Tripwire Patch Priority Index for September 2017

Posted on September 27, 2017
VERT Threat Alert: August 2018 Patch Tuesday Analysis
BULLETIN CVE
S2-052 Apache Struts REST Plugin Java Deserialization Vulnerability CVE-2017-9805
Oracle Security Alert Advisory - CVE-2017-9805 CVE-2017-9805
Microsoft 2017-September Developer Tools Vulnerabilities CVE-2017-8759
Microsoft 2017-September Browser Vulnerabilities CVE-2017-8649, CVE-2017-8648, CVE-2017-8643, CVE-2017-8660, CVE-2017-11764, CVE-2017-11766, CVE-2017-8751, CVE-2017-8750, CVE-2017-8753, CVE-2017-8752, CVE-2017-8755, CVE-2017-8754, CVE-2017-8757, CVE-2017-8756, CVE-2017-8733, CVE-2017-8731, CVE-2017-8597, CVE-2017-8736, CVE-2017-8735, CVE-2017-8734, CVE-2017-8739, CVE-2017-8738, CVE-2017-8748, CVE-2017-8749, CVE-2017-8729, CVE-2017-8724, CVE-2017-8740, CVE-2017-8741, CVE-2017-8747, CVE-2017-8723
APSB17-28 CVE-2017-11281, CVE-2017-11282
Chrome Stable Channel Update for Desktop CVE-2017-5118,CVE-2017-5119,CVE-2017-5111,CVE-2017-5112,CVE-2017-5113,CVE-2017-5114,CVE-2017-5115,CVE-2017-5116,CVE-2017-5117,CVE-2017-5120
Microsoft 2017-September Microsoft Office Vulnerabilities CVE-2017-8632, CVE-2017-8742, CVE-2017-8630, CVE-2017-8631, CVE-2017-8567, CVE-2017-8696, CVE-2017-8743, CVE-2017-8725, CVE-2017-8744
Microsoft 2017-September Microsoft SharePoint Vulnerabilities CVE-2017-8745, CVE-2017-8629
Microsoft 2017-September Windows Vulnerabilities CVE-2017-8706, CVE-2017-8707, CVE-2017-9417, CVE-2017-8702, CVE-2017-8704, CVE-2017-8708, CVE-2017-8709, CVE-2017-8628, CVE-2017-8737, CVE-2017-0161, CVE-2017-8692, CVE-2017-8695, CVE-2017-8728, CVE-2017-8714, CVE-2017-8716, CVE-2017-8711, CVE-2017-8710, CVE-2017-8713, CVE-2017-8712, CVE-2017-8719, CVE-2017-8678, CVE-2017-8679, CVE-2017-8676, CVE-2017-8677, CVE-2017-8675, CVE-2017-8699, CVE-2017-8746, CVE-2017-8687, CVE-2017-8686, CVE-2017-8685, CVE-2017-8684, CVE-2017-8683, CVE-2017-8682, CVE-2017-8681, CVE-2017-8680, CVE-2017-8720, CVE-2017-8688
Microsoft 2017-September Exchange Server Vulnerabilities CVE-2017-8758, CVE-2017-11761
  The September 2017 Patch Priority Index (PPI) brings together a collection of high priority vulnerabilities that should be patched as soon as possible. The PPI this month includes vulnerabilities from Microsoft, Adobe, Chrome, Oracle, and Apache Struts. Up first this month on the priority list is the S2-052 security bulletin for Apache Struts. This bulletin covers a remote code execution vulnerability, identified as CVE-2017-9805. Administrators should act quickly to discover and patch any devices running vulnerable versions, which include Struts 2.1.2 - Struts 2.3.33 and Struts 2.5 - Struts 2.5.12. Exploitation code and proof-of-concepts are available from both Metasploit and Exploit-db. Note also that Apache Struts can be embedded into other products, i.e. Oracle products. (See links above for more information.) Next is CVE-2017-8759 for the Microsoft .NET Framework. This vulnerability is due to flawed SOAP WSDL parser code and, according to Microsoft, has been actively exploited in the wild. We also have some patches for Microsoft Browsers, Adobe Flash, and Chrome. These are normally higher on the PPI, but the above-stated vulnerabilities are more important this month. Finally for this month, we recommend focusing on Microsoft Office patches, which address vulnerabilities in both client-side and server-side Office products. These patches should be followed by fixes for Microsoft Windows and then for Microsoft Exchange. This month, Exchange has patches for a Cross-Site Scripting (XSS) vulnerability along with an information disclosure vulnerability, so it falls at the bottom of the priority list.

September 2017 - Special Notes

CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability A patch for CVE-2017-8529 was initially released by Microsoft in June 2017. However, Microsoft has released an updated patch for this CVE. Note closely that installation of this new patch alone does not resolve the vulnerability. Further steps are required by the administrator. The revision notes from the security guidance states:
“Please note that with the installation of these updates, the solution to CVE-2017-8529 is turned off by default to help prevent the risk of further issues with print regressions, and must be activated via your Registry. To be fully protected from this vulnerability, please see the Update FAQ section for instructions to activate the solution.”
To learn more about Tripwire's Vulnerability and Exposure Research Team (VERT), click here.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!