Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 104 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Moderate for for Internet Explorer 9 (IE 9) and Internet Explorer 10 (IE 10) and Critical for Internet Explorer 11 (IE 11).
The Security Update addresses the vulnerabilities by fixing:
1) The update addresses the vulnerability by fixing how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8517)
2) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-8519)
3) The update addresses the vulnerability by fixing how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8522)
4) The update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-8524)
5) The update addresses the vulnerability by restricting the information returned on affected Microsoft browsers. (CVE-2017-8529)
6) The update addresses the vulnerability by modifying how JavaScript scripting engines objects in memory. (CVE-2017-8547)
KB Articles associated with the Update:
1) 4022714
2) 4022726
3) 4021558
4) 4022715
5) 4022727
6) 4022725
7) 4022724
8) 4022719
Please note: CVE-2016-3326 affects only Windows 10, Windows 10 Version 1511, and Windows 10 Version 1607
QID Detection Logic (Authenticated):
Operating Systems: Windows XP Embedded, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\mshtml.dll
The following KBs are checked:
The patch version of 8.0.6001.23952(KB4021558)
The patch version of 9.0.8112.16906 (KB4021558)
The patch version of 9.0.8112.21017 (KB4021558)
The patch version of 10.0.9200.22168 (KB4022724)
The patch version of 11.0.9600.18698 (KB4021558 or KB4022719 or KB4022726)
The patch version of 11.0.10240.17443 (KB4022727)
The patch version of 11.0.10586.962 (KB4022714)
The patch version of 11.0.14393.1356 (KB4022715)
The patch version of 11.0.15063.413 (KB4022725)
1) Remote Code Execution (CVE-2017-8517, CVE-2017-8519,CVE-2017-8522,CVE-2017-8524)
2) Information Disclousre (CVE-2017-8529, CVE-2017-8547)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
4021558
4022714
4022715
4022719
4022724
4022725
4022726
4022727
- Microsoft Office Remote Code Execution(CVE-2017-0260).
- Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0282).
- Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)
- Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0284).
- Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0285).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-0286).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-0287).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-0288).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-0289).
- Windows PDF Remote Code Execution Vulnerability(CVE-2017-0292).
- Microsoft Office Remote Code Execution(CVE-2017-8506).
- Microsoft Office Memory Corruption Vulnerability(CVE-2017-8507).
- Microsoft Office Security Feature Bypass Vulnerability(CVE-2017-8508).
- Microsoft Office Remote Code Execution Vulnerability(CVE-2017-8509).
- Microsoft Office Remote Code Execution Vulnerability(CVE-2017-8510).
- Microsoft Office Remote Code Execution Vulnerability(CVE-2017-8511).
- Microsoft Office Remote Code Execution Vulnerability(CVE-2017-8512).
- Microsoft PowerPoint Remote Code Execution Vulnerability(CVE-2017-8513).
- Microsoft SharePoint Reflective XSS Vulnerability(CVE-2017-8514).
- Windows Graphics Remote Code Execution Vulnerability(CVE-2017-8527).
- Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-8528).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-8531).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-8532).
- Windows Graphics Information Disclosure Vulnerability(CVE-2017-8533).
- Windows Uniscribe Information Disclosure VulnerabilityCVE-2017-8534).
- Microsoft Outlook for Mac Spoofing Vulnerability(CVE-2017-8545).
- Skype for Business Remote Code Execution Vulnerability(CVE-2017-8550).
- SharePoint XSS vulnerability(CVE-2017-8551)
This security updates contain following KBs:
KB3118304
KB3118389
KB3127888
KB3127894
KB3162051
KB3172445
KB3178667
KB3191828
KB3191837
KB3191844
KB3191848
KB3191882
KB3191898
KB3191908
KB3191932
KB3191938
KB3191939
KB3191943
KB3191944
KB3191945
KB3203382
KB3203383
KB3203384
KB3203386
KB3203387
KB3203390
KB3203391
KB3203392
KB3203393
KB3203399
KB3203427
KB3203430
KB3203432
KB3203436
KB3203438
KB3203441
KB3203458
KB3203460
KB3203461
KB3203463
KB3203464
KB3203466
KB3203467
KB3203484
KB3203485
KB3212223
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB3118304 Microsoft Office 2007 (all editions) and other software
KB3118389 Microsoft Office 2010 (all editions) 32
KB3118389 Microsoft Office 2010 (all editions) 64
KB3127888 Microsoft Office 2007 (all editions) and other software
KB3127894
KB3162051 Microsoft Office 2013 (all editions) 32
KB3162051 Microsoft Office 2013 (all editions) 64
KB3178667 Microsoft Office 2016 (all editions) 32
KB3178667 Microsoft Office 2016 (all editions) 64
KB3191828 Microsoft Office 2007 (all editions) and other software
KB3191837 Microsoft Office 2007 (all editions) and other software
KB3191843 Microsoft Office 2010 (all editions) 32
KB3191843 Microsoft Office 2010 (all editions) 64
KB3191844 Microsoft Office 2010 (all editions) 32
KB3191844 Microsoft Office 2010 (all editions) 64
KB3191848 Microsoft Office 2010 (all editions) 32
KB3191848 Microsoft Office 2010 (all editions) 64
KB3191882 Microsoft Office 2016 (all editions) 32
KB3191882 Microsoft Office 2016 (all editions) 64
KB3191898 Microsoft Office 2007 (all editions) and other software
KB3191908 Microsoft Office 2010 (all editions) 32
KB3191908 Microsoft Office 2010 (all editions) 64
KB3191932 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 32
KB3191932 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 64
KB3191937 Microsoft Communications Platforms and Software(Lync 2013 32)
KB3191937 Microsoft Communications Platforms and Software(Lync 2013 64)
KB3191938 Microsoft Office 2013 (all editions) 32
KB3191938 Microsoft Office 2013 (all editions) 64
KB3191943 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 32
KB3191943 Microsoft Office 2016 (all editions) 64
KB3191944 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 32
KB3191944 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 64
KB3191945 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 32
KB3191945 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 64
KB3203382 Microsoft Communications Platforms and Software 32
KB3203382 Microsoft Communications Platforms and Software 64
KB3203383 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 32
KB3203383 Microsoft Office 2016 (all editions) 32Microsoft Office 2016 (all editions) 64
KB3203386 Microsoft Office 2013 (all editions) 32
KB3203386 Microsoft Office 2013 (all editions) 64
KB3203391 Microsoft Office Web Apps 2013 (all versions)
KB3203392 Microsoft Office 2013 (all editions) 32
KB3203392 Microsoft Office 2013 (all editions) 64
KB3203393 Microsoft Office 2013 (all editions) 32
KB3203393 Microsoft Office 2013 (all editions) 64
KB3203427 Microsoft Office 2007 (all editions) and other software
KB3203430 Microsoft SharePoint Server 2013 (all editions)
KB3203432 Microsoft SharePoint Server 2016 (all editions)
KB3203436 Microsoft Office 2007 (all editions) and other software
KB3203438 Microsoft Office 2007 (all editions) and other software
KB3203441 Microsoft Office 2007 (all editions) and other software
KB3203458 Microsoft SharePoint Server 2010 (all editions)
KB3203460 Microsoft Office 2010 (all editions) 32
KB3203460 Microsoft Office 2010 (all editions) 64
KB3203461 Microsoft Office 2010 (all editions) 32
KB3203461 Microsoft Office 2010 (all editions) 64
KB3203463 Microsoft Office 2010 (all editions) 32
KB3203463 Microsoft Office 2010 (all editions) 64
KB3203464 Microsoft Office 2010 (all editions) 32
KB3203464 Microsoft Office 2010 (all editions) 64
KB3203466 Microsoft Office Web Apps 2010 (all versions)
KB3203467 Microsoft Office 2010 (all editions) 32
KB3203467 Microsoft Office 2010 (all editions) 64
KB3203484 Microsoft Office 2007 (all editions) and other software
KB3203484 Microsoft Office 2007 (all editions) and other software
KB3203485
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to the buffer.
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed.
KB Articles associated with the Update:
3217845
4021903
4021923
4022008
4022010
4022013
4022714
4022715
4022717
4022718
4022722
4022725
4022727
4022883
4022884
4022887
4024402
NOTE:- To Patch CVE-2017-8543 on Windows 10 Version 1607 and Windows 10 Version 1703 please apply the July updates i.e. KB4025339 (for Windows 10 Version 1607) and KB4025342 (Windows 10 Version 1703).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB3217845
KB4021903
KB4021923
KB4022008
KB4022010
KB4022013
KB4022714
KB4022717
KB4022718
KB4022722
KB4022727
KB4022883
KB4022884
KB4022887
KB4024402
KB4025339
KB4025342
Microsoft Edge suffers multiple security vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Many information disclosure vulnerabilities have been fixed in the Microsoft Edge Fetch API, JavaScript XML DOM objects, scripting engine these allow attackers to detect browser extensions, URL of a cross-origin request, detect specific files. This update also addresses vulnerabilities in how edge enforces same-origin policy and Content Security Policies.
Affected Version:
Microsoft Edge on all Windows 10 versions and Windows Server 2016
KB Articles associated with the Update:
1) 4022715
2) 4022725
3) 4022714
4) 4022727
Please note: CVE-2016-3326 affects only Windows 10, Windows 10 Version 1511, and Windows 10 Version 1607
QID Detection Logic (Authenticated):
Operating Systems: All versions of Windows 10 and Windows Server 2016
This QID checks for the file version of %windir%\System32\edgehtml.dll
The following KBs are checked:
The patch version is 11.0.10586.962(KB4022714)
The patch version is 11.0.14393.1356(KB4022715)
The patch version is 11.0.15063.413(KB4022725)
The patch version is 11.0.10240.17443(KB4022727)
1) Remote Code Execution
2) Arbitrary Code Execution
3) File and browser extension detection
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Edge Security Update for June 2017 Windows 10 Version 1511 for x86 and x64
Edge Security Update for June 2017 Windows 10 Version 1607 for x86 and x64
Edge Security Update for June 2017 Windows 10 Version 1703 for x86 and x64
Edge Security Update for June 2017 Windows 10 for x86 and x64
Edge Security Update for June 2017 Windows Server 2016
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application.
This security update to Silverlight includes fixes outlined in KB 4023307.
QID Detection Logic:
This authenticated QID checks if the file version of sllauncher.exe is lesser than 5.1.50907.0.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4023307
QID Detection Logic (Authenticated):
Operating Systems: Windows XP Embedded, Windows Server 2003
This QID checks for the file version of %windir%\System32\Olecnv32.dll less than 5.2.3790.6113
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4025218
QID Detection Logic (Authenticated):
Operating Systems: Windows XP Embedded, Windows Server 2003
For x86 targets this QID checks for the file version of %windir%\System32\Rasctrs.dll less than 5.1.2600.7272.
For x64 targets this QID checks for the file version of %windir%\System32\Rasctrs.dll less than 5.2.3790.6099.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4024323
QID Detection Logic (Authenticated):
Operating Systems: Windows XP Embedded, Windows Server 2003
For Windows XP QID checks for the file version of %windir%\System32\Gpkcsp.dll less than 5.1.2600.7264
For Windows 2003 this QID checks for the file version of %windir%\System32\Gpkcsp.dll less than 5.2.3790.6093
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4022747
These new vulnerability checks are included in Qualys vulnerability signature 2.4.62-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.