4 replies to this topic

[AplusWebMaster]

FYI...

MS Security Updates - June 2017
- https://portal.msrc....curity-guidance
June 13, 2017
> https://portal.msrc....uidance/summary
Total items: 85 [June 14, 2017] / Total items: 88 [June 22, 2017] / Total items: 89 [June 23, 2017]

- https://portal.msrc....db-000d3a32fc99
June 13, 2017 - "The June security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Silverlight
    Skype for Business and Lync
    Adobe Flash Player ..."

June 2017 security update release
- https://blogs.techne...update-release/
June 13, 2017

MS Security Advisory 4025685
Guidance related to June 2017 security update release
- https://technet.micr...ty/4025685.aspx
June 13, 2017

- http://www.securityt....com/id/1038667
CVE Reference: CVE-2017-8543
Jun 13 2017
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
Description: A vulnerability was reported in Windows Search. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted SMB data to trigger an object memory handling error in Windows Search and execute arbitrary code on the target system.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix.
- https://portal.msrc....y/CVE-2017-8543
___

June 2017 Office Update Release
- https://blogs.techne...update-release/
June 9, 2017 - "... This month, there are 51 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4023935*.
A new version of Office 2013 Click-To-Run is available: 15.0.4937.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7182.5000"

* https://support.micr...icrosoft-office
Last Review: Jun 13, 2017 - Rev: 9
___

Additional references:
- http://www.securityt....com/id/1038659
- http://www.securityt....com/id/1038661
- http://www.securityt....com/id/1038662
- http://www.securityt....com/id/1038663
- http://www.securityt....com/id/1038664
- http://www.securityt....com/id/1038666
- http://www.securityt....com/id/1038667
- http://www.securityt....com/id/1038668
- http://www.securityt....com/id/1038669
- http://www.securityt....com/id/1038670
- http://www.securityt....com/id/1038671
- http://www.securityt....com/id/1038673
- http://www.securityt....com/id/1038674
- http://www.securityt....com/id/1038675
- http://www.securityt....com/id/1038676
- http://www.securityt....com/id/1038678
- http://www.securityt....com/id/1038680

- http://www.securityt....com/id/1038701
- http://www.securityt....com/id/1038702
Jun 15 2017
___

ghacks Analysis:
- https://www.ghacks.n...e-2017-release/
Microsoft Security Patches for June 2017 - [See 'Executive Summary']

- https://www.thezdi.c...y-update-review
June 13, 2017 - [Scroll down to: 'Microsoft Patches for June 2017']

Qualys Analysis:
- https://blog.qualys....ive-june-update
June 13, 2017 - "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months... Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543* and other Font, Outlook, Office, Edge and IE issues are sure to keep system administrators and security teams busy."
* https://portal.msrc....y/CVE-2017-8543
___

- https://www.us-cert....ecurity-Updates
June 13, 2017
 

Edited by AplusWebMaster, 23 June 2017 - 10:53 AM.

[AplusWebMaster]

FYI...

MS Security Advisory 4025685: Guidance for older platforms
- https://support.micr...older-platforms
Last Review: 19-Jun-2017 - Rev: 26
___

Cumulative security update for Internet Explorer
- https://support.micr...er-june-13-2017
Last Review: Jun 23, 2017 - Rev: 5
"... Known issues in this security update:
When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:
404 – Not Found
(A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)
This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.
There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.
Microsoft is researching this problem and will post more information in this article when the information becomes available."
___

Description of the security update for Outlook 2010
- https://support.micr...2010june13,2017
Last Review: Jun 20, 2017 - Rev: 19
"... Known issues in this security update: ..."
 

Edited by AplusWebMaster, 23 June 2017 - 03:56 AM.

[AplusWebMaster]

FYI...

June 2017 Security Updates
> https://portal.msrc....db-000d3a32fc99
See: "... Known Issues..." ref. KB numbers listed
Jun 23, 2017
___

CVE-2017-8558 | MS Malware Protection Engine Remote Code Execution Vuln
- https://portal.msrc....y/CVE-2017-8558
6/23/2017
- http://www.securityt....com/id/1038783
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
The following product versions are affected:
Microsoft Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Windows Intune Endpoint Protection ...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

- http://www.securityt....com/id/1038784
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
Microsoft Security Essentials is also affected...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

CVE-2017-8529 | MS Browser Information Disclosure Vuln
- https://portal.msrc....y/CVE-2017-8529
Last Updated: 06/22/2017
v3.0 - 06/22/2017: Microsoft is announcing the release of update 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to address a known issue customers may experience when printing from Internet Explorer. Only customers who are experiencing print issues after installing Internet Explorer Cumulative update 4021558 should install update 4032782 because update 4032782 addresses the known issue by removing the protection from CVE-2017-8529. The update is available via the Microsoft Update Catalog only.
___

- http://windowssecret...from-last-week/
June 22, 2017 - "... known issues have been documented... Office known issues... there will be an update expected on June 27th fixing the issue..."
 

Edited by AplusWebMaster, 24 June 2017 - 07:07 AM.

[AplusWebMaster]

FYI...

Security Update Summary
> https://portal.msrc....uidance/summary
See -all- KB's dated 06/28/2017
___

June 27, 2017, update for Outlook 2010 (KB3015545)
- https://support.micr...-2010-kb3015545
Last Review: Jun 28, 2017 - Rev. 14
Last Review: Jun 28, 2017 - Rev: 20

June 27, 2017, update for Outlook 2013 (KB3191849)
- https://support.micr...-2013-kb3191849
Last Review: Jun 27, 2017 - Rev: 13
Last Review: Jun 30, 2017 - Rev: 16
___

New ransomware, old techniques: Petya adds worm capabilities
- https://blogs.techne...m-capabilities/
June 27, 2017

Update on Petya malware attacks
- https://blogs.techne...alware-attacks/
June 28, 2017

- https://www.us-cert....lerts/TA17-181A
July 01, 2017 - "... Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable... US-CERT received a sample of this Petya ransomware variant and performed a detailed malware analysis. The team found that this Petya variant encrypts the victim’s files with a dynamically generated, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID, which means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid..."
___

- https://www.catalog....spx?q=KB4022716
2017-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4022716)
Last Modified: 6/28/2017

- https://support.micr...pdate-kb4022716
Last Review: Jun 27, 2017 - Rev: 25
___

- https://www.catalog....spx?q=KB4022723
2017-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022723)

- https://support.micr...pdate-kb4022723
Last Review: Jun 27, 2017 - Rev: 29
Last Review: Jun 29, 2017 - Rev: 36
___

- https://www.catalog....spx?q=KB4032693
2017-06 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4032693)
Last Modified: 6/26/2017
2017-06 Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4032693)
Last Modified: 6/26/2017

- https://support.micr...pdate-kb4032693
Last Review: Jun 27, 2017 - Rev: 12
Last Review: Jun 29, 2017 - Rev: 19


> https://www.neowin.n...heres-whats-new
Jun 27, 2017 [More detail...]
 

Edited by AplusWebMaster, 01 July 2017 - 07:41 AM.

[AplusWebMaster]

FYI...

Outlook 2010 (KB3015545)...
- https://support.micr...-2010-kb3015545
Last Review: Jun 28, 2017 - Rev: 20
"... Note: A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available. The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available..."
___

Windows 7 SP1 and Windows Server 2008 R2 SP1 - KB4022719 (Monthly Rollup)
- https://support.micr...pdate-kb4022719
Last Review: Jun 27, 2017 - Rev: 41

MS Security Update Summary
> https://portal.msrc....uidance/summary
Latest dated 06/28/2017 as of date/time of this post.
 

Edited by AplusWebMaster, 03 July 2017 - 09:19 AM.