Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rapid7communityBobby McKeownRAPID7COMMUNITY:5E360655BE25ED8FE7E5EBBFACEDD115
HistoryAug 08, 2017 - 8:03 p.m.

Patch Tuesday - August 2017

2017-08-0820:03:46
Bobby McKeown
community.rapid7.com
120

0.302 Low

EPSS

Percentile

96.5%

JSON

It was a busy month this month with a total of 48 security issues fixed. All of these have a severity of Critical or Important with Remote Code Execution vulnerabilities again figuring highly, particularly for Microsoft Edge.

There were also a few publicly disclosed vulnerabilities that were fixed, including CVE-2017-8633 (Privilege Escalation with Windows Error Reporting). None of the disclosed vulnerabilities have publicly known exploits as of writing.

Another critical Adobe Flash Player RCE vulnerability has been fixed (ADV170010).

Also of note were a few revisions to CVE-2017-0071, CVE-2017-0228, and CVE-2017-0299 that will require the installation of July (CVE-2017-0071) and August (CVE-2017-0228 and CVE-2017-0299) patches to ensure you are fully protected.

We were waiting to see if Microsoft would release any patches for the recently disclosed SMBLoris vulnerability in this release, but they don’t seem to have taken any action to fix in this round of patches.

Finally, this is the first time we have seen vulnerabilities patched on the Linux subsystem under Windows. Since its introduction, it was only a matter of time: CVE-2017-8627 (Dos) and CVE-2017-8622 (Privilege Escalation) are the first of their kind.

Related

thn 1
threatpost 1
mscve 6
mskb 15
symantec 6
prion 48
cve 48
openvas 15
zdi 3
seebug 1
zdt 2
packetstorm 1
checkpoint_advisories 2
kaspersky 5
nessus 12
veracode 22
osv 5
github 4
talosblog 1
trendmicroblog 1
thn
thn
Microsoft Issues Security Patches for 25 Critical Vulnerabilities
2017-08-08 08:02:00
threatpost
threatpost
Microsoft Patches Critical Windows Search Vulnerability
2017-08-08 17:21:17
mscve
mscve
Windows Subsystem for Linux Denial of Service Vulnerability
2017-08-08 07:00:00
Windows Error Reporting Elevation of Privilege Vulnerability
2017-08-08 07:00:00
Windows Subsystem for Linux Elevation of Privilege Vulnerability
2017-08-08 07:00:00
mskb
mskb
Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017
2017-08-08 07:00:00
Security update for the Windows Kernel information disclosure vulnerability in Windows Server 2008: August 8, 2017
2017-06-13 07:00:00
August 8, 2017—KB4034679 (Security-only update)
2017-08-08 07:00:00
symantec
symantec
Microsoft Windows CVE-2017-8627 Local Denial of Service Vulnerability
2017-08-08 00:00:00
Microsoft Windows Error Reporting CVE-2017-8633 Remote Privilege Escalation Vulnerability
2017-08-08 00:00:00
Microsoft Windows Kernel CVE-2017-0299 Local Information Disclosure Vulnerability
2017-06-13 00:00:00
prion
prion
Denial of service
2017-08-08 21:29:00
Privilege escalation
2017-08-08 21:29:00
Privilege escalation
2017-08-08 21:29:00
cve
cve
CVE-2017-8627
2017-08-08 21:29:00
CVE-2017-8633
2017-08-08 21:29:00
CVE-2017-8622
2017-08-08 21:29:00
openvas
openvas
Microsoft Windows Error Reporting Elevation of Privilege Vulnerability (KB4035679)
2017-08-09 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (KB4018271)
2017-05-10 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (KB4034733)
2017-06-14 00:00:00
zdi
zdi
Microsoft Windows Error Reporting Manager Improper Access Control Privilege Escalation Vulnerability
2017-08-08 00:00:00
Microsoft Chakra Array.splice Memory Corruption Remote Code Execution Vulnerability
2018-03-19 00:00:00
(Pwn2Own) Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability
2017-05-10 00:00:00
seebug
seebug
Windows Kernel pool memory disclosure in nt!NtNotifyChangeDirectoryFile(CVE-2017-0299)
2017-06-27 00:00:00
zdt
zdt
Microsoft Windows - nt!NtNotifyChangeDirectoryFile Kernel Pool Memory Disclosure Exploit
2017-06-21 00:00:00
Microsoft Edge Charkra Incorrect Jit Optimization Exploit
2017-03-19 00:00:00
packetstorm
packetstorm
Microsoft Edge Charkra Incorrect Jit Optimization
2017-03-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0228)
2017-05-09 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0071; CVE-2017-8548)
2017-03-14 00:00:00
kaspersky
kaspersky
KLA11087 Multiple vulnerabilities in Microsoft Windows
2017-08-08 00:00:00
KLA11846 Multiple vulnerabilities in Microsoft Products (ESU)
2017-08-08 00:00:00
KLA11002 Multiple vulnerabilities in Microsoft Browser
2017-05-09 00:00:00
nessus
nessus
Windows 2008 August 2017 Multiple Security Updates
2017-08-08 00:00:00
Security Updates for Internet Explorer (August 2017)
2017-11-30 00:00:00
KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update
2017-08-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-04 14:28:51
Remote Code Execution (RCE)
2018-12-04 14:26:09
Remote Code Execution (RCE)
2018-12-04 14:38:22
osv
osv
ChakraCore RCE Vulnerability
2022-05-17 02:35:00
CVE-2017-0238
2017-05-12 14:29:03
ChakraCore RCE Vulnerability
2022-05-17 02:44:21
github
github
ChakraCore RCE Vulnerability
2022-05-17 02:35:00
ChakraCore RCE Vulnerability
2022-05-17 02:44:22
ChakraCore RCE Vulnerability
2022-05-17 02:44:21
talosblog
talosblog
Microsoft Patch Tuesday - August 2017
2017-08-08 11:30:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 7, 2017
2017-08-11 16:07:23

0.302 Low

EPSS

Percentile

96.5%

JSON
Related for RAPID7COMMUNITY:5E360655BE25ED8FE7E5EBBFACEDD115
thn1threatpost1mscve6mskb15symantec6prion48cve48openvas15zdi3seebug1zdt2packetstorm1checkpoint_advisories2kaspersky5nessus12veracode22osv5github4talosblog1trendmicroblog1