September, 2017: Patch Tuesday: One Vulnerability Exploited in the Wild

Welcome to this September Patch Tuesday Bulletin. This month we recorded 83 CVE’s across 8 products with a max severity of Critical for 5 of the products and Important for the remaining. This is a slight uptick from 51 CVE’s last month. This month we have vulnerabilities affecting Internet Explorer, Edge, Windows, Office, Adobe, Skype/Lync, .NET, and Exchange. Only one vulnerability (CVE-2017-8759) affecting .NET was exploited in the wild this month. The .NET vulnerability was rated Important but remote code execution is possible. An attacker would have to convince a user to open a malicious document in order to execute code and according to the Microsoft Update Guide the exploit is not publically disclosed. There were no listed workarounds so focus on testing and delivering patches to your environment.

September Patch Tuesday is upon us. Join Ivanti as they present the September Patch Tuesday:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here’s the chart of patches that affect Windows platforms in the past month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-8733

CVE-2017-8736

CVE-2017-8741

CVE-2017-8747

CVE-2017-8748

CVE-2017-8749

CVE-2017-8750

*Workaround: No

**Exploited: No

Spoofing

Information Disclosure

Remote Code Execution

 

Edge

Microsoft Edge

Critical

CVE-2017-8734

CVE-2017-8735

CVE-2017-8736

CVE-2017-8737

CVE-2017-8738

CVE-2017-8739

CVE-2017-8740

CVE-2017-8741

CVE-2017-8748

CVE-2017-8750

CVE-2017-8751

CVE-2017-8752

CVE-2017-11764

CVE-2017-11766

CVE-2017-8597

CVE-2017-8643

CVE-2017-8648

CVE-2017-8649

CVE-2017-8660

CVE-2017-8723

CVE-2017-8724

CVE-2017-8728

CVE-2017-8729

CVE-2017-8731

CVE-2017-8753

CVE-2017-8754

CVE-2017-8755

CVE-2017-8756

CVE-2017-8757

*Workaround: No

**Exploited: No

Remote Code Execution

Spoofing

Information Disclosure

Security Feature Bypass

Windows

Server 2008, 2008 R2, 2012, 2012 R2, 2016

Windows 7, 8.1, 8.1 RT, 10

Critical

CVE-2017-0161

CVE-2017-8628

CVE-2017-8675

CVE-2017-8676

CVE-2017-8677

CVE-2017-8678

CVE-2017-8679

CVE-2017-8680

CVE-2017-8681

CVE-2017-8682

CVE-2017-8683

CVE-2017-8684

CVE-2017-8685

CVE-2017-8686

CVE-2017-8687

CVE-2017-8688

CVE-2017-8692

CVE-2017-8695

CVE-2017-8696

CVE-2017-8699

CVE-2017-8702

CVE-2017-8704

CVE-2017-8706

CVE-2017-8707

CVE-2017-8708

CVE-2017-8709

CVE-2017-8710

CVE-2017-8711

CVE-2017-8712

CVE-2017-8713

CVE-2017-8714

CVE-2017-8716

CVE-2017-8719

CVE-2017-8720

CVE-2017-8728

CVE-2017-8737

CVE-2017-8746

CVE-2017-9417

*Workaround: No

**Exploited: No

Remote Code Execution

Spoofing

Elevation of Privilege

Information Disclosure

Denial of Service

Security Feature Bypass

 

Office, Office Services, and Web Apps

Office 2007, 2010, 2013, 2016, 2011 for Mac, 2016 for Mac, Web App 2013

Outlook 2007, 2010, 2013, 2016

Excel 2007, 2010, 2013, 2016, Web App 2013

PowerPoint 2007, 2010, 2013, 2016

SharePoint Server 2013, 2016

 

Critical

CVE-2017-8567

CVE-2017-8629

CVE-2017-8630

CVE-2017-8631

CVE-2017-8632

CVE-2017-8676

CVE-2017-8682

CVE-2017-8695

CVE-2017-8696

CVE-2017-8725

CVE-2017-8742

CVE-2017-8743

CVE-2017-8744

CVE-2017-8745

*Workaround: No

**Exploited: No

Remote Code Execution

Elevation of Privilege

Information Disclosure

Adobe

Adobe Flash Player

Critical

CVE-2017-11281

CVE-2017-11282

*Workaround: No

**Exploited: No

Remote Code Execution

Skype for Business/Lync

Skype for Business 2016

Lync 2010, 2013

Important

CVE-2017-8676

CVE-2017-8695

CVE-2017-8696

*Workaround: No

**Exploited: No

Information Disclosure

Remote Code Execution

.NET Framework

.NET 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7

Important

CVE-2017-8759**

*Workaround: No

**Exploited: Yes

Remote Code Execution

Microsoft Exchange Server

Exchange Server 2013, 2016

Important

CVE-2017-11761

CVE-2017-8758

*Workaround: No

**Exploited: No

Information Disclosure

Elevation of Privilege

 


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.