Microsoft & Non-Microsoft Patch Tuesday – Aug 2017 and MS Patch Known Issues

Microsoft Patch Tuesday

Microsoft Patch Tuesday has released 48 CVE’s for the August 2017 which included 25 CVE’s rated “Critical”, 21 CVE’s rated “Important” and 2 CVE’s rated “Moderate”. These updates affect software Microsoft Edge Browser, Hyper-V, Internet Explorer, Microsoft Scripting Engine, Remote Desktop Protocol, SQL Server and Adobe Flash player. We have come across few known issues with Patch Tuesday related to Windows 10 1703, Windows 10 1607 & Windows 8.1 will discuss below.

Microsoft has also released the patch for Adobe Flash player ADV170010.

Critical CVE’s

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-0250 Microsoft JET Database Engine Remote Code Execution Vulnerability

CVE-2017-8591 Windows IME Remote Code Execution Vulnerability

CVE-2017-8622 Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2017-8634 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8635 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8636 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8638 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8639 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8640 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8641 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8645 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8647 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8653 Microsoft Browser Memory Corruption Vulnerability

CVE-2017-8655 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8656 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8657 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8661 Microsoft Edge Memory Corruption Vulnerability

CVE-2017-8669 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8670 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8671 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8672 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8674 Scripting Engine Memory Corruption Vulnerability

Important CVE’s

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8633 Windows Error Reporting Elevation of Privilege Vulnerability

CVE-2017-0174 Windows NetBIOS Denial of Service Vulnerability

CVE-2017-8503 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8516 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

CVE-2017-8593 Win32k Elevation of Privilege Vulnerability

CVE-2017-8623 Windows Hyper-V Denial of Service Vulnerability

CVE-2017-8624 Windows CLFS Elevation of Privilege Vulnerability

CVE-2017-8625 Internet Explorer Security Feature Bypass Vulnerability

CVE-2017-8637 Scripting Engine Security Feature Bypass Vulnerability

CVE-2017-8642 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8644 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8652 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8654 Microsoft Office SharePoint XSS Vulnerability

CVE-2017-8659 Scripting Engine Information Disclosure Vulnerability

CVE-2017-8662 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8664 Windows Hyper-V Remote Code Execution Vulnerability

CVE-2017-8666 Win32k Information Disclosure Vulnerability

CVE-2017-8668 Volume Manager Extension Driver Information Disclosure Vulnerability

CVE-2017-8673 Windows Remote Desktop Protocol Denial of Service Vulnerability

CVE-2017-8691 Express Compressed Fonts Remote Code Execution Vulnerability

Moderate CVE’s

CVE-2017-8650 Microsoft Edge Security Feature Bypass Vulnerability

CVE-2017-8651 Internet Explorer Memory Corruption Vulnerability

Known Issues Patch Tuesday – Aug 2017 

1) 2017-08 Cumulative Update for Windows 10 Version 1703 (KB4034674)

Installing this KB (4034674) may change Czech and Arabic languages to English for Microsoft Edge and other applications. Microsoft is working on the resolution of this open issue.

2) 2017-08 Security Monthly Quality Rollup for Windows 8.1 (KB4034681)

NPS authentication may break, and wireless clients may fail to connect.

On the server, set the following DWORD registry key’s value to = 0: SYSTEM\CurrentControl Set\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck

3) 2017-08 Delta Update for Windows 10 Version 1607(KB4034658)

a) Update History” does not list previously installed updates – As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”

b) Updates that were previously hidden may be offered after installing this update. Updates that were previously hidden can be hidden again.

c) WSUS servers will exhibit increased CPU, memory, and network utilization when Windows Update clients perform their first scan after installing KB4034658.

Microsoft is investigating the issue and provide updates ASAP.

Reference link:

https://support.microsoft.com/en-hk/help/4034674/windows-10-update-kb4034674
https://support.microsoft.com/en-us/help/4034681/windows-8-1-windows-server-2012-r2-update-kb4034681
https://support.microsoft.com/en-us/help/4034658/windows-10-update-kb4034658

Adobe Patches:

Adobe released two critical rated update and security bulletins for Adobe Flash Player APSB17-23, Adobe Experience Manager APSB17-26, Adobe Digital Edition APSB17-27, Adobe Acrobat Reader APSB17-24.

The vulnerability impact Windows, Linux, Mac, and ChromeOS run flash version 26.0.x. APSB17-23 has been listed as priority 1 and under active attack, Adobe recommends users update their product installations to the latest versions using the instructions or solution referenced in the relevant bulletin. Affected Version for specific products and version info for each product.

Abode will be ending Flash support by 2020.

For more updates and known issues with MS Patch Tuesday – August 2017 please tune to my blog, feel free to update known issues in the comment section below 🙂

Download Excel sheet: Security Update – AUG – 2017

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s