Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0128 Microsoft Edge Security Updates 9 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-8674 CVE-2017-8672 CVE-2017-8671 CVE-2017-8670 CVE-2017-8669 CVE-2017-8662 CVE-2017-8661 CVE-2017-8659 CVE-2017-8657 CVE-2017-8656 CVE-2017-8655 CVE-2017-8653 CVE-2017-8652 CVE-2017-8650 CVE-2017-8647 CVE-2017-8646 CVE-2017-8645 CVE-2017-8644 CVE-2017-8642 CVE-2017-8641 CVE-2017-8640 CVE-2017-8639 CVE-2017-8638 CVE-2017-8637 CVE-2017-8636 CVE-2017-8635 CVE-2017-8634 CVE-2017-8503 Member content until: Friday, September 8 2017 OVERVIEW Microsoft has released its monthly security patch update for the month of August 2017. [1] This update resolves 28 vulnerabilities across the following products: Microsoft Edge IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-8503 Elevation of Privilege Important CVE-2017-8634 Remote Code Execution Critical CVE-2017-8635 Remote Code Execution Critical CVE-2017-8636 Remote Code Execution Critical CVE-2017-8637 Security Feature Bypass Important CVE-2017-8638 Remote Code Execution Critical CVE-2017-8639 Remote Code Execution Critical CVE-2017-8640 Remote Code Execution Critical CVE-2017-8641 Remote Code Execution Critical CVE-2017-8642 Elevation of Privilege Important CVE-2017-8644 Information Disclosure Important CVE-2017-8645 Remote Code Execution Critical CVE-2017-8646 Remote Code Execution Critical CVE-2017-8647 Remote Code Execution Critical CVE-2017-8650 Security Feature Bypass Moderate CVE-2017-8652 Information Disclosure Important CVE-2017-8653 Remote Code Execution Critical CVE-2017-8655 Remote Code Execution Critical CVE-2017-8656 Remote Code Execution Critical CVE-2017-8657 Remote Code Execution Critical CVE-2017-8659 Information Disclosure Important CVE-2017-8661 Remote Code Execution Critical CVE-2017-8662 Information Disclosure Important CVE-2017-8669 Remote Code Execution Critical CVE-2017-8670 Remote Code Execution Critical CVE-2017-8671 Remote Code Execution Critical CVE-2017-8672 Remote Code Execution Critical CVE-2017-8674 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1] KB4034658, KB4034668, KB4034674, KB4034660 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWYpYxIx+lLeg9Ub1AQjNVQ/+I3qspropaNiA0dQoWw+6e12r2jhdQLJh kB2DD7aTIwIWQy0MT0dziOa2VeaaaBQmPPQ9m71UpjvlU+Aj6XLhXdPKRZ6bnpeN mDZFA4N0k1vZAmhsPkodM+7EVF9CyM+PwhhEeeT/HdY4uDaJEfs8Utu30cK+5eAh xIqKfq7I7exG2iUrwLLY7QUUgNF0vby6mCudbVr9rAULItuyDySAkNXH0aNwg41j 9QhXO3vqr8NNnE8Aqf/ABz0cu1U0a//pWyMELtj93zF3Dl17MOV6XghhvXk+5y3f YiQHbiUODkbB7K5rSy9O0SL1Tb/4DdhCSp56v26RdTiuD7Fw2WLaWNVCAP1IIr/J MyCr8jI/Z2tMzaP+3zHWP3pDQGjPfB8YLXa0+tv1PwIDMog0kvfUiIRPMwn/mWVO XuBoFelLS2eOsI74u3aLKQ7eNhy9nZHv4bFufzYm6Iu+JGM07dPtnz3JafXu1bec 1wQRgfitBeAumCK6N/zgyvQgd2xPOPYllIARe+u2FqoGw4+xJpUGuk+Ez1i+ES2T ZObdVEdMMjFFhd07FpNZfcK/VFwHGkgvcw7ZrdNDSQE1Q0ojsR69g+aP2t5BE5cZ tTa+y0CPnkjAZ0W3KlqvInqejnpcRvyVkAhWK9ptymMPy8NThX8Mu4/ljGjtC6Lj SnpDDPh66rE= =za20 -----END PGP SIGNATURE-----