July, 2017: Patch Tuesday - Another Month of Critical Patches

Welcome to this July Patch Tuesday Bulletin.  This month covers your typical vulnerable applications like IE, Edge, Windows, Office and Flash.  Microsoft also included some fixes for .NET and Exchange Server.  There is a documented workaround for the July Flash Security Update, which is critical, but we recommend you receive the update via Microsoft’s standard Security Updates for two reasons; 1. The workaround is recommended only to block known attacked vectors before you apply the update and 2. The workaround involves modifying the registry which if not completed carefully can cause serious issues.  The majority of updates this month are “Critical” so update as soon as you can.  Please note that CVE-2017-8563 which affects various versions of Windows (see list in chart) comes with the following “Important” note from Microsoft:  After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller. For more information about setting this registry key, see Microsoft Knowledge Base article 4034879.

July Patch Tuesday is upon us. Join Ivanti as they present the July Patch Tuesday

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here's the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

 Ivanti.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-8592
CVE-2017-8594
CVE-2017-8602
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8618

*Workaround: No
**Exploited: No

Remote Code Execution
Security Feature Bypass
Spoofing

Edge

Microsoft Edge

Critical

CVE-2017-8592
CVE-2017-8595
CVE-2017-8596
CVE-2017-8598
CVE-2017-8599
CVE-2017-8601
CVE-2017-8602
CVE-2017-8603
CVE-2017-8604
CVE-2017-8605
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8611
CVE-2017-8617
CVE-2017-8619

*Workaround: No
**Exploited: No

Remote Code Execution
Spoofing
Security Feature Bypass

 

Windows

Windows 7

Windows 8.1

Windows RT 8.1

Windows 10

Server 2008/2008 R2

Sever 2012/2012 R2

Server 2016

 

Critical

CVE-2017-0170
CVE-2017-8463
CVE-2017-8467
CVE-2017-8486
CVE-2017-8495
CVE-2017-8556
CVE-2017-8557
CVE-2017-8561
CVE-2017-8564
CVE-2017-8565
CVE-2017-8566
CVE-2017-8573
CVE-2017-8574
CVE-2017-8577
CVE-2017-8578
CVE-2017-8580
CVE-2017-8581
CVE-2017-8582
CVE-2017-8584
CVE-2017-8587
CVE-2017-8588
CVE-2017-8589
CVE-2017-8590
CVE-2017-8592
CVE-2017-8562
CVE-2017-8563
CVE-2017-8554
CVE-2017-8575
CVE-2017-8576
CVE-2017-8579

*Workaround: No
**Exploited: No

Information Disclosure
Remote Code Execution
Elevation of Privilege
Security Feature Bypass
Denial of Service

Office, Office Services and Web Apps

Office 2007, 2010,

2013, 2013 RT, 2016, Web Apps 2010

Excel 2007, 2010, 2016, Viewer 2007, Services 2010

Office Online Server 2016

Mac 2011, 2016

SharePoint 2013, 2016

Compatibility Pack

Business Productivity Servers 2010

Important

CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8569
CVE-2017-8570

*Workaround: No
**Exploited: No

Remote Code Execution
Elevation of Privilege

.NET Framework

4.6, 4.6.1, 4.6.2, 4.7

Important

CVE-2017-8585

*Workaround: No
**Exploited: No

Denial of Service

Adobe Flash Player

26.0.0.120 and earlier

Critical

ADV170009*
CVE-2017-3080*
CVE-2017-3099*
CVE-2017-3100*

*Workaround: Yes
**Exploited: No

Remote Code Execution

Exchange Server

2010, 2013, 2013 CU16, 2016 CU5

Important

CVE-2017-8559
CVE-2017-8560
CVE-2017-8621

*Workaround: No
**Exploited: No

Elevation of Privilege
Spoofing

 

 



Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.