Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0144
Security updates for Microsoft Edge
13 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-11766 CVE-2017-11764 CVE-2017-8757
CVE-2017-8756 CVE-2017-8755 CVE-2017-8754
CVE-2017-8753 CVE-2017-8752 CVE-2017-8751
CVE-2017-8750 CVE-2017-8748 CVE-2017-8741
CVE-2017-8740 CVE-2017-8739 CVE-2017-8738
CVE-2017-8737 CVE-2017-8736 CVE-2017-8735
CVE-2017-8734 CVE-2017-8731 CVE-2017-8729
CVE-2017-8728 CVE-2017-8724 CVE-2017-8723
CVE-2017-8660 CVE-2017-8649 CVE-2017-8648
CVE-2017-8643 CVE-2017-8597
Member content until: Friday, October 13 2017
OVERVIEW
Microsoft has released its monthly security patch update for the
month of September 2017. [1]
This update resolves 29 vulnerabilities across the following
products:
Microsoft Edge
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2017-11764 Remote Code Execution Critical
CVE-2017-11766 Remote Code Execution Critical
CVE-2017-8597 Information Disclosure Important
CVE-2017-8643 Information Disclosure Important
CVE-2017-8648 Information Disclosure Important
CVE-2017-8649 Remote Code Execution Critical
CVE-2017-8660 Remote Code Execution Critical
CVE-2017-8723 Security Feature Bypass Moderate
CVE-2017-8724 Spoofing Important
CVE-2017-8728 Remote Code Execution Critical
CVE-2017-8729 Remote Code Execution Critical
CVE-2017-8731 Remote Code Execution Critical
CVE-2017-8734 Remote Code Execution Critical
CVE-2017-8735 Spoofing Moderate
CVE-2017-8736 Information Disclosure Important
CVE-2017-8737 Remote Code Execution Critical
CVE-2017-8738 Remote Code Execution Critical
CVE-2017-8739 Information Disclosure Important
CVE-2017-8740 Remote Code Execution Critical
CVE-2017-8741 Remote Code Execution Critical
CVE-2017-8748 Remote Code Execution Critical
CVE-2017-8750 Remote Code Execution Critical
CVE-2017-8751 Remote Code Execution Critical
CVE-2017-8752 Remote Code Execution Critical
CVE-2017-8753 Remote Code Execution Critical
CVE-2017-8754 Security Feature Bypass Important
CVE-2017-8755 Remote Code Execution Critical
CVE-2017-8756 Remote Code Execution Critical
CVE-2017-8757 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Cataloge for the following
Knowledge Base articles. [1]
KB4038783, KB4038782, KB4038781, KB4038788
REFERENCES
[1] Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWbiB94x+lLeg9Ub1AQjd6Q/+PK+4YGV3H3ilauFDbSMSlIK1OECt7yyC
qpnXjqPB3lxYa/VlnqRmASNErM1M1wYUcJAAqS2bgFXaQICQB4rQGcUqqGxwxWv4
x5f5sQla6OEzkH3h3ANsss/Nh71RcbRVETHAlzY8lNbRw+EBZ0lJQkn2ak4S7Zx5
hrSWyBr1ZxOX+pfAHIkrBL2f/H/ctTNQOnoNhhiIhTw4y3x3H2aRT0Xtde2n6SBG
NF7A598h0QVQCXB2JPw7O1EpvPpeQiy8L34GkoQjNXFbwx50LTjhn8qDmsqWCUz0
/ApwIUKe2WD9cciq/ymIQJRPQ2rBR82O4ODwMVMH5tDwg0PGTeIs3zLO6RP96rI0
Kq82CpxoKqMOn9ug02LdNFvLDjY1OksFfquaO/avBSjvmjp5dnAgRLDoyPmfH9Ct
7PNZtwGa1OyIJXJbNOH215qSgLZD4UEcKk8v3PQg02pB0cK7XHenkLTKq7ZUKyZg
oriel9IZr0NW+OFvdC6AcZfgy5nuagLVG58S0v2FQfj3IXO6WeP4utZNBCU+MnDn
+rY7WdxTfRTOQrMJxyZ5IbUjQ4RicMaWPsPJQ6f4Pwdonpm4wa/FrnzSJwLaIQts
Id1p4njQwnxW7NZwYmBfZ4WDeROIfINa+IzR2ZB1NmMjv8Scn1Gyb9z/Z6T4+O/E
27CBWC8DX6o=
=Pc2+
-----END PGP SIGNATURE-----