Microsoft Security Advisory 4025685
Published: June 13, 2017
Version: 1.0
Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today.
Consumers who have automatic updates enabled through Windows Update are already protected and have no action to take. Windows 10 has automatic updates enabled. To check if automatic updates are enabled see Windows Update: FAQ.
For enterprises or other customers who manually manage updates, Microsoft recommends reviewing these vulnerabilities and ensuring your environments are protected against these threats. Customers who regularly review and deploy security updates will likely not need to take any action.
For enterprise administrators who routinely deploy all available security updates to all systems in the enterprise using patch management solutions like WSUS or SCCM, your systems will be protected via your normal patch management process as long as they are running supported platforms and receive all available security updates, including the June 2017 Security Updates.
Microsoft has tailored customer guidance based on platform. Please review the following table and follow the appropriate link to download updates for affected platforms.
Which Windows version are you running? | |
---|---|
For customers using Windows Server 2008,Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 8.1 RT, Windows Server 2012 R2, Windows 10, or Windows Server 2016 see Microsoft Knowledge Base Article 4025686 for guidance. | For customers using Windows XP, Windows Vista, Windows 8, Windows Server 2003, or Windows Server 2003 R2 see Microsoft Knowledge Base article 4025687 for guidance. |
For customers using Windows Embedded versions see Microsoft Knowledge Base article 4025688 for guidance. | |
Do not know which Windows version you are running? See Which Windows operating system am I running? |
The following table summarizes the updates available for vulnerabilities that Microsoft presumes to be at risk of imminent attack. Customers should prioritize deployment of these updates and plan to migrate to supported platforms if you have not already done so.
Bulletin or CVE ID | Bulletin Title and Executive Summary | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
---|---|---|---|---|
MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644) \ This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft, Windows XP and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) \ This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
MS10-061 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) \ This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
MS14-068 | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) \ This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. | Critical \ Elevation of Privilege | Restart required | Microsoft Windows |
MS17-010 | Security Update for Microsoft Windows SMB Server (4013389) \ This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
MS17-013 | Security Update for Microsoft Graphics Component (4013075) \ This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. | Critical Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-0176 | Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 ) \ A remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-0222 | Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222) \ A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | Critical \ Remote Code Execution | Restart required | Microsoft Internet Explorer |
CVE-2017-0267 - CVE-2017-0280 | Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280 \ Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-7269 | WebDAV Remote Code Execution Vulnerability (CVE-2017-7269) \ A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-8461 | Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461) \ A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-8464 | LNK Remote Code Execution Vulnerability (CVE-2017-8464) \ A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-8487 | Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487) \ A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability (CVE-2017-8543) \ A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | Critical \ Remote Code Execution | Restart required | Microsoft Windows |
CVE-2017-8552 | Win32k Elevation of Privilege Vulnerability \ An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | Important \ Remote Code Execution | Restart required | Microsoft Windows |
Why is Microsoft releasing these updates?
We are providing this additional guidance and critical security updates to address vulnerabilities that are at heightened risk of exploitation. We recommend that customers who are not utilizing automatic updates prioritize downloading and application of these critical updates.
Are there any workarounds for these threats?
Workarounds and mitigations for already-released fixes are found in the original release documentation for each vulnerability.
Are these updates related to any of the updates from the WannaCry malware attack?
No. The WannaCry malware is fully addressed by installing the security updates Microsoft release in Microsoft Security Bulletin MS17-010.
Is this support available for any embedded Windows products, or do I need to contact the OEM?
Embedded devices are serviced directly by the device maker. Microsoft has made updates available for vulnerable versions of the underlying operating system.
I’m having trouble installing the update from Windows Update. Is there a troubleshooter available?
For help troubleshooting Windows updates installation see Description of the Windows Update Troubleshooter.
I see there are individual security updates for older operating systems (for example, Windows XP and Windows Server 2003) Where are the individual security updates for newer operating systems?
With the implementation of Simplified Down-level Servicing, Security-Only monthly rollups and monthly quality rollups are now available for newer operating systems. For more information see Further simplifying servicing models for Windows 7 and Windows 8.1 and Configuration Manager and Simplified Windows Servicing on Down Level Operating Systems.
Are individual or standalone updates available where only cumulative or security roll-up packages are listed in the Affected Software tables?
No. Windows 10 and Windows Server 2016 updates are cumulative. Beginning with the October 2016 release, Microsoft has changed the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, see this Microsoft TechNet article.
I am running Windows 7 or newer and have automatic update enabled. Do I need to take any action with this release?
No. Customers who have enabled automatic updates on mainstream and extended support platforms are already protected.
How can I check to see that I am receiving these updates automatically?
For additional information about automatic updates and keeping your computer up to date, see Windows Update: FAQ. Customers with automatic updates enabled on mainstream or extended support platforms are already protected.
How can I upgrade to the most recent version of Windows?
For information about upgrading to the most recent version of Windows, see Upgrade to Windows 10: FAQ.
My operating system version is not listed. Are updates available for other versions?
There are no updates available for other versions of the operating systems listed (for example, RTM or different service pack levels) or for older operating systems. Customers should update to the latest service pack version to receive security updates.
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (June 13, 2017): Advisory published.
Page generated 2017-06-13 14:22Z-07:00.