Webinar Library
Welcome to this July Patch Tuesday Bulletin. This month covers your typical vulnerable applications like IE, Edge, Windows, Office and Flash. Microsoft also included some fixes for .NET and Exchange Server. There is a documented workaround for the July Flash Security Update, which is critical, but we recommend you receive the update via Microsoft’s standard Security Updates for two reasons; 1. The workaround is recommended only to block known attacked vectors before you apply the update and 2. The workaround involves modifying the registry which if not completed carefully can cause serious issues. The majority of updates this month are “Critical” so update as soon as you can. Please note that CVE-2017-8563 which affects various versions of Windows (see list in chart) comes with the following “Important” note from Microsoft: After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller. For more information about setting this registry key, see Microsoft Knowledge Base article 4034879.
July Patch Tuesday is upon us. Join Ivanti as they present the July Patch Tuesday
Get an edge with Ivanti Patch Tuesday Analysis
So, without further ado, here's the chart of non-MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Internet Explorer
IE 9, 10, 11
Critical
CVE-2017-8592 CVE-2017-8594 CVE-2017-8602 CVE-2017-8606 CVE-2017-8607 CVE-2017-8608 CVE-2017-8618
*Workaround: No **Exploited: No
Remote Code Execution Security Feature Bypass Spoofing
Edge
Microsoft Edge
CVE-2017-8592 CVE-2017-8595 CVE-2017-8596 CVE-2017-8598 CVE-2017-8599 CVE-2017-8601 CVE-2017-8602 CVE-2017-8603 CVE-2017-8604 CVE-2017-8605 CVE-2017-8606 CVE-2017-8607 CVE-2017-8608 CVE-2017-8609 CVE-2017-8610 CVE-2017-8611 CVE-2017-8617 CVE-2017-8619
Remote Code Execution Spoofing Security Feature Bypass
Windows
Windows 7
Windows 8.1
Windows RT 8.1
Windows 10
Server 2008/2008 R2
Sever 2012/2012 R2
Server 2016
CVE-2017-0170 CVE-2017-8463 CVE-2017-8467 CVE-2017-8486 CVE-2017-8495 CVE-2017-8556 CVE-2017-8557 CVE-2017-8561 CVE-2017-8564 CVE-2017-8565 CVE-2017-8566 CVE-2017-8573 CVE-2017-8574 CVE-2017-8577 CVE-2017-8578 CVE-2017-8580 CVE-2017-8581 CVE-2017-8582 CVE-2017-8584 CVE-2017-8587 CVE-2017-8588 CVE-2017-8589 CVE-2017-8590 CVE-2017-8592 CVE-2017-8562 CVE-2017-8563 CVE-2017-8554 CVE-2017-8575 CVE-2017-8576 CVE-2017-8579
Information Disclosure Remote Code Execution Elevation of Privilege Security Feature Bypass Denial of Service
Office, Office Services and Web Apps
Office 2007, 2010,
2013, 2013 RT, 2016, Web Apps 2010
Excel 2007, 2010, 2016, Viewer 2007, Services 2010
Office Online Server 2016
Mac 2011, 2016
SharePoint 2013, 2016
Compatibility Pack
Business Productivity Servers 2010
Important
CVE-2017-0243 CVE-2017-8501 CVE-2017-8502 CVE-2017-8569 CVE-2017-8570
Remote Code Execution Elevation of Privilege
.NET Framework
4.6, 4.6.1, 4.6.2, 4.7
CVE-2017-8585
Denial of Service
Adobe Flash Player
26.0.0.120 and earlier
ADV170009* CVE-2017-3080* CVE-2017-3099* CVE-2017-3100*
*Workaround: Yes **Exploited: No
Remote Code Execution
Exchange Server
2010, 2013, 2013 CU16, 2016 CU5
CVE-2017-8559 CVE-2017-8560 CVE-2017-8621
Elevation of Privilege Spoofing