Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4025252
HistoryJul 11, 2017 - 7:00 a.m.

Cumulative security update for Internet Explorer: July 11, 2017

2017-07-1107:00:00
Microsoft
support.microsoft.com
36

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

99.1%

JSON

Cumulative security update for Internet Explorer: July 11, 2017

Summary

This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see The Security Update Guide.This security update includes improvements and fixes that resolve the following issues:

  • Addressed issue introduced by KB 4032782 where Internet Explorer may close unexpectedly when you visit some websites.

  • Addressed issue in Internet Explorer 11 where a text node returned from the DOMParser may be incorrect when MutationObserver for childList and subtree is active.

  • Addressed issue in Internet Explorer 11 where a crash can occur in limited scenarios when using the Find feature (Ctrl-F).

  • Addressed issue where the onhashchange event fails to trigger when navigating some hashed URLs in Internet Explorer 11.

  • Addressed issue where the NewWindow3 event handler is never called in a managed WebBrowser class of .NET 4.6.

  • Addressed issue that can cause cursor flicker when hovering over a pop-up menu option in Internet Explorer 11 and Microsoft Edge.

  • Addressed issue where Internet Explorer 11 crashes when a user clicks an empty column header and then quickly does a Shift + double click.

  • Addressed issue where Internet Explorer 11 crashes with certain Browser Helper Objects after the July Internet Explorer updates.

  • Addressed issue where certain elements (input or select) cannot be active targets of any action in Internet Explorer 11. This occurs after removing an iframe that contained a cursor inside certain elements (input or select) and adding a new iframe.

  • Security updates to Internet Explorer.
    Additionally, see the following articles for more information about this cumulative update:

  • Windows 7 SP1 and Windows Server 2008 R2 SP1 update history

  • Windows Server 2012 update history

  • Windows 8.1 and Windows Server 2012 R2 update history

  • Windows 10 and Windows Server 2016 update history
    Important

  • The fixes included in this Security Update for Internet Explorer 4025252 are also included in the July 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved in this update.

  • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer 4025252, the July 2017 Security Only Quality Update, and the July 2017 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.

  • This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from July 2017 (or a later month) is already installed. This is because those updates contain all fixes in this Security Update for Internet Explorer.
    If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update

Windows 7 for x64-based systems may continue to report that you need to apply this July 11, 2017 Internet Explorer 11 update after it has already been installed.

  • As of this publication date, Microsoft had corrected the issue for both Windows Server Update Services (WSUS), and Microsoft Update Catalog distributions.
  • Update management solutions that use the Windows Update offline scan method, may still experience this issue.
  • As a potential workaround, affected customers can choose to install the update by using WSUS, or manually by using the Windows Update Catalog page.

Deployment information

For deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information

How to get and install the update

Method 1: Microsoft Update

This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.For more information about how to get security updates automatically, see Windows Update: FAQ.

Note For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information

__

How to get help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File informationThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.For a list of the files that are provided in this cumulative update, download the file information for update 4021558.

File hash information

File name SHA1 hash SHA256 hash
Windows8.1-KB4025252-x86.msu A1B9607F2A9E478D72EE9CBC818AD3BEA1DCBB95 6F70FE465DA791E5EF7BDA86DADA8D4C2152DA81B9E2B1830C4179FD4CD62314
Windows8.1-KB4025252-x64.msu 989B0643155E8AEAA7DDBC08A34B635D4878AED3 AF2A5AC2F1C45FCE9621FC182418CE034B9F8FB6A300B3148B88296AD299D618
IE11-Windows6.1-KB4025252-X86.msu 3DE9D0D26B6CA09932C07B8889988B936278C999 031687312B5BE12CECFDD97936F477E41D52AE51DA40BFCE7EF19B7104BDC3CE
IE11-Windows6.1-KB4025252-X64.msu 80EDF86DD6B82F99214B6DE9230C481B70995BD1 59C5E9412B2B5DFC417184B62389C635E6D1EA62C9E60FE029124AF146583F28
IE9-Windows6.0-KB4025252-X86.msu 076C1283D3083B154D3BFEE54F99D57FECEDFDBE C1AC92A4E0D64D06E23E8E3F22FEE56A9EA7956620889A84D8686E686104A404
IE9-Windows6.0-KB4025252-X64.msu F572491936C37C1DD6E6C73BF80A55DE2B625569 439FA84EFE2BF3CAF19746B9457F84CFB24D2EC1EE52BB24EE1440E7C16453A0
IE8-WindowsXP-KB4025252-x86-Embedded-ENU.exe 616FC352C00406988AF9B2DE236DE9A218C6AC34 5ADC5F659109FF7AB16A9E287F2E22F74F501DEAE535770075AFA8AC8A4A54F4

Related

nessus 9
kaspersky 3
prion 17
cve 17
mscve 7
mskb 11
openvas 10
checkpoint_advisories 3
osv 4
symantec 7
zdt 1
packetstorm 1
seebug 1
trendmicroblog 1
talosblog 1
threatpost 1
nessus
nessus
Security Updates for Internet Explorer (July 2017)
2017-11-30 00:00:00
Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates
2017-07-11 00:00:00
Windows 2008 July 2017 Multiple Security Updates
2017-07-11 00:00:00
kaspersky
kaspersky
KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
2017-07-11 00:00:00
KLA11900 Multiple vulnerabilities in Microsoft Products (ESU)
2017-07-11 00:00:00
KLA11067 Multiple vulnerabilities in Microsoft Windows
2017-07-11 00:00:00
prion
prion
Memory corruption
2017-07-11 21:29:00
Security feature bypass
2017-07-11 21:29:00
Memory corruption
2017-07-11 21:29:00
cve
cve
CVE-2017-8618
2017-07-11 21:29:00
CVE-2017-8619
2017-07-11 21:29:00
CVE-2017-8604
2017-07-11 21:29:00
mscve
mscve
Microsoft Browser Security Feature Bypass Vulnerability
2017-07-11 07:00:00
Scripting Engine Memory Corruption Vulnerability
2017-07-11 07:00:00
Internet Explorer Memory Corruption Vulnerability
2017-07-11 07:00:00
mskb
mskb
Security update for the Microsoft browser security feature bypass vulnerability in Windows Server 2008: July 11, 2017
2017-07-11 07:00:00
July 11, 2017—KB4025336 (Monthly Rollup)
2017-07-11 07:00:00
July 11, 2017—KB4025341 (Monthly Rollup)
2017-07-11 07:00:00
openvas
openvas
Microsoft Browser Security Feature Bypass vulnerability (KB4025240)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025336)
2017-07-12 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025331)
2017-07-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Security Feature Bypass (CVE-2017-8592)
2017-07-11 00:00:00
Microsoft Internet Explorer Memory Corruption (CVE-2017-8594)
2017-07-11 00:00:00
Microsoft Internet Explorer Remote Code Execution (CVE-2017-8618)
2017-07-11 00:00:00
osv
osv
CVE-2017-8592
2017-07-11 21:29:01
CVE-2017-8607
2017-07-11 21:29:02
CVE-2017-8608
2017-07-11 21:29:02
symantec
symantec
Microsoft Edge and Internet Explorer CVE-2017-8592 Security Bypass Vulnerability
2017-07-11 00:00:00
Microsoft Edge and Internet Explorer CVE-2017-8606 Remote Memory Corruption Vulnerability
2017-07-11 00:00:00
Microsoft Internet Explorer CVE-2017-8594 Remote Memory Corruption Vulnerability
2017-07-11 00:00:00
zdt
zdt
Microsoft Internet Explorer 11.0.9600.18617 - CMarkup::DestroySplayTree Memory Corruption Exploit
2017-07-19 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer 11 CMarkup::DestroySplayTree Memory Corruption
2017-07-18 00:00:00
seebug
seebug
Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)
2017-08-17 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02
talosblog
talosblog
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00
threatpost
threatpost
Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities
2017-07-11 16:36:23

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

99.1%

JSON
Related for KB4025252
nessus9kaspersky3prion17cve17mscve7mskb11openvas10checkpoint_advisories3osv4symantec7zdt1packetstorm1seebug1trendmicroblog1talosblog1threatpost1