File Attachment: September-2017 Updates
Microsoft has released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.
Out of the 26 vulnerabilities that are both Critical and RCE, 22 of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.
Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp.
• Microsoft released security patches for all versions of Windows.
• Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.
Operating System Distribution
• Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
• Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
• Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important
Windows Server products:
• Windows Server 2008 R2: 23 vulnerabilities, of which 3 are rated critical, 20 important
• Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
• Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important
Other Microsoft Products
• Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
• Microsoft Edge: 28 vulnerabilities, 19 critical, 7 important, 2 moderate