VERT Threat Alert: September 2017 Patch Tuesday Analysis

Posted on September 12, 2017
VERT Threat Alert: August 2018 Patch Tuesday Analysis
Today’s VERT Alert addresses the Microsoft September 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-742 on Wednesday, September 13th.

In-The-Wild & Disclosed CVEs

CVE-2017-8759

This vulnerability, discovered by researchers at FireEye, has been exploited as part of the spread of the FINSPY malware as documented in a FireEye blog post. The vulnerability is exploited using a malicious document that takes advantage of an input validation issue in the WSDL parser. Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected)

CVE-2017-9417

This vulnerability impacts the Broadcom chipset in the HoloLens. A specially crafted WiFi packet could be used to take control of a vulnerable system. This vulnerability has been publicly disclosed. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

CVE-2017-8746

A vulnerability in Device Guard could allow attackers to bypass the Code Integrity Policy by injecting code into an already trusted script. This vulnerability was resolved by updating how PowerShell exposes functions and processes user supplied data. This vulnerability has been publicly disclosed. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

CVE-2017-8723

A validation error in the Microsoft Edge Content Security Policy could allow malicious content load when a user visits a website. This technique has been publicly disclosed. Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely)

FYI Vulnerabilities

While many of the issues fixed today are typical for Patch Tuesday, there are a few that are worth highlighting.

CVE-2017-8529

Microsoft has released an update for this CVE, which states:
Please note that with the installation of these updates, the solution to CVE-2017-8529 is turned off by default to help prevent the risk of further issues with print regressions, and must be activated via your Registry. To be fully protected from this vulnerability, please see the Update FAQ section for instructions to activate the solution.
It is important that you ensure these additional steps are taken to fully protect your systems.

Prior CVEs & Windows 10

Microsoft has announced a major revision increment for a number of vulnerabilities and security bulletins that impact Windows 10 (CVE-2016-0165 [MS16-039], CVE-2016-3326 [MS16-095], CVE-2016-3376 [MS16-123], CVE-2017-0213, and CVE-2017-8599). Additionally, CVE-2016-3238 [MS16-087] was updated for multiple operating systems.

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a security advisory was also published.

August Flash Security Update [ADV170013]

Microsoft has published an advisory for the September Adobe Flash Security Update (APSB17-28). This includes updates for the following vulnerabilities: CVE-2017-11281, CVE-2017-11282

Microsoft Office Defense in Depth Update [ADV170015]

Microsoft has released a defense in depth update for Office that includes updates for both Office and Outlook. This includes all versions from 2007 to 2016.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!