********************************************************************
Title: Microsoft Security Update Releases
Issued: July 11, 2017
********************************************************************
Summary
=======
The following CVEs and Microsoft security bulletins have undergone a major revision increment.
* CVE-2016-3305
* CVE-2017-0292
* CVE-2017-8543
* MS16-111
* MS16-SEP
CVE Revision Information:
=====================
CVE-2016-3305
– Title: CVE-2016-3305 | Windows Session Object Elevation of
Privilege Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include 10 Version 1703 for 32-bit Systems and Windows 10 Version
1703 for x64-based Systems because they are affected by
CVE-2016-3305. Microsoft recommends that customers running Windows
10 Version 1703 should install update 4025342 to be protected from
this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: Important
– Version: 2.0
CVE-2017-0292
– Title: CVE-2017-0292 | Windows PDF Remote Code Execution
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address a known issue customers
may have experienced when rendering PDF files, Microsoft
has released an update with the July security and monthly
rollup updates. Microsoft recommends that customers who
have experienced this known issue should install the July
security or monthly rollup updates.
– Originally posted: June 13, 2017
– Updated: June 13, 2017
– CVE Severity Rating: Critical
– Version: 5.0
CVE-2017-8543
– CVE-2017-8543 | Windows Search Remote Code Execution
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To more comprehensively address
CVE-2017-8543, Microsoft is releasing security update 4025339
for affected editions of Windows 10 Version 1607 and security
update 4025342 for affected editions of Windows 10 Version 1703.
Microsoft recommends that customers running these versions of
Windows 10 install the updates to be protected from this
vulnerability.
– Originally posted: June 13, 2017
– Updated: July 11, 2017
– CVE Severity Rating: Critical
– Version: 5.0
Microsoft Becurity Bulletin Revision Information:
=====================
MS16-111
– Title: Security Update for Windows Kernel (3186973)
– https://technet.microsoft.com/library/security/ms16-111
– Reason for Revision: Revised the Windows Affected Software
and Vulnerability Severity Ratings table to include 10 Version
1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based
Systems because they are affected by CVE-2016-3305. Microsoft
recommends that customers running Windows 10 Version 1703 should
install update 4025342 to be protected from this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: Important
– Version: 2.0
MS16-SEP
– Title: Microsoft Security Bulletin Summary for September 2016
– https://technet.microsoft.com/library/security/ms16-SEP
– Reason for Revision: For MS16-111, added Windows 10 Version
1703 for 32-bit Systems and Windows 10 Version 1703 for
x64-based Systems to the Affected Software table because
they are affected by CVE-2016-3305. Microsoft recommends that
customers running Windows 10 Version 1703 should install
update 4025342 to be protected from this vulnerability.
– Originally posted: September 13, 2016
– CVE Severity Rating: N/A
– Version: 2.0
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************
Microsoft respects your privacy. Please read our online Privacy
Statement at
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
These settings will not affect any newsletters you???ve requested or
any mandatory service communications that are considered part of
certain Microsoft services.
For legal Information, see:
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052