 may change Czech and Arabic languages to
English for Microsoft Edge and other applications.

14. MS17-09-2K8: Windows Server 2008
 Maximum Severity: Critical
 Affected Products: Microsoft Windows Server 2008
 Description: This security update includes a critical fix for the way Windows handles
Uniscribe objects in memory. This bulletin references 7 KB articles.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege, and Information
Disclosure
 Fixes 22 vulnerabilities: CVE-2017-8628, CVE-2017-8675, CVE-2017-8676, CVE-2017-
8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-8682, CVE-2017-8683, CVE-
2017-8684, CVE-2017-8685, CVE-2017-8687, CVE-2017-8688, CVE-2017-8695, CVE-2017-8696,
CVE-2017-8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709, CVE-2017-8710, CVE-2017-
8719, CVE-2017-8720
 Restart Required: Requires Restart
 Known Issues:

15. MS17-09-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in the Security Update for Internet Explorer
4036586 are also included in the September 2017 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are resolved in this update. This bulletin
references 8 KB articles.
 Impact: Remote Code Execution, Spoofing, Information Disclosure
 Fixes 7 vulnerabilities: CVE-2017-8733, CVE-2017-8736, CVE-2017-8741, CVE-
2017-8747, CVE-2017-8748, CVE-2017-8749, CVE-2017-8750
 Restart Required: Requires Browser Restart
 Known Issues: The WordPad application can sometimes crash on launch after
installing KB4025341.

16. MS17-09-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB4034670 (released August 15, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4038777.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information
Disclosure
 Fixes 24 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0161, CVE-2017-8628, CVE-2017-
8675, CVE-2017-8676, CVE-2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-
2017-8681, CVE-2017-8682, CVE-2017-8683, CVE-2017-8684, CVE-2017-8685, CVE-2017-8687,
CVE-2017-8688, CVE-2017-8695, CVE-2017-8696, CVE-2017-8699, CVE-2017-8707, CVE-2017-
8708, CVE-2017-8709, CVE-2017-8710, CVE-2017-8719, CVE-2017-8720
 Restart Required: Requires Restart
 Known Issues: The WordPad application can sometimes crash on launch after
installing KB4025341.

17. MS17-09-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4034659 (released August 15, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4038799.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 25 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0161, CVE-2017-8675, CVE-2017-
8676, CVE-2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-
2017-8682, CVE-2017-8683, CVE-2017-8684, CVE-2017-8685, CVE-2017-8687, CVE-2017-8688,
CVE-2017-8695, CVE-2017-8696, CVE-2017-8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-
8709, CVE-2017-8710, CVE-2017-8719, CVE-2017-8720, CVE-2017-8728, CVE-2017-8737
 Restart Required: Requires Restart
 Known Issues: The WordPad application can sometimes crash on launch after
installing KB4025341. Japanese IME may hang in certain scenarios, but the
workaround is to install KB 2960837.

18. MS17-09-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4034663 (released August 15, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4038792.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege, and Information
Disclosure
 Fixes 27 (shown) + 7 (IE) Vulnerabilities: CVE-2017-0161, CVE-2017-8628, CVE-2017-8675,
CVE-2017-8676, CVE-2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-
8682, CVE-2017-8683, CVE-2017-8684, CVE-2017-8686, CVE-2017-8687, CVE-2017-8688, CVE-2017-8692, CVE-
2017-8695, CVE-2017-8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709, CVE-2017-8713, CVE-2017-8714,
CVE-2017-8719, CVE-2017-8720, CVE-2017-8728, CVE-2017-8737
 Restart Required: Requires Restart
 Known Issues: NPS authentication may break, and wireless clients may fail to
connect. Japanese IME may hang in certain scenarios, but the workaround is to install
KB 2962409.

19. MS17-09-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Microsoft Graphics Component, Windows kernel-mode
drivers, Windows shell, Windows Hyper-V, Windows kernel, and Windows Virtualization.
Re-release of MS16-087 Security update for Windows print spooler components. This
bulletin is based on KB 4038779.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege, and Information
Disclosure
 Fixes 24 Vulnerabilities: CVE-2017-0161, CVE-2017-8628, CVE-2017-8675, CVE-2017-8676,
CVE-2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-
8682, CVE-2017-8683, CVE-2017-8684, CVE-2017-8685, CVE-2017-8687, CVE-2017-8688, CVE-
2017-8695, CVE-2017-8696, CVE-2017-8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709,
CVE-2017-8710, CVE-2017-8719, CVE-2017-8720
 Restart Required: Requires Restart
 Known Issues: The WordPad application can sometimes crash on launch after installing
KB4025341.

20. MS17-09-SO8: Security-only Update Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012
 Description: Security updates to Microsoft Graphics Component, Windows kernel-
mode drivers, Windows shell, Windows Hyper-V, Windows kernel, and Windows
Virtualization. Re-release of MS16-087 Security update for Windows print spooler
components. This bulletin is based on KB 4038786.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 25 Vulnerabilities: CVE-2017-0161, CVE-2017-8675, CVE-2017-8676, CVE-2017-
8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-8682, CVE-
2017-8683, CVE-2017-8684, CVE-2017-8685, CVE-2017-8687, CVE-2017-8688, CVE-2017-8695,
CVE-2017-8696, CVE-2017-8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709, CVE-2017-
8710, CVE-2017-8719, CVE-2017-8720, CVE-2017-8728, CVE-2017-8737
 Restart Required: Requires Restart
 Known Issues: The WordPad application can sometimes crash on launch after
installing KB4025341. Japanese IME may hang in certain scenarios, but the
workaround is to install KB 2960837.

21. MS17-09-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1 and Server 2012 R2
 Description: Security updates to Microsoft Graphics Component, Windows kernel-mode drivers,
Windows shell, Windows Hyper-V, Windows kernel, and Windows Virtualization. Re-release of
MS16-087 Security update for Windows print spooler components. This bulletin is based on KB
4038793.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege, and Information
Disclosure
 Fixes 27 Vulnerabilities: CVE-2017-0161, CVE-2017-8628, CVE-2017-8675, CVE-2017-8676, CVE-
2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-8682, CVE-2017-8683,
CVE-2017-8684, CVE-2017-8686, CVE-2017-8687, CVE-2017-8688, CVE-2017-8692, CVE-2017-8695, CVE-2017-
8699, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709, CVE-2017-8713, CVE-2017-8714, CVE-2017-8719, CVE-
2017-8720, CVE-2017-8728, CVE-2017-8737
 Restart Required: Requires Restart
 Known Issues: NPS authentication may break, and wireless clients may fail to connect.
Japanese IME may hang in certain scenarios, but the workaround is to install KB 2962409.

22. MS17-09-OFF: Security Updates for Microsoft Office
 Maximum Severity: Critical
 Affected Products: Office 2007, 2010, 2013, 2016 and Individual Applications
(Windows and Mac); Live Meeting 2007; Sharepoint 2013, 2016; Lync 2010, 2013 and
Skype 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 51 KB articles.
 Impact: Remote Code Execution, Elevation of Privilege, Defense in Depth, Information
Disclosure
 Fixes 15 Vulnerabilities: ADV170015, CVE-2017-8567, CVE-2017-8629, CVE-2017-
8630, CVE-2017-8631, CVE-2017-8632, CVE-2017-8676, CVE-2017-8682, CVE-2017-
8695, CVE-2017-8696, CVE-2017-8725, CVE-2017-8742, CVE-2017-8743, CVE-2017-
8744, CVE-2017-8745,
 Restart Required: Requires Restart
 Known Issues: You must have the latest service packs installed in order to install
many of these security patches. Example, Office 2010 SP2, Excel 2013 SP1, etc.

23. MS17-09-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical for IE and Edge (Important for Chrome and Desktop)
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version
1607, Windows 10 Version 1703, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4038806.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2017-11281, CVE-2017-11282
 Restart Required: Requires Application Restart

24. APSB17-28: Security Update for Adobe Flash Player
 Maximum Severity: Critical for IE and Edge (Important for Chrome and Desktop)
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address two critical
memory corruption vulnerabilities that could lead to code execution.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2017-11281, CVE-2017-11282
 Restart Required: Requires Application Restart

25. MS17-09-MRNET: Monthly Rollup for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7
 Sub-bulletins: MS17-09-MRNET-4041083, 4041084, 4041085, 4041086
 These bulletins address all .NET updates for each of the four current MS operating
systems
 Description: This security update resolves a vulnerability in the Microsoft .NET
Framework that could allow remote code execution when Microsoft .NET Framework
processes untrusted input. To exploit the vulnerability, an attacker must first convince
the user to open a malicious document or application. Users whose accounts are
configured to have fewer user rights on the system could be less affected than users
who operate by using administrative user rights.
 Impact: Remote Code Execution
 Fixes 1 vulnerability: CVE-2017-8759
 Restart Required: Requires Restart

26. MS17-09-SONET: Security-only Update for Microsoft .Net
 Maximum Severity: Important
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7
 Sub-bulletins: MS17-09-SONET-4041090, 4041091, 4041092, 4041093
 These bulletins address all .NET updates for each of the four current MS operating
systems
 Description: This security update resolves a vulnerability in the Microsoft .NET
Framework that could allow remote code execution when Microsoft .NET Framework
processes untrusted input. To exploit the vulnerability, an attacker must first convince
the user to open a malicious document or application. Users whose accounts are
configured to have fewer user rights on the system could be less affected than users
who operate by using administrative user rights.
 Impact: Remote Code Execution
 Fixes 1 vulnerability: CVE-2017-8759
 Restart Required: Requires Restart

27. MS17-09-EX: Security Updates for Exchange Server
 Maximum Severity: Important
 Affected Products: Microsoft Exchange Server 2013 and 2016
 Description: This security update resolves a vulnerability in Microsoft Exchange
Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or
spoofing in Microsoft Exchange Server if an attacker sends an email that has a
specially crafted attachment to a vulnerable Exchange server. This bulletin is based on
KB 4036108.
 Impact: Elevation of Privilege and Information Disclosure
 Fixes 2 Vulnerabilities: CVE-2017-8758 and CVE-2017-11761
 Restart Required: Requires Restart
 Known Issues: Only applies to specific CUs
• Microsoft Exchange Server 2013 SP1
• Microsoft Exchange Server 2013 CU 16
• Microsoft Exchange Server 2016 CU 5

28. Between Patch Tuesday’s
 New Product Support: Recuva, SQL Server Management Studio 17, AIMP
34, Allway Sync, Bandicut,
 Security Updates: Opera (4), Tomcat (2), Microsoft (2), Adobe
AcrobatReader (2), Chrome (3), Firefox (3), Filezilla (1), TortoiseSVN (1),
WinRAR (1), Notepad++ (2), Citrix Single Sign On (1), Thunderbird (1),
Adobe Digital Editions (1), Splunk Universal Forwarder (1), Foxit Reader (1),
RealTimes Player (1), LibreOffice (2), Skype (1), Wireshark (1), CoreFTP (1),
 Non-Security Updates: Dropbox (4), Inkscape (1), Microsoft (60),
PDFXchange (2), RealVNC (1), Ccleaner (1), Classic Shell (1), Blue Jeans
(2), Royal TS (3), ToirtoiseHg (1), Webex Productivity Tools (2), Citrix
XenDesktop (2), Slack Machine Wide Installer (1), TeamViewer (3),
GoodSync (2), GOM Player (1), Recuva (1), Xmind (2), HipChat (1),
Malwarebytes (1), AIMP (1), Allway Sync (1), Bandicut (1), Box Sync (1),
Plex Media Server (3), Beyond Compare (1), WinSCP (2),

30. Thank You