Operating System:

[Win]

Published:

13 September 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0144
                    Security updates for Microsoft Edge
                             13 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-11766 CVE-2017-11764 CVE-2017-8757
                      CVE-2017-8756 CVE-2017-8755 CVE-2017-8754
                      CVE-2017-8753 CVE-2017-8752 CVE-2017-8751
                      CVE-2017-8750 CVE-2017-8748 CVE-2017-8741
                      CVE-2017-8740 CVE-2017-8739 CVE-2017-8738
                      CVE-2017-8737 CVE-2017-8736 CVE-2017-8735
                      CVE-2017-8734 CVE-2017-8731 CVE-2017-8729
                      CVE-2017-8728 CVE-2017-8724 CVE-2017-8723
                      CVE-2017-8660 CVE-2017-8649 CVE-2017-8648
                      CVE-2017-8643 CVE-2017-8597 
Member content until: Friday, October 13 2017

OVERVIEW

        Microsoft has released its monthly security patch update for the 
        month of September 2017. [1]
        
        This update resolves 29 vulnerabilities across the following 
        products:
        
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2017-11764  Remote Code Execution    Critical
         CVE-2017-11766  Remote Code Execution    Critical
         CVE-2017-8597   Information Disclosure   Important
         CVE-2017-8643   Information Disclosure   Important
         CVE-2017-8648   Information Disclosure   Important
         CVE-2017-8649   Remote Code Execution    Critical
         CVE-2017-8660   Remote Code Execution    Critical
         CVE-2017-8723   Security Feature Bypass  Moderate
         CVE-2017-8724   Spoofing                 Important
         CVE-2017-8728   Remote Code Execution    Critical
         CVE-2017-8729   Remote Code Execution    Critical
         CVE-2017-8731   Remote Code Execution    Critical
         CVE-2017-8734   Remote Code Execution    Critical
         CVE-2017-8735   Spoofing                 Moderate
         CVE-2017-8736   Information Disclosure   Important
         CVE-2017-8737   Remote Code Execution    Critical
         CVE-2017-8738   Remote Code Execution    Critical
         CVE-2017-8739   Information Disclosure   Important
         CVE-2017-8740   Remote Code Execution    Critical
         CVE-2017-8741   Remote Code Execution    Critical
         CVE-2017-8748   Remote Code Execution    Critical
         CVE-2017-8750   Remote Code Execution    Critical
         CVE-2017-8751   Remote Code Execution    Critical
         CVE-2017-8752   Remote Code Execution    Critical
         CVE-2017-8753   Remote Code Execution    Critical
         CVE-2017-8754   Security Feature Bypass  Important
         CVE-2017-8755   Remote Code Execution    Critical
         CVE-2017-8756   Remote Code Execution    Critical
         CVE-2017-8757   Remote Code Execution    Critical


MITIGATION

        Microsoft recommends updating the software with the version made 
        available on the Microsoft Update Cataloge for the following 
        Knowledge Base articles. [1]
        
         KB4038783, KB4038782, KB4038781, KB4038788


REFERENCES

        [1] Security Updates
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWbiB94x+lLeg9Ub1AQjd6Q/+PK+4YGV3H3ilauFDbSMSlIK1OECt7yyC
qpnXjqPB3lxYa/VlnqRmASNErM1M1wYUcJAAqS2bgFXaQICQB4rQGcUqqGxwxWv4
x5f5sQla6OEzkH3h3ANsss/Nh71RcbRVETHAlzY8lNbRw+EBZ0lJQkn2ak4S7Zx5
hrSWyBr1ZxOX+pfAHIkrBL2f/H/ctTNQOnoNhhiIhTw4y3x3H2aRT0Xtde2n6SBG
NF7A598h0QVQCXB2JPw7O1EpvPpeQiy8L34GkoQjNXFbwx50LTjhn8qDmsqWCUz0
/ApwIUKe2WD9cciq/ymIQJRPQ2rBR82O4ODwMVMH5tDwg0PGTeIs3zLO6RP96rI0
Kq82CpxoKqMOn9ug02LdNFvLDjY1OksFfquaO/avBSjvmjp5dnAgRLDoyPmfH9Ct
7PNZtwGa1OyIJXJbNOH215qSgLZD4UEcKk8v3PQg02pB0cK7XHenkLTKq7ZUKyZg
oriel9IZr0NW+OFvdC6AcZfgy5nuagLVG58S0v2FQfj3IXO6WeP4utZNBCU+MnDn
+rY7WdxTfRTOQrMJxyZ5IbUjQ4RicMaWPsPJQ6f4Pwdonpm4wa/FrnzSJwLaIQts
Id1p4njQwnxW7NZwYmBfZ4WDeROIfINa+IzR2ZB1NmMjv8Scn1Gyb9z/Z6T4+O/E
27CBWC8DX6o=
=Pc2+
-----END PGP SIGNATURE-----