********************************************************************
Title: Microsoft Security Update Releases
Issued: August 8, 2017
********************************************************************
Summary
=======
The following CVEs and security bulletins have undergone a major revision increment.
* CVE-2017-0071
* CVE-2017-0228
* CVE-2017-0299
* MS17-007
* MS17-MAR
CVE Revision Information:
=====================
CVE-2017-0071
– Title: CVE-2017-0071 | Scripting Engine Memory Corruption
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0071,
Microsoft released the July security updates for all versions of
Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10
for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems,
and Windows 10 Version 1703 for x64-based Systems have been added
to the Affected Products table as they are also affected by this
vulnerability. Microsoft recommends that customers who have not
already done so install the July 2017 security updates to be
fully protected from this vulnerability.
– Originally posted: March 14, 2017
– Updated: August 8, 2017
– CVE Severity Rating: Critical
– Version: 2.0
CVE-2017-0228
– Title: CVE-2017-0228| Scripting Engine Memory Corruption
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0228,
Microsoft has released August security updates for Internet
Explorer 11 on affected editions of Windows 8.1, Windows Server
2012 R2, Windows 8.1 RT, Windows 10, Windows 10 Version 1511,
Windows 10 Version 1607, and Windows 10 Version 1703; and for
Microsoft Edge on affected editions of Windows 10, Windows 10
Version 1511, Windows 10 Version 1607, and Windows 10 Version 1703.
Microsoft strongly recommends that customers install the updates
to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need
to take any further action.
– Originally posted: May 9, 2017
– Updated: August 8, 2017
– CVE Severity Rating: Critical
– Version: 2.0
CVE-2017-0299
– Title: CVE-2017-0299 | Windows Kernel Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0299,
Microsoft has released August security updates for all affected
editions of Microsoft Windows. Microsoft strongly recommends that
customers install the updates to be fully protected from the
vulnerability. Customers whose systems are configured to receive
automatic updates do not need to take any further action.
– Originally posted: June 13, 2017
– Updated: August 8, 2017
– CVE Severity Rating: Important
– Version: 5.0
Security Bulletin Revision Information:
=====================
MS17-007
– Title: Cumulative Security Update for Microsoft Edge (4013071)
– https://technet.microsoft.com/library/security/ms17-007.aspx
– Reason for Revision: To comprehensively address CVE-2017-0071,
Microsoft released the July security updates for all versions of
Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10
for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems,
and Windows 10 Version 1703 for x64-based Systems have been added
to the Affected Products table as they are also affected by this
vulnerability. Microsoft recommends that customers who have not
already done so install the July 2017 security updates to be fully
protected from this vulnerability.
– Originally posted: March 14, 2017
– Updated: August 8, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0
MS17-MAR
– Title: Microsoft Security Bulletin Summary for March 2017
– https://technet.microsoft.com/library/security/ms17-MAR.aspx
– Reason for Revision: For MS17-007, to comprehensively address
CVE-2017-0071, Microsoft released the July security updates for
all versions of Windows 10. Note that Windows 10 for 32-bit Systems,
Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit
Systems, and Windows 10 Version 1703 for x64-based Systems have been
added to the Affected Products table as they are also affected by
this vulnerability. Microsoft recommends that customers who have not
already done so install the July 2017 security updates to be fully
protected from this vulnerability.
– Originally posted: March 14, 2017
– Updated: August 8, 2017
– Bulletin Severity Rating: N/A
– Version: 4.0