Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0145
Security Updates for Microsoft Internet Explorer
13 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Internet Explorer
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-8750 CVE-2017-8749 CVE-2017-8748
CVE-2017-8747 CVE-2017-8741 CVE-2017-8736
CVE-2017-8733
Member content until: Friday, October 13 2017
OVERVIEW
Microsoft has released its monthly security patch update for the month of September 2017. [1]
This update resolves 7 vulnerabilities across the following products:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2017-8733 Spoofing Important
CVE-2017-8736 Information Disclosure Important
CVE-2017-8741 Remote Code Execution Critical
CVE-2017-8747 Remote Code Execution Critical
CVE-2017-8748 Remote Code Execution Critical
CVE-2017-8749 Remote Code Execution Critical
CVE-2017-8750 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Cataloge for the following
Knowledge Base articles. [1]
KB4036586, KB4038792, KB4038777, KB4038788, KB4038783 KB4038782,
KB4038781, KB4038799
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWbiC+Yx+lLeg9Ub1AQggZg//RADfngbTGIk1+GBPCQrDnAZGEqQE3L6n
kBT9uP6cB0pI1bt9lX5PGTjJxAYwCw7JMrFyIdERk5xecCv7UkotCajBytRvtBFQ
As4fsS3DUMwc6ZbdBKXP1YDXXTayL3DcqoxR4CgwfXjc88LAuZbU13KEe5hG8smy
X8PlbdmsmL6nLCb8mKv6/Z4ZQL/F6fPFIvZ7Po8kH2OV22J9B2IxP2NHST/JnCR1
uzG+y1eoSc5Cnd1jO5fKWPuVwY78KERdZlbD1CgdBEkpTctxnov3DbcOjVxfryJj
ox4d4yrJZ4bKYGhxkNvmRf7zfcERktJ1wVwDBwcRdYPJRwH0XUPN/3lt1BX28tGE
SMNt00pc4wQxfXCusUmPcipM9jUaizIRnRMGg9+HKVxIEtwJLCIm3dJM5qPd6xoe
jN1OqGXHOBtM+2ik4iwxihOfiQRRecEZiVSO1unhVNct+OljkpP4jaTn/zEZvLOE
Kn6jwOemOg/zuLGISr+pJ5gqbaAFR+kLrDqZc1vkCoUfBS6bn3ZnFgGrxoSZ7qRI
a70HDdlt0ajKBd8DKeair/NXOSoHQk/0/swLes5AxeksR4hdBtr72T+CWlXHJfzX
i9IJICpc5whTuGBtZ6Ffd4qxaF4p1Bk8rvDrP+teH/F3RtVECHBsX/r8CHC5d225
bPtdU2PI9No=
=zPRk
-----END PGP SIGNATURE-----