June, 2017: Patch Tuesday: 2 Active Attacks in the Wild

Welcome to this June Patch Tuesday Bulletin. This month is a pretty standard month and things seem to have died down (for now) compared to the last few months with the EternalBlue exploit and the WannaCry ransomware. The typical MS software is affected including IE, Edge, Windows, Office, Silverlight, Skype, and Flash Player. There are 2 vulnerabilities with attacks in the wild that include CVE-2017-8464 and CVE-2017-8543. CVE-2017-8464 is a LNK Remote Code Execution Vulnerability that allows code execution if a maliciously crafted icon is displayed. CVE-2017-8543 is a Windows Search Remote Code Execution Vulnerability that could allow an attacker to execute code. Neither of these vulnerabilities have workarounds so look at implementing the monthly rollup or security update.

June Patch Tuesday is upon us. Join Ivanti as they present the June Patch Tuesday:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

Patch data provided by:

 

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-8517

CVE-2017-8519

CVE-2017-8522

CVE-2017-8524

CVE-2017-8529

CVE-2017-8547

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

 

Edge

Microsoft Edge

Critical

CVE-2017-8496

CVE-2017-8497

CVE-2017-8498

CVE-2017-8499

CVE-2017-8504

CVE-2017-8517

CVE-2017-8520

CVE-2017-8521

CVE-2017-8522

CVE-2017-8523

CVE-2017-8524

CVE-2017-8529

CVE-2017-8530

CVE-2017-8548

CVE-2017-8549

CVE-2017-8555

CVE-2017-0223

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Security Feature Bypass

 

Windows

Windows 10

Windows 8.1

Windows RT 8.1

Windows 7

Server 2008/2008 R2

Sever 2012/2012 R2

Server 2016

 

Critical

CVE-2017-8473

CVE-2017-8474

CVE-2017-8475

CVE-2017-8553

CVE-2017-0282

CVE-2017-0283

CVE-2017-0284

CVE-2017-8477

CVE-2017-8478

CVE-2017-8479

CVE-2017-0285

CVE-2017-0286

CVE-2017-0287

CVE-2017-8480

CVE-2017-8481

CVE-2017-8482

CVE-2017-0288

CVE-2017-0289

CVE-2017-8483

CVE-2017-8484

CVE-2017-0291

CVE-2017-0292

CVE-2017-0294

CVE-2017-8485

CVE-2017-8488

CVE-2017-0295

CVE-2017-0296

CVE-2017-0297

CVE-2017-8489

CVE-2017-8490

CVE-2017-0298

CVE-2017-0299

CVE-2017-8491

CVE-2017-8492

CVE-2017-8493

CVE-2017-0300

CVE-2017-8460

CVE-2017-8462

CVE-2017-8494

CVE-2017-8515

CVE-2017-8527

CVE-2017-8528

**CVE-2017-8464

CVE-2017-8465

CVE-2017-8531

CVE-2017-8532

CVE-2017-8466

CVE-2017-8468

CVE-2017-8469

CVE-2017-8470

CVE-2017-8533

CVE-2017-8534

**CVE-2017-8543

CVE-2017-8471

CVE-2017-8472

CVE-2017-8544

CVE-2017-0173

CVE-2017-0193

CVE-2017-0215

CVE-2017-0216

CVE-2017-0218

CVE-2017-0219

CVE-2017-0260

CVE-2017-8476

CVE-2017-8552

*Workaround: No

**Exploited: Yes

Information Disclosure

Remote Code Execution

Tampering

Elevation of Privilege

Security Feature Bypass

Denial of Service

Office, Office Services and Web Apps

Office 2010,

2013, 2016

Office Web Apps 2010,

2013

OneNote 2010

Outlook 2007, 2010, 2013, 2016

PowerPoint 2007, 2013, 2016, Mac 2011

SharePoint 2007, 2013, 2016

Word 2007, 2010, 2013, 2016

Skype Business 2016

 

Critical

CVE-2017-0260

CVE-2017-0282

CVE-2017-0283

CVE-2017-0284

CVE-2017-0285

CVE-2017-0286

CVE-2017-0287

CVE-2017-0288

CVE-2017-0289

CVE-2017-0292

CVE-2017-8506

CVE-2017-8507

CVE-2017-8508

CVE-2017-8509

CVE-2017-8510

CVE-2017-8511

CVE-2017-8512

CVE-2017-8513

CVE-2017-8514

CVE-2017-8527

CVE-2017-8528

CVE-2017-8531

CVE-2017-8532

CVE-2017-8533

CVE-2017-8534

CVE-2017-8545

CVE-2017-8550

CVE-2017-8551

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Security Feature Bypass

Spoofing

Elevation of Privilege

Silverlight

Silverlight 5

Critical

CVE-2017-0283

CVE-2017-8527

*Workaround: No

**Exploited: No

Remote Code Execution

Adobe Flash

25.0.0.171 and earlier

Critical

CVE-2017-3075

CVE-2017-3081

CVE-2017-3083

CVE-2017-3084

CVE-2017-3076

CVE-2017-3077

CVE-2017-3078

CVE-2017-3079

CVE-2017-3082

*Workaround: No

**Exploited: No

Arbitrary Code Execution


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.