Microsoft Patch Tuesday September 2017 released total of 94 individual security updates addressing total of 84 CVE’s, in addition to the 2 vulnerabilities for Adobe Flash Player. However, a vulnerability management tool can help detect and remediate these vulnerabilities.
Also, Among these, 27 are rated as Critical, 54 are rated as Important, and 2 are rated as moderate. Auto patching can be helpful here for immediate patching.
Moreover, September Security Update includes patches for 39 vulnerabilities leading to RCE (Remote Code Execution), and 22 of these vulnerabilities impact Microsoft’s browsers.
Microsoft Patch Tuesday September 2017 patch release
It fixes for four publicly known vulnerabilities, one of which has already been actively being exploited by the attackers in the wild. Moreover, This zero-day flaw resides in the way Microsoft .NET Framework processes untrusted input data. Also, According to Microsoft, this flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email. However, The flaw could even allow an attacker to create new accounts with full user rights.
According to FireEye, this zero-day (CVE-2017-8759) flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year. FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies. Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.
Other three publicly known vulnerabilities patched this month include “Device Guard Security Feature Bypass Vulnerability” identified as CVE-2017-8746, “Microsoft Edge Security Feature Bypass Vulnerability” identified as CVE-2017-8723 and then “Broadcom BCM43xx Remote Code Execution Vulnerability” identified as CVE-2017-9417.
- Device Guard Security Feature Bypass Vulnerability could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
- Microsoft Edge Security Feature Bypass Vulnerability can allow attackers to trick users into visiting malicious website.
- Broadcom BCM43xx Remote Code Execution Vulnerability exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change or delete data and then even create new accounts with full admin rights.
Also this September Microsoft released patches for critical RCE vulnerabilities in,
- NetBIOS, that impacts both servers and workstations CVE-2017-0161.
- Microsoft’s DHCP server CVE-2017-8686.
BlueBorne, a Bluetooth attack vector identified with CVE-2017-8628 which can allow an attacker to man-in-the-middle the network connectivity of a Windows system over Bluetooth is also patched in this patch release. BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.
Adobe has also published security bulletin for Flash APSB17-23, which provides patches covering two vulnerabilities and is labeled as critical.
This September security release consists of security patches for the following products:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- .NET Framework
- Skype for Business and Lync
- Microsoft Exchange Server
- Microsoft Office, Services and Web Apps
- Adobe Flash Player
Microsoft security bulletin summary for September 2017:
- Product: Microsoft .NET Framework
CVE’s : CVE-2017-8759
Impact: Remote Code Execution
Severity Rating: Important
KB’s: KB4038781, KB4038782, KB4038783, KB4038788, KB4040955, KB4040956, KB4040957, KB4040958,
KB4040959, KB4040960, KB4040964, KB4040965, KB4040966, KB4040967, KB4040971, KB4040972,
KB4040973, KB4040974, KB4040975, KB4040977, KB4040978, KB4040979, KB4040980, KB4040981,
KB4041086
2. Product: Internet Explorer
CVE’s : CVE-2017-8733, CVE-2017-8736, CVE-2017-8741, CVE-2017-8747, CVE-2017-8748, CVE-2017-8749,
CVE-2017-8750
Impact : Spoofing, Remote Code Execution and information Disclosure
Severity Rating : Critical
KB’s : KB4036586, KB4038777, KB4038781, KB4038782, KB4038783, KB4038788, KB4038792, KB4038799
3. Product: Microsoft Edge
CVE’s : CVE-2017-11764, CVE-2017-11766, CVE-2017-8597, CVE-2017-8643, CVE-2017-8648, CVE-2017-8649, CVE-2017-8660, CVE-2017-8723, CVE-2017-8724, CVE-2017-8728, CVE-2017-8729, CVE-2017-8731, CVE-2017-8734, CVE-2017-8735, CVE-2017-8736, CVE-2017-8737, CVE-2017-8738, CVE-2017-8739, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8750, CVE-2017-8751, CVE-2017-8752, CVE-2017-8753, CVE-2017-8754, CVE-2017-8755, CVE-2017-8756, CVE-2017-8757
Impact : Remote Code Execution, Information Disclosure, Security Bypass and Spoofing
Severity Rating : Critical
KB’s : KB4038781, KB4038782, KB4038783, KB4038788
4. Product: Microsoft Windows
CVE’s : CVE-2017-0161, CVE-2017-8628, CVE-2017-8675, CVE-2017-8676, CVE-2017-8677, CVE-2017-8678, CVE-2017-8679, CVE-2017-8680, CVE-2017-8681, CVE-2017-8682, CVE-2017-8683, CVE-2017-8684, CVE-2017-8685, CVE-2017-8686, CVE-2017-8687, CVE-2017-8688, CVE-2017-8692, CVE-2017-8695, CVE-2017-8696, CVE-2017-8699, CVE-2017-8702, CVE-2017-8704, CVE-2017-8706, CVE-2017-8707, CVE-2017-8708, CVE-2017-8709, CVE-2017-8710, CVE-2017-8711, CVE-2017-8712, CVE-2017-8713, CVE-2017-8714, CVE-2017-8716, CVE-2017-8719, CVE-2017-8720, CVE-2017-8728, CVE-2017-8737, CVE-2017-8746, CVE-2017-9417
Impact : Information Disclosure, Remote Code Execution, Spoofing, Elevation of Privileges and Security Feature Bypass
Severity Rating : Critical
KB’s : KB4032201, KB4034786, KB4038777, KB4038779, KB4038781, KB4038782, KB4038783, KB4038786, KB4038788, KB4038792, KB4038793, KB4038799, KB4038874, KB4039038, KB4039266, KB4039325, KB4039384
5. Product: Skype for Business, Lync and Office
CVE’s : CVE-2017-8567, CVE-2017-8629, CVE-2017-8630, CVE-2017-8631, CVE-2017-8632, CVE-2017-8676, CVE-2017-8682, CVE-2017-8695, CVE-2017-8696, CVE-2017-8725, CVE-2017-8742, CVE-2017-8743, CVE-2017-8744, CVE-2017-8745
Impact : Elevation of Privileges, Information Disclosure and Remote Code Execution
Severity Rating : Critical
KB’s : KB3114428, KB3128027, KB3128030, KB3141537, KB3191831, KB3203474, KB3212225, KB3213551, KB3213560, KB3213562, KB3213564, KB3213568, KB3213626, KB3213631, KB3213632, KB3213638, KB3213641, KB3213642, KB3213644, KB3213646, KB3213649, KB3213658, KB4011038, KB4011040, KB4011041, KB4011050, KB4011055, KB4011056, KB4011061, KB4011062, KB4011063, KB4011064, KB4011065, KB4011069, KB4011086, KB4011089, KB4011090, KB4011091, KB4011103, KB4011107, KB4011108, KB4011113, KB4011117, KB4011125, KB4011126, KB4011127, KB4011134, KB4025865, KB4025866, KB4025867, KB4025868, KB4025869
6. Product: Exchange Server
CVE’s : CVE-2017-11761, CVE-2017-8758
Impact : Information Disclosure and Elevation of Privileges
Severity Rating : Important
KB’s : 4036108