Patch Analysis for August 2017

Welcome to this August Patch Tuesday Bulletin.  This month we have 51 CVE’s remediated across 6 products including Internet Explorer, Edge, Windows, SharePoint, Adobe Flash, and SQL Server.  Two critical Windows vulnerabilities (CVE-2017-0250, CVE-2017-8620) have workarounds in case updates cannot be applied so this may be an option depending on compensating controls and functionality of the server.  There were no reported attacks on any vulnerability in the wild but there are 4 critical, potentially exploitable products that are being patched this month.

August Patch Tuesday is upon us. Join Ivanti as they present the August Patch Tuesday Webinar:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-8625

CVE-2017-8635

CVE-2017-8636

CVE-2017-8641

CVE-2017-8651

CVE-2017-8653

CVE-2017-8669

*Workaround: No

**Exploited: No

Remote Code Execution

Security Feature Bypass

 

Edge

Microsoft Edge

Critical

CVE-2017-8503

CVE-2017-8634

CVE-2017-8635

CVE-2017-8636

CVE-2017-8637

CVE-2017-8638

CVE-2017-8639

CVE-2017-8640

CVE-2017-8641

CVE-2017-8642

CVE-2017-8644

CVE-2017-8645

CVE-2017-8646

CVE-2017-8647

CVE-2017-8650

CVE-2017-8652

CVE-2017-8653

CVE-2017-8655

CVE-2017-8656

CVE-2017-8657

CVE-2017-8659

CVE-2017-8661

CVE-2017-8662

CVE-2017-8669

CVE-2017-8670

CVE-2017-8671

CVE-2017-8672

CVE-2017-8674

CVE-2017-8518

 

*Workaround: No

**Exploited: No

Elevation of Privilege

Remote Code Execution

Security Feature Bypass

Information Disclosure

 

Windows

Windows 10

Windows 8.1

Windows RT 8.1

Windows 7

Server 2008/2008 R2

Sever 2012/2012 R2

Server 2016

 

Critical

CVE-2017-0174

*CVE-2017-0250

CVE-2017-0293

CVE-2017-8591

CVE-2017-8593

*CVE-2017-8620

CVE-2017-8622

CVE-2017-8623

CVE-2017-8624

CVE-2017-8627

CVE-2017-8633

CVE-2017-8664

CVE-2017-8666

CVE-2017-8668

CVE-2017-8673

CVE-2017-8691

*Workaround: Yes

**Exploited: No

Denial of Service

Remote Code Execution

Elevation of Privilege

Information Disclosure

 

SharePoint

SharePoint Server 2010

Important

CVE-2017-8654

*Workaround: No

**Exploited: No

Spoofing

Adobe Flash Player

Windows 10

Windows 8.1

Windows RT 8.1

Server 2012/2012 R2

Windows Server 2016

Critical

CVE-2017-3085

CVE-2017-3106

*Workaround: No

**Exploited: No

Remote Code Execution

SQL Server

SQL Server 2012/2014/2014 SP2/2016

Important

CVE-2017-8516

*Workaround: No

**Exploited: No

Information Disclosure

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources