VERT Threat Alert: July 2017 Patch Tuesday Analysis

0

Today’s VERT Advise addresses the Microsoft July 2017 Security Updates. VERT is actively jobless on coverage for these vulnerabilities and expects to ship ASPL-733 on Wednesday, July 12th.In-The-Wild & Blabbed CVEsCVE-2017-8584In a Patch Tuesday first, we have a HoloLens rules execution vulnerability. This vulnerability impacts Windows 10 and Server 2016 and could tolerate a successful attacker user access to a system via a malicious WiFi pack.Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less No doubt).CVE-2017-8611This vulnerability describes an issue that turn up dawn ons when Microsoft Edge fails to properly parse HTTP contentedness. Improper parsing of malicious data could lead to exploitation of vulnerability that would brook content spoofing.Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less No doubt).CVE-2017-8587A denial of service exists that could origin a system to stop responding if an attempt is made to open a non-existent record. While the issue exists within Windows Explorer, an attack could subsume visiting a malicious website that references the non-existent file.Microsoft has rated this as a 3 on the Exploitability Sign (Exploitation Unlikely).CVE-2017-8602This vulnerability is similar in portrait to CVE-2017-8611 but affects both Microsoft Edge and Microsoft Internet Explorer.Microsoft has figured this as a 3 on the Exploitability Index (Exploitation Unlikely).FYI VulnerabilitiesWhile varied of the issues fixed today are typical for Patch Tuesday, there are a few that are merit highlighting.CVE-2017-8563It is worth calling attention to this vulnerability that approve for privilege escalation when falling back from Kerberos to NTLM authentication. After affixing this patch to clients, an additional change must be made to the Field Controller to actually mitigate the vulnerability. Without the patch, the mitigation bequeath break authentication and without the mitigation the vulnerability will persist. Microsoft has delivered KB4034879 to detail how to implement this solution.Windows 10 Kind 1703Microsoft has announced a major revision increment for a number of vulnerabilities and a fastness bulletin that impact Windows 10 Version 1703. There are older reinforces that users may need to install to ensure their 1703 connections are up-to-date. This includes CVE-2016-3305 (MS16-111) and CVE-2017-8543.Other CommunicationIn addition to the Microsoft vulnerabilities included in the July Security Guidance, a pledge advisory was also published.July Flash Security Update [ADV170009]Microsoft has promulgated an advisory for the July Adobe Flash Security Update (APSB17-21). This groups updates for the following vulnerabilities: CVE-2017-3099, CVE-2017-3080, CVE-2017-3100.

Leave a Reply

Your email address will not be published. Required fields are marked *

21