Microsoft Security Updates: September 2017

Microsoft Security Updates: September 2017

File Attachment: September-2017 Updates

Microsoft has released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.

Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.

Out of the 26 vulnerabilities that are both Critical and RCE, 22 of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.

Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp.

Executive Summary
• Microsoft released security patches for all versions of Windows.
• Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.

Operating System Distribution
Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

Windows Server products:
Windows Server 2008 R2: 23 vulnerabilities, of which 3 are rated critical, 20 important
Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important

Other Microsoft Products
Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
Microsoft Edge: 28 vulnerabilities, 19 critical, 7 important, 2 moderate