Virtual Administrator’s August 2017 Patch Recommendations

This month Microsoft released patches for 48 vulnerabilities with 26 of them rated Critical, 21 rated Important and 1 rated Moderate.

Based in the potential impact and the likelihood of being exploited the most concerning vulnerabilities this month are CVE-2017-8620 and CVE 2017-8669. They are included in the monthly rollups.  See “Notable Patches” for more information. There are a number of known issues this month listed below under “Heads Up!”

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Affected software include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft SharePoint
  • Adobe Flash Player
  • Microsoft SQL Server

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Microsoft Security Advisory 4038556 (Published: August 8, 2017)

Guidance for securing applications that host the WebBrowser Control

https://technet.microsoft.com/en-us/library/security/4038556.aspx

Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured.

 

Heads Up! Known Issues

Monthly Rollup

KB4034664 – Windows 7, Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4034664

Symptom: Due to a defect in WLDAP32.DLL, applications that perform LDAP referral chasing can consume excessive or all of the available TCP dynamic ports after installing KB 4025337 and KB4025341.

 

KB4034681 – Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4034681

Symptom: NPS authentication may break, and wireless clients may fail to connect

Symptom: Japanese IME may hang in certain scenarios.

 

KB4034665 – Windows Server 2012

https://support.microsoft.com/en-us/help/4034665

Symptom: Japanese IME may hang in certain scenarios.

 

Windows 10 Cumulative

KB4034658 – Version 1607

https://support.microsoft.com/en-us/help/4034658

Symptom: For some users, their “Update History” does not list previously installed updates.

Symptom: Some users may find that updates that were previously hidden may not be offered after installing this update.

 

KB4034674 – Version 1703

https://support.microsoft.com/en-us/help/4034674

Symptom: Installing this KB (4034674) may change Czech and Arabic languages to English for Microsoft Edge and other applications.

 

 

Monthly Rollup/Security Only/Windows 10/Server 2016 KBs

 

August 2017 security monthly quality rollup

  • KB4034664 – Windows 7, Windows Server 2008 R2
  • KB4034681 – Windows 8.1, Windows Server 2012 R2
  • KB4034665 – Windows Server 2012

 

August 2017 security only quality update

  • KB4034679 – Windows 7, Windows Server 2008 R2
  • KB4034672 – Windows 8.1, Windows Server 2012 R2
  • KB4034666 – Windows Server 2012

 

.NET Framework

August, 2017 Security and Quality Rollup for .NET Framework is not a separate patch but is included in the cumulative update for Windows 10/2016

 

Cumulative update for Windows 10

  • KB4034668 – Original release version 1507 (OS Build 10240)
  • KB4034660 – Version 1511 (OS Build 10586)
  • KB4034658 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4034674 – Version 1703 “Creators Update” (OS Build 15063)

 

Note: Server 2016 uses the same KB as Windows 10 Version 1607

 

Cumulative Security Update for Internet Explorer 9/10/11

  • KB4034733 – This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

Notable Patches

CVE-2017-8620 | Windows Search Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8620

A remote code execution vulnerability exists when Windows Search handles objects in memory.

 

CVE 2017-8669 | Microsoft Browser Memory Corruption Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669

The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

 

CVE 2017-8591 | Windows IME Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8591

A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.

 

CVE 2017-0293 | Windows PDF Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0293

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.