Webinar Library
Welcome to this September Patch Tuesday Bulletin. This month we recorded 83 CVE’s across 8 products with a max severity of Critical for 5 of the products and Important for the remaining. This is a slight uptick from 51 CVE’s last month. This month we have vulnerabilities affecting Internet Explorer, Edge, Windows, Office, Adobe, Skype/Lync, .NET, and Exchange. Only one vulnerability (CVE-2017-8759) affecting .NET was exploited in the wild this month. The .NET vulnerability was rated Important but remote code execution is possible. An attacker would have to convince a user to open a malicious document in order to execute code and according to the Microsoft Update Guide the exploit is not publically disclosed. There were no listed workarounds so focus on testing and delivering patches to your environment.
September Patch Tuesday is upon us. Join Ivanti as they present the September Patch Tuesday:
Get an edge with Ivanti Patch Tuesday Analysis
So, without further ado, here’s the chart of patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Internet Explorer
IE 9, 10, 11
Critical
CVE-2017-8733
CVE-2017-8736
CVE-2017-8741
CVE-2017-8747
CVE-2017-8748
CVE-2017-8749
CVE-2017-8750
*Workaround: No
**Exploited: No
Spoofing
Information Disclosure
Remote Code Execution
Edge
Microsoft Edge
CVE-2017-8734
CVE-2017-8735
CVE-2017-8737
CVE-2017-8738
CVE-2017-8739
CVE-2017-8740
CVE-2017-8751
CVE-2017-8752
CVE-2017-11764
CVE-2017-11766
CVE-2017-8597
CVE-2017-8643
CVE-2017-8648
CVE-2017-8649
CVE-2017-8660
CVE-2017-8723
CVE-2017-8724
CVE-2017-8728
CVE-2017-8729
CVE-2017-8731
CVE-2017-8753
CVE-2017-8754
CVE-2017-8755
CVE-2017-8756
CVE-2017-8757
Security Feature Bypass
Windows
Server 2008, 2008 R2, 2012, 2012 R2, 2016
Windows 7, 8.1, 8.1 RT, 10
CVE-2017-0161
CVE-2017-8628
CVE-2017-8675
CVE-2017-8676
CVE-2017-8677
CVE-2017-8678
CVE-2017-8679
CVE-2017-8680
CVE-2017-8681
CVE-2017-8682
CVE-2017-8683
CVE-2017-8684
CVE-2017-8685
CVE-2017-8686
CVE-2017-8687
CVE-2017-8688
CVE-2017-8692
CVE-2017-8695
CVE-2017-8696
CVE-2017-8699
CVE-2017-8702
CVE-2017-8704
CVE-2017-8706
CVE-2017-8707
CVE-2017-8708
CVE-2017-8709
CVE-2017-8710
CVE-2017-8711
CVE-2017-8712
CVE-2017-8713
CVE-2017-8714
CVE-2017-8716
CVE-2017-8719
CVE-2017-8720
CVE-2017-8746
CVE-2017-9417
Elevation of Privilege
Denial of Service
Office, Office Services, and Web Apps
Office 2007, 2010, 2013, 2016, 2011 for Mac, 2016 for Mac, Web App 2013
Outlook 2007, 2010, 2013, 2016
Excel 2007, 2010, 2013, 2016, Web App 2013
PowerPoint 2007, 2010, 2013, 2016
SharePoint Server 2013, 2016
CVE-2017-8567
CVE-2017-8629
CVE-2017-8630
CVE-2017-8631
CVE-2017-8632
CVE-2017-8725
CVE-2017-8742
CVE-2017-8743
CVE-2017-8744
CVE-2017-8745
Adobe
Adobe Flash Player
CVE-2017-11281
CVE-2017-11282
Skype for Business/Lync
Skype for Business 2016
Lync 2010, 2013
Important
.NET Framework
.NET 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7
CVE-2017-8759**
**Exploited: Yes
Microsoft Exchange Server
Exchange Server 2013, 2016
CVE-2017-11761
CVE-2017-8758