Virtual Administrator’s July 2017 Patch Recommendations
July 27 **Update** “Current Status for June’s Outlook issues”
Outlook known issues in the June 2017 security updates – https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Issues #1, #2, #3 and #4 have been fixed with patches available from Microsoft Update.
We have approved these in the VA patch policies and they will be installed during your next scheduled Automatic Update window.
- Outlook 2007 (Issue #1, #2 and #4) FIXED with KB3213643
- Outlook 2010 (Issue #1, #2 and #4) FIXED with KB2956078
- Outlook 2013 (Issue #2, #3 and #4) FIXED with KB4011078
- Outlook 2016 (Issue #2, #3 and #4) FIXED with KB4011052
Issue #1
Symptom: When you open an attachment in an email, contact, or task formatted as Rich Text you get the following error:“The program used to create this object is Outlook. That program is either not installed on your computer or it is not responding. To edit this object, install Outlook or ensure that any dialog boxes in Outlook are closed”.
Affects: Outlook 2007 and Outlook 2010
Status: Fixed 2007/2010
Advice: Install KB3213643, KB2956078
Issue #2
Symptom: When opening an attachment that includes consecutive periods (…), or an exclamation point (!), the files are blocked and you receive an Opening Mail Attachment warning.
Affects: Outlook 2007, Outlook 2010, Outlook 2013, and Outlook 2016
Status: Fixed 2007/2010/2013/2016
Advice: Install KB3213643, KB2956078, KB4011078 or KB4011052
Issue #3
Symptom: If you set ShowLevel1Attach to allow Outlook to display Level 1 attachments, you may see the error: “One or more objects in this file have been disabled due to your policy settings”.
Affects: Outlook 2013 and Outlook 2016
Fixed 2013/2016
Advice: Install KB4011078 or KB4011052
Issue #4
Symptom: When you use a custom form that you have created for Outlook, you see the following two symptoms:
- VBScript does not run.
- You get a malicious code warning:
Affects: Outlook 2007, Outlook 2010, Outlook 2013 and Outlook 2016
Fixed 2007/2010/2013/2016
Advice: Install KB3213643, KB2956078, KB4011078 or KB4011052
Title: Microsoft Security Update Releases
Issued: July 27, 2017
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment.
- CVE-2017-8571
- CVE-2017-8572
- CVE-2017-8663
CVE Revision Information:
=====================
CVE-2017-8571
- Title: CVE-2017-8571 | Microsoft Office Outlook Security Feature
Bypass Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: CVE-2017-8571 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE. - Originally posted: July 27, 2017
- Updated: N/A
- CVE Severity Rating: Important
- Version: 1.0
CVE-2017-8572
- Title: CVE-2017-8572 | Microsoft Office Outlook Information
Disclosure Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: CVE-2017-8572 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE. - Originally posted: July 27, 2017
- Updated: N/A
- CVE Severity Rating: Important
- Version: 1.0
CVE-2017-8663
- Title: CVE-2017-8663 | Microsoft Office Outlook Memory Corruption
Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: CVE-2017-8663 has been added to the July
2017 Security Updates. Microsoft recommends that customers running
affected editions of Microsoft Office install the applicable July
security updates to be fully protected from this vulnerability
and to address known issues 1 through 4 in the June 2017 security
updates for Microsoft Outlook. For more information see the Update
FAQ section of this CVE. - Originally posted: July 27, 2017
- Updated: N/A
- CVE Severity Rating: Important
- Version: 1.0
==================================================
This month Microsoft released patches for 54 vulnerabilities with 19 of them rated Critical, 32 rated Important and 3 rated Moderate.
The most concerning vulnerability this month is CVE-2017-8589. This is a bug in the Windows Search Service which be exploited remotely via the SMB file-sharing service in Windows. It is included in the monthly rollups.
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
Affected software include:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- .NET Framework
- Adobe Flash Player
- Microsoft Exchange Server
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Microsoft Security Advisory 4033453 (Published: June 27, 2017)
Vulnerability in Azure AD Connect Could Allow Elevation of Privilege
https://technet.microsoft.com/en-us/library/security/4033453.aspx
Verify if your organization is affected
This issue only affects customers who have enabled the Password writeback feature on Azure AD Connect.
Heads Up!
Important note for CVE-2017-8563: After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller. For more information about setting this registry key. See Notable Patches below
“Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure”
https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry
Comodo Internet Security Suite – older versions block Windows 10 (Version 1703) KB4025342
https://support.microsoft.com/en-us/help/4025342/windows-10-update-kb4025342
If you have not installed the latest version of Comodo Internet Security Suite, you will not have this Windows Update offered to your device automatically.
Comodo is aware of incompatibility issues with earlier versions of the Comodo Internet Security Suite. For additional information, please see here or contact Comodo.
A blank page or “404” error prints when you try to print a frame in Internet Explorer versions 9 through 11
https://support.microsoft.com/en-us/help/4032782/a-blank-page-or-404-error-prints-when-you-try-to-print-a-frame-in-ie
Microsoft released KB4032782 to fix this on June 23. KB4032782 introduced a new problem where Internet Explorer 11 may close unexpectedly when you visit some websites. July’s cumulative update for Internet Explorer states “Addressed issue introduced by KB4032782 where Internet Explorer may close unexpectedly when you visit some websites.” but the link above still shows “Microsoft is researching this problem and will update this article when more information becomes available.”
Cloudy Outlook
Outlook known issues in the June 2017 security updates
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Microsoft released patches for Issues #1, #2 and #3 over the past could of weeks. Apparently none of them work. Microsoft removed the “FIXED” status without explanation and pulled the patches. The #3 fix is only for Office 365 customers on Current channel. We will update this blog as fixes become available. Until such time you will need to manually apply the workarounds.
Issues #5 and #7 fixes are included in this month’s cumulative update/rollup
Monthly Rollup/Security Only/Windows 10/Server 2016 KBs
July 2017 security monthly quality rollup
- KB4025341 – Windows 7, Windows Server 2008 R2
- KB4025336 – Windows 8.1, Windows Server 2012 R2
- KB4025331 – Windows Server 2012
July 2017 security only quality update
- KB4025337 – Windows 7, Windows Server 2008 R2
- KB4025333 – Windows 8.1, Windows Server 2012 R2
- KB4025343 – Windows Server 2012
.NET Framework
July, 2017 Security and Quality Rollup for .NET Framework is not a separate patch but is included in the cumulative update for Windows 10/2016
Cumulative update for Windows 10
- KB4025338 – Original release version 1507 (OS Build 10240)
- KB4025344 – Version 1511 (OS Build 10586)
- KB4025339 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4025342 – Version 1703 “Creators Update” (OS Build 15063)
Note: Server 2016 uses the same KB as Windows 10 Version 1607
Cumulative Security Update for Internet Explorer 9/10/11
KB4025252 – This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
Notable Patches
CVE-2017-8589 | Windows Search Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2017-8585 | .NET Denial of Service Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585
Affect Windows 10 and Windows Server 2016
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.
CVE-2017-8563 | Windows Elevation of Privilege Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/%20CVE-2017-8563
An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully forward an authentication request to a Windows LDAP server, such as a system running Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), which has been configured to require signing or sealing on incoming connections.
CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8584
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.