Further Microsoft Updates August 8, 2017

Windows Update[German]Microsoft hat released more updates on patchday (August 8, 2017) for .NET-Framework, Windows Server, Flash and so on. Here is an overview.


Advertising


A complete overview of all August 2017 updates may be found on this Microsoft page. Some of these updates are covered within other blog posts (see links at articles end).

Security updates

Microsoft released the following security updates.

Security Update for Windows Server 2008 (KB4022750)

Update KB4022750 (Security update for the Windows NetBIOS denial of service vulnerability in Windows Server 2008: August 8, 2017) closes a vulnerability in NetBIOS under Windows Server 2008.

A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploits this vulnerability could cause a target computer to become completely unresponsive.

Details may be read under CVE-2017-0174. This update exchanges KB4021923 on Windows Server 2008. The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog. A restart is required after installing this update.

Security Update for Windows Server 2008 (KB4034034)

Update KB4034034 (Security update for the Windows Search remote code execution vulnerability: August 8, 2017) addresses  a critical vulnerability within Windows Search.

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploits this vulnerability could take control of the affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Details may be read at CVE-2017-8620. The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog. After installing a language pack, the update needs to be re-installed.

Adobe Flash-Player security update (KB4034662)

Update KB4034662 (2017-08 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012) fixes a few critical and moderate vulnerabilities within Adobe Flash Player.

Security Monthly Quality Rollup for Windows Server 2012 (KB4034665)

Update KB4034665 (2017-08 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012) is a critical patch and addresses the following issues:

  • Security updates to Windows Hyper-V, Windows kernel-mode drivers, Microsoft JET Database Engine, Microsoft Windows PDF Library, Common Log File System Driver, Volume Manager Driver, Internet Explorer, Microsoft Windows Search Component, and Windows Server.

The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog.

Security Only Quality Update for Windows Server 2012 (KB4034666)

Update KB4034666 is quoted as critical and is available for Windows Server 2012 and Windows Embedded 8 Standard in WSUS and in Microsoft Update Catalog. This update fixes a remote code execution vulnerability in Windows search and in Windows kernel-mode driverreiber.

Cumulative Security Update Internet Explorer (KB4034733)

Cumulative Security Update KB4034733 for Internet Explorer is available via Windows Update, WSUS and within Microsoft Update Catalog. It’s been quoted as critical for Windows 8.1, Windows Embedded 8 Standard, Windows Embedded Standard 7, and Windows 7, and moderate for Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008.

Security Update for Windows Server 2008 (KB4034744)

Update KB4034744 (Security update for the Volume Manager Extension driver information disclosure vulnerability in Windows Server 2012: August 8, 2017) is available via Windows Updates, WSUS and via Microsoft Update Catalog. It addresses CVE-2017-8668 and is important:

An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To learn more about the vulnerability, go to .

Security Update for Windows Server 2008 (KB4034745)

Update KB4034745 (Security update for the Windows CLFS elevation of privilege vulnerability in Windows Server 2008: August 8, 2017) is important. It closes an elevation of privilege vulnerability in Windows Common Log File System (CLFS) driver. Details may be found in CVE-2017-8624. Update KB4034745 is available via Windows Updates, WSUS and within Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4034775)

Update KB4034775 (Security update for the Microsoft JET Database Engine remote code execution vulnerability in Windows Server 2008: August 8, 2017) is also available for Windows XP Embedded (WES09 and POSReady 2009). This critical update closes a remote code execution vulnerability in Microsoft JET Database Engine. Details may be found in CVE-2017-0250. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035055)

Update KB4035055 (Security update for the Win32k information disclosure vulnerability in Windows Server 2008: August 8, 2017) is important and will also be shipped for Windows XP Embedded (WES09 and POSReady 2009). It fixes an information disclosure vulnerability in win32k kernel. Details may be read within CVE-2017-8666. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035056)

Update KB4035056 (Security update for the Express Compressed Fonts remote code execution vulnerability in Windows Server 2008: August 8, 2017) is important and will also be shipped for Windows XP Embedded (WES09 and POSReady 2009). It fixes a vulnerability that allows a remote code execution via die Windows Font library. Details may be read within CVE-2017-8691. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035679)

Update KB4035679 (Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017) is important. It allows an elevation of privilege attack via Windows Error Reporting (WER). Details are available within CVE-2017-8633 nachlesen. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Other non security updates

Microsoft has released som non security updates in August 2017.

Dynamic Update for Windows 10 Version 1703 (KB4037589)

This  dynamic Update KB4037589 is for Windows 10 Version 1703 and isn’t documented from Microsoft till yet. A dynamic update enables Windows 10 during setup/install to load critical drivers, setup fixes and other components from Microsoft’s update servers (see Windows 10: What are dynamic updates?).

Windows Malicious Software Removal Tool – August 2017 (KB890830)

MSRT has been updated for August 2017 and will be shipped via Windows Update, WSUS and Microsoft Update Catalog. It checks the system for know malware. Details may be found on this Microsoft webpage.

Changes in Updates

Microsoft has changed some older update packages.

Update for Windows Server 2012 R2 (KB4033428)

Update KB4033428 for Windows Server 2012 R2 has been shipped in July 2017 and shall improve CPU detection.

Update for Windows Server 2008 (KB4019276)

Update KB4019276 has been released in July 2017 and changes support for TLS 1.1 and TLS 1.2 in Windows Server 2008 Service Pack 2 (SP2).

Update for Microsoft .NET Framework 4.7 (KB3186497)

Update KB3186497 for Windows 7 and Windows Server 2008 R2 is available via Microsoft Update Catalog .

Update for Microsoft .NET Framework 4.7 (KB3186505)

.NET Framwork 4.7 Update KB3186505 is available for Windows Server 2012 (x64).

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035508)

Metadata and binary data has been changed within Update KB4035508 for Windows Embedded 8 Standard and Windows Server 2012.

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035509)

Metadata and binary data has been changed within Update KB4035509 for Windows 8.1 und Windows Server 2012 R2.

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035510)

Metadata and binary data has been changed within UpdateKB4035510 for Windows Embedded Standard 7, Windows 7 and Windows Server 2008 R2.

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10: Critical Updates KB4035631 and KB4035632
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660
Patchday August 2017: Updates for Windows 7/8.1
Further Microsoft Updates August 8, 2017
Flash Player Update 26.0.0.151 (August 8, 2017)
Microsoft Office Security Updates (August 8, 2017)
Windows10 V1607: KB4034658 clears update history
Windows 10: What are dynamic updates?


Advertising

This entry was posted in Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *