Microsoft Update-Revisionen September 2017

Zum 12. September, zum 14. September sowie zum 19. September 2017 hat Microsoft einige Update-Revisionen vorgenommen. Im Blog-Beitrag gebe ich einen Überblick über diese Revisionen.

********************************************************************
Title: Microsoft Security Update Releases
Issued: 12. September 2017
********************************************************************

Summary
=======

The following CVEs and security bulletins have undergone a major revision increment.

* CVE-2016-0165
* CVE-2016-3238
* CVE-2016-3326
* CVE-2016-3376
* CVE-2017-0213
* CVE-2017-8529
* CVE-2017-8599
* MS16-039
* MS16-APR
* MS16-087
* MS16-JUL
* MS16-095
* MS16-AUG
* MS16-123
* MS16-OCT

CVE Revision Information:
=====================

CVE-2016-0165

– Title: CVE-2016-0165 | Win32k Elevation of Privilege Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
   include Windows 10 Version 1703 for 32-bit Systems and Windows 10
   Version 1703 for x64-based Systems because they are affected by
   CVE-2016-0165. Consumers running Windows 10 are automatically
   protected. Microsoft recommends that enterprise customers running
   Windows 10 Version 1703 ensure they have update 4038788 installed
   to be protected from this vulnerability.
– Originally posted: April 12, 2016 
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 2.0

CVE-2016-3238

– Title: CVE-2016-3238 | Windows Print Spooler Remote Code Execution
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address known issues with the 3170455
   update for CVE-2016-3238, Microsoft has made available the
   following updates for currently-supported versions of Microsoft
   Windows:
   – Rereleased update 3170455 for Windows Server 2008,
   – Monthly Rollup 4038777 and Security Update 4038779 for Windows 7
      and Windows Server 2008 R2
   – Monthly Rollup 4038799 and Security Update 4038786 for
      Windows Server 2012
    – Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1
       and Windows Server 2012 R2
    – Cumulative Update 4038781 for Windows 10
    – Cumulative Update 4038781 for Windows 10 Version 1511
    – Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016.
   Microsoft recommends that customers running Windows Server 2008 reinstall
   update 3170455. Microsoft recommends that customers running other
   supported versions of Windows install the appropriate update. See
   Microsoft Knowledge Base Article 3170005 for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Critical
– Version: 2.0

CVE-2016-3326

– Title: CVE-2016-3326 | Microsoft Browser Information Disclosure
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to include
   Microsoft Edge and Internet Explorer 11 installed on Windows 10
   Version 1703 for 32-bit Systems, and Microsoft Edge and Internet
   Explorer 11 installed on Windows 10 Version 1703 for x64-based
   Systems because they are affected by CVE-2016-3326. In addition,
   corrected the Affected Products table to include Microsoft Edge
   installed on Windows 10, Windows 10 Version 1511, and Windows 10
   Version 1607 because they are also affected by this vulnerability.
   Consumers using Windows 10 are automatically protected. Microsoft
   recommends that enterprise customers running Microsoft Edge or
   Internet Explorer on Windows 10 Version 1703 ensure they have update
   4038788 installed to be protected from this vulnerability. Customers
   who are running other versions of Windows 10 and who have installed
   the August cumulative updates do not need to take any further action.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2016-3376

– Title: CVE-2016-3376 | Win32k Elevation of Privilege Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
   include Windows 10 Version 1703 for 32-bit Systems and Windows 10
   Version 1703 for x64-based Systems because they are affected by
   CVE-2016-3376. Consumers using Windows 10 are automatically
   protected. Microsoft recommends that enterprise customers running
   Windows 10 Version 1703 ensure they have update 4038788 installed
   to be protected from this vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2017-0213

– Title: CVE-2017-0213 | Windows COM Elevation of Privilege Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0213,
   Microsoft has released security update 4038788 for Windows 10
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
   x64-based Systems. Consumers using Windows 10 are automatically
   protected. Microsoft recommends that enterprise customers running
   Windows 10 Version 1703 ensure that they have update 4038788
   installed to be protected from this vulnerability.
– Originally posted: May 8, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2017-8529

– Title: CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address known print regression issues
   customers may experience when printing from Internet Explorer
   or Microsoft Edge after installing any of the June security
   updates, monthly rollups, or IE cumulative updates, Microsoft has
   released the following September security updates: Internet
   Explorer Cumulative Update 4036586; Monthly Rollups 4038777,
   4038799, 4038792; Security Updates 4038781, 4038783, 4038782,
   and 4038788 for all affected editions of Microsoft Edge and
   Internet Explorer when installed on supported editions of Windows.
   Please note that with the installation of these updates, the
   solution to CVE-2017-8529 is turned off by default to help
   prevent the risk of further issues with print regressions, and
   must be activated via your Registry. To be fully protected from
   this vulnerability, please see the Update FAQ section for
   instructions to activate the solution.
– Originally posted: June 13, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Moderate
– Version: 5.0

CVE-2017-8599

– Title: CVE-2017-8599 | Microsoft Edge Security Feature
   Bypass Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-8599, 
   Microsoft has released September security updates for all affected
   editions of Microsoft Edge installed on supported editions of
   Windows 10. Microsoft strongly recommends that customers install
   the updates to be fully protected from the vulnerability.
   Customers whose systems are configured to receive automatic updates
   do not need to take any further action.
– Originally posted: July 11, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 2.0

Security Bulletin Revision Information:
=====================

MS16-039

– Title: Security Update for Microsoft Graphics Component (3148522)
– https://technet.microsoft.com/library/security/ms16-039.aspx
– Reason for Revision: Revised the Microsoft Windows affected software
   table to include Windows 10 Version 1703 for 32-bit Systems and
   Windows 10 Version 1703 for x64-based Systems because they are
   affected by CVE-2016-0165. Consumers running Windows 10 are
   automatically protected. Microsoft recommends that enterprise
   customers running Windows 10 Version 1703 ensure they have update
   4038788 installed to be protected from this vulnerability.
– Originally posted: April 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 4.0

MS16-APR

– Title: Microsoft Security Bulletin Summary for April 2016
– https://technet.microsoft.com/library/security/ms16-APR.aspx
– Reason for Revision: For MS16-039, revised the Windows Operating
   Systems and Components affected software table to include Windows 10
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
   x64-based Systems because they are affected by CVE-2016-0165.
   Consumers running Windows 10 are automatically protected. Microsoft
   recommends that enterprise customers running Windows 10 Version
   1703 ensure they have update 4038788 installed to be protected from
   this vulnerability.
– Originally posted: April 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 4.0

MS16-087

– Title: Security Update for Windows Print Spooler Components (3170005)
– https://technet.microsoft.com/library/security/ms16-087.aspx
– Reason for Revision: To address known issues with the 3170455 update
   for CVE-2016-3238, Microsoft has made available the following updates
   for currently-supported versions of Microsoft Windows:
   Rereleased update 3170455 for Windows Server 2008
   Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and
   Windows Server 2008 R2
   Monthly Rollup 4038799 and Security Update 4038786 for Windows Server
   2012
   Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1
   and Windows Server 2012 R2
   Cumulative Update 4038781 for Windows 10
   Cumulative Update 4038781 for Windows 10 Version 1511
   Cumulative Update 4038782 for Windows 10 Version 1607 and Windows
   Server 2016.
   Microsoft recommends that customers running Windows Server 2008
   reinstall update 3170455. Microsoft recommends that customers running
   other supported versions of Windows install the appropriate update.
   See Microsoft Knowledge Base Article 3170005 for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0

MS16-JUL

– Title: Microsoft Security Bulletin Summary for July 2016
– https://technet.microsoft.com/library/security/ms16-JUL.aspx
– Reason for Revision: For MS16-087, To address known issues with the
   3170455 update for CVE-2016-3238, Microsoft has made available the
   following updates for currently-supported versions of Microsoft Windows:
   Rereleased update 3170455 for Windows Server 2008
   Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and
   Windows Server 2008 R2
   Monthly Rollup 4038799 and Security Update 4038786 for Windows Server
   2012
   Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1
   and Windows Server 2012 R2
   Cumulative Update 4038781 for Windows 10
   Cumulative Update 4038781 for Windows 10 Version 1511
   Cumulative Update 4038782 for Windows 10 Version 1607 and Windows
   Server 2016.
   Microsoft recommends that customers running Windows Server 2008
   reinstall update 3170455. Microsoft recommends that customers running
   other supported versions of Windows install the appropriate update.
   See Microsoft Knowledge Base Article 3170005 for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 2.0

MS16-095

– Title: Cumulative Security Update for Internet Explorer (3177356)
– https://technet.microsoft.com/library/security/ms16-095.aspx
– Reason for Revision:  Revised the Affected Software table to include
   Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit
   Systems and Internet Explorer 11 installed on Windows 10 Version 1703
   for x64-based Systems because they are affected by CVE-2016-3326.
   Consumers using Windows 10 are automatically protected. Microsoft
   recommends that enterprise customers running Internet Explorer on
   Windows 10 Version 1703 ensure they have update 4038788 installed
   to be protected from this vulnerability. Customers who are running
   other versions of Windows 10 and who have installed the June
   cumulative updates do not need to take any further action.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 3.0

MS16-AUG

– Title: Microsoft Security Bulletin Summary for August 2016
– https://technet.microsoft.com/library/security/ms16-AUG.aspx
– Reason for Revision: For MS16-095, revised the Windows Operating
   System and Components Affected Software table to include Internet
   Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems
   and Internet Explorer 11 installed on Windows 10 Version 1703 for
   x64-based Systems because they are affected by CVE-2016-3326. Microsoft
   recommends that customers running Internet Explorer on Windows 10
Version
   1703 install update 4038788 to be protected from this vulnerability.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 3.0

MS16-123

– Title: Security Update for Windows Kernel-Mode Drivers (3192892)
– https://technet.microsoft.com/library/security/ms16-123.aspx
– Reason for Revision: Revised the Affected Software table to include
   Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703
   for x64-based Systems because they are affected by CVE-2016-3376.
   Consumers using Windows 10 are automatically protected. Microsoft
   recommends that enterprise customers running Windows 10 Version 1703
   ensure they have update 4038788 installed to be protected from this
   vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Important
– Version: 3.0

MS16-OCT

– Title: Microsoft Security Bulletin Summary for October 2016
– https://technet.microsoft.com/library/security/ms16-OCT.aspxhttps://technet.microsoft.com/library/security/ms16-OCT.aspx
– Reason for Revision: For MS16-123, revised the Windows Operating
   System and Components affected software table to include Windows 10
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
   x64-based Systems because they are affected by CVE-2016-3376.
   Consumers using Windows 10 are automatically protected. Microsoft
   recommends that enterprise customers running Windows 10 Version 1703
   ensure they have update 4038788 installed to be protected from this
   vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 3.0

********************************************************************
Title: Microsoft Security Update Releases
Issued: September 14, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-11767

CVE Revision Information:
=====================

CVE-2017-11767

– Title: CVE-2017-11767 | Scripting Engine Memory Corruption
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: CVE-2017-11767 has been added to the
   September 2017 Security Release in conjunction with the
   publication of the 17-09 ChakraCore servicing release.
   See https://github.com/Microsoft/ChakraCore/commit/
    for more information.
– Originally posted: August 14, 2017 
– Updated: N/A
– CVE Severity Rating: Critical
– Version: 1.0

********************************************************************
Title: Microsoft Security Update Releases
Issued: September 19, 2017
********************************************************************

Summary
=======

The following Defense in Depth Update has undergone a major
revision increment.

* ADV170015

Revision Information:
=====================

ADV170015

– Title: ADV170015 | Microsoft Office Defense in Depth Update
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: CVE updated to announce that Microsoft is
   replacing KB4011086 for Microsoft Outlook 2007 Service Pack 3
   with KB401110. Note that you must first uninstall KB4011086 and
   then install KB401110. For more information, see
   https://support.microsoft.com/help/4011110.
– Originally posted: September 12, 2017 
– Updated: September 19, 2017
– CVE Severity Rating: N/A
– Version: 2.0