Today’s VERT Alert addresses the Microsoft June 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th.
In-The-Wild & Disclosed CVEs
CVE-2017-8543 According to Microsoft’s Security Guidance, they are aware of in-the-wild exploitation against CVE-2017-8543, a code execution vulnerability in the Windows Search service. This vulnerability could allow remote, unauthenticated attackers to take control of a system with a malicious SMB packet. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) CVE-2017-8530 According to Microsoft, a same-origin bypass has been publicly disclosed. The same-origin policy is designed to ensure that a web page can’t access data outside its origin. This bypass exists in Microsoft Edge. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) CVE-2017-8464 A vulnerability in Microsoft shortcuts (.LNK files) has been publicly exploited. If a user accesses a folder or share with a malicious .LNK file, code could execute in the context of the user. This vulnerability is a prime candidate for memory card / flash drive malware, which would be highly effective if planted during the manufacturing process. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) CVE-2017-8523 A second same-origin bypass, again in Microsoft Edge, has also been publicly disclosed. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) CVE-2017-8498 The final vulnerability in this list is an Information Disclosure in Microsoft Edge that could allow an attacker to detect the installed browser extensions. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
FYI Vulnerabilities
While many of the issues fixed today are typical for Patch Tuesday, there are a few that are worth highlighting. Microsoft Security Advisory 4025685 Microsoft has released a security advisory with a rather extensive list of well-known (and some not so well-known) vulnerabilities dating back to 2008. In addition to patches for currently supported operating systems, Microsoft has made updates available for a number of unsupported operating systems including Windows XP and Server 2003. Some of these CVEs have not been previously referenced and only impact the older operating systems. Ensure that you review this full advisory (as well as the linked guidance) to minimize any risk to your environment. Within the advisory, Microsoft has stated that this guidance is being made available due to the heightened risk from past and threatened nation-state attacks.
Other Information
In addition to the Microsoft vulnerabilities included in the June Security Guidance, a security advisory was also published. June Flash Security Update [ADV170007] Microsoft has published an advisory for the June Adobe Flash Security Update (APSB17-17). This includes updates for the following vulnerabilities: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084.