Microsoft Edge: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0128
                      Microsoft Edge Security Updates
                               9 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-8674 CVE-2017-8672 CVE-2017-8671
                      CVE-2017-8670 CVE-2017-8669 CVE-2017-8662
                      CVE-2017-8661 CVE-2017-8659 CVE-2017-8657
                      CVE-2017-8656 CVE-2017-8655 CVE-2017-8653
                      CVE-2017-8652 CVE-2017-8650 CVE-2017-8647
                      CVE-2017-8646 CVE-2017-8645 CVE-2017-8644
                      CVE-2017-8642 CVE-2017-8641 CVE-2017-8640
                      CVE-2017-8639 CVE-2017-8638 CVE-2017-8637
                      CVE-2017-8636 CVE-2017-8635 CVE-2017-8634
                      CVE-2017-8503  
Member content until: Friday, September  8 2017

OVERVIEW

        Microsoft has released its monthly security patch update for the month of August 2017. [1]
        
        This update resolves 28 vulnerabilities across the following products: 
        
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2017-8503   Elevation of Privilege   Important
         CVE-2017-8634   Remote Code Execution    Critical
         CVE-2017-8635   Remote Code Execution    Critical
         CVE-2017-8636   Remote Code Execution    Critical
         CVE-2017-8637   Security Feature Bypass  Important
         CVE-2017-8638   Remote Code Execution    Critical
         CVE-2017-8639   Remote Code Execution    Critical
         CVE-2017-8640   Remote Code Execution    Critical
         CVE-2017-8641   Remote Code Execution    Critical
         CVE-2017-8642   Elevation of Privilege   Important
         CVE-2017-8644   Information Disclosure   Important
         CVE-2017-8645   Remote Code Execution    Critical
         CVE-2017-8646   Remote Code Execution    Critical
         CVE-2017-8647   Remote Code Execution    Critical
         CVE-2017-8650   Security Feature Bypass  Moderate
         CVE-2017-8652   Information Disclosure   Important
         CVE-2017-8653   Remote Code Execution    Critical
         CVE-2017-8655   Remote Code Execution    Critical
         CVE-2017-8656   Remote Code Execution    Critical
         CVE-2017-8657   Remote Code Execution    Critical
         CVE-2017-8659   Information Disclosure   Important
         CVE-2017-8661   Remote Code Execution    Critical
         CVE-2017-8662   Information Disclosure   Important
         CVE-2017-8669   Remote Code Execution    Critical
         CVE-2017-8670   Remote Code Execution    Critical
         CVE-2017-8671   Remote Code Execution    Critical
         CVE-2017-8672   Remote Code Execution    Critical
         CVE-2017-8674   Remote Code Execution    Critical


MITIGATION

        Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]
        
        
         KB4034658, KB4034668, KB4034674, KB4034660


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWYpYxIx+lLeg9Ub1AQjNVQ/+I3qspropaNiA0dQoWw+6e12r2jhdQLJh
kB2DD7aTIwIWQy0MT0dziOa2VeaaaBQmPPQ9m71UpjvlU+Aj6XLhXdPKRZ6bnpeN
mDZFA4N0k1vZAmhsPkodM+7EVF9CyM+PwhhEeeT/HdY4uDaJEfs8Utu30cK+5eAh
xIqKfq7I7exG2iUrwLLY7QUUgNF0vby6mCudbVr9rAULItuyDySAkNXH0aNwg41j
9QhXO3vqr8NNnE8Aqf/ABz0cu1U0a//pWyMELtj93zF3Dl17MOV6XghhvXk+5y3f
YiQHbiUODkbB7K5rSy9O0SL1Tb/4DdhCSp56v26RdTiuD7Fw2WLaWNVCAP1IIr/J
MyCr8jI/Z2tMzaP+3zHWP3pDQGjPfB8YLXa0+tv1PwIDMog0kvfUiIRPMwn/mWVO
XuBoFelLS2eOsI74u3aLKQ7eNhy9nZHv4bFufzYm6Iu+JGM07dPtnz3JafXu1bec
1wQRgfitBeAumCK6N/zgyvQgd2xPOPYllIARe+u2FqoGw4+xJpUGuk+Ez1i+ES2T
ZObdVEdMMjFFhd07FpNZfcK/VFwHGkgvcw7ZrdNDSQE1Q0ojsR69g+aP2t5BE5cZ
tTa+y0CPnkjAZ0W3KlqvInqejnpcRvyVkAhWK9ptymMPy8NThX8Mu4/ljGjtC6Lj
SnpDDPh66rE=
=za20
-----END PGP SIGNATURE-----