==================================================================== CERT-Renater Note d'Information No. 2017/VULN176 _____________________________________________________________________ DATE : 14/06/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions 7, 8.1, RT 8.1, 10, Server 2008, Server 2012, Server 2016, Systems running Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Web Apps, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer, Microsoft Outlook, Microsoft Project Server, Microsoft Office Online Server, Microsoft Silverlight, Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft Lync, Skype for Business, Microsoft .NET Framework Adobe Flash Player for Windows. ===================================================================== https://portal.msrc.microsoft.com/en-us/security-guidance ____________________________________________________________________ ******************************************************************** Microsoft Security Update Summary for June 2017 Issued: June 13, 2017 ******************************************************************** This summary lists security updates released for June 2017. Complete information for the June 2017 security update release can Be found at . Critical Security Updates ============================ Critical Adobe Flash Player Critical Internet Explorer 9 Critical Internet Explorer 10 Critical Internet Explorer 11 Critical Microsoft Edge Critical Microsoft Office 2007 Service Pack 3 Critical Microsoft Office 2010 Service Pack 2 (32-bit editions) Critical Microsoft Office 2010 Service Pack 2 (64-bit editions) Critical Microsoft Office 2013 RT Service Pack 1 Critical Microsoft Office 2013 Service Pack 1 (32-bit editions) Critical Microsoft Office 2013 Service Pack 1 (64-bit editions) Critical Microsoft Office 2016 (32-bit edition) Critical Microsoft Office 2016 (64-bit edition) Critical Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Critical Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Critical Microsoft Office Compatibility Pack Service Pack 3 Critical Microsoft Office Web Apps 2010 Service Pack 2 Critical Microsoft Office Web Apps 2013 Service Pack 1 Critical Microsoft Office Word Viewer Critical Microsoft Excel 2013 RT Service Pack 1 Critical Microsoft Outlook 2007 Service Pack 3 Critical Microsoft Outlook 2010 Service Pack 2 (32-bit editions) Critical Microsoft Outlook 2010 Service Pack 2 (64-bit editions) Critical Microsoft Outlook 2013 RT Service Pack 1 Critical Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Critical Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Critical Microsoft Outlook 2016 (32-bit edition) Critical Microsoft Outlook 2016 (64-bit edition) Critical Microsoft Outlook 2016 for Mac Critical Microsoft PowerPoint 2007 Service Pack 3 Critical Microsoft PowerPoint 2013 RT Service Pack 1 Critical Microsoft PowerPoint 2016 for Mac Critical Microsoft PowerPoint for Mac 2011 Critical Microsoft Project Server 2013 Service Pack 1 Critical Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Critical Microsoft SharePoint Enterprise Server 2016 Critical Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions) Critical Microsoft SharePoint Server 2013 Service Pack 1 Critical Microsoft Word 2007 Service Pack 3 Critical Microsoft Word 2010 Service Pack 2 (32-bit editions) Critical Microsoft Word 2010 Service Pack 2 (64-bit editions) Critical Microsoft Word 2013 RT Service Pack 1 Critical Microsoft Word 2013 Service Pack 1 (32-bit editions) Critical Microsoft Word 2013 Service Pack 1 (64-bit editions) Critical Microsoft Word 2016 (32-bit edition) Critical Microsoft Word 2016 (64-bit edition) Critical Microsoft Word 2016 for Mac Critical Microsoft Word for Mac 2011 Critical Skype for Business 2016 (32-bit) Critical Skype for Business 2016 (64-bit) Critical Microsoft Lync 2013 Service Pack 1 (32-bit) Critical Microsoft Lync 2013 Service Pack 1 (64-bit) Critical Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit) Critical Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based) Critical Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit) Critical Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based) Critical Windows 7 for 32-bit Systems Service Pack 1 Critical Windows 7 for x64-based Systems Service Pack 1 Critical Windows 8.1 for 32-bit systems Critical Windows 8.1 for x64-based systems Critical Windows RT 8.1 Critical Windows 10 for 32-bit Systems Critical Windows 10 for x64-based Systems Critical Windows 10 Version 1511 for 32-bit Systems Critical Windows 10 Version 1511 for x64-based Systems Critical Windows 10 Version 1607 for 32-bit Systems Critical Windows 10 Version 1607 for x64-based Systems Critical Windows Server 2008 for 32-bit Systems Service Pack 2 Critical Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical Windows Server 2008 for Itanium-Based Systems Service Pack 2 Critical Windows Server 2008 for x64-based Systems Service Pack 2 Critical Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Critical Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical Windows Server 2012 Critical Windows Server 2012 (Server Core installation) Critical Windows Server 2012 R2 Critical Windows Server 2012 R2 (Server Core installation) Critical Windows Server 2016 Critical Windows Server 2016 (Server Core installation) Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security information, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ____________________________________________________________________ ******************************************************************** Title: Microsoft Security Update Releases Issued: June 13, 2017 ******************************************************************** Summary ======= The following CVEs have undergone a major revision increment. * CVE-2017-0167 * CVE-2016-3326 Revision Information: ===================== CVE-2017-0167 - Title: CVE-2017-0167 | Windows Kernel Information Disclosure Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: To comprehensively address CVE-2017-0167, Microsoft has released security update 4022887 for supported editions of Windows Server 2008, and Monthly Rollup 4015549 and Security Update 4015546 for supported editions of Windows 7 and Windows Server 2008 R2. Microsoft recommends that customers running any of these affected editions of Windows should install the applicable update to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 4022887, Microsoft KB4015549 Release Notes, or KB4015546 Release Notes for more information. - Originally posted: April 11, 2017 - Updated: June 13, 2017 - CVE Severity Rating: Important - Version: 2.0 CVE-2016-3326 - Title: CVE-2016-3326 | Microsoft Browser Information Disclosure Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: To comprehensively address CVE-2016-3326, Microsoft is releasing June security updates for all affected Microsoft browsers. Microsoft recommends that customers running affected Microsoft browsers should install the applicable June security update to be fully protected from this vulnerability. See the applicable Release Notes or Microsoft Knowledge Base article for more information. - Originally posted: Autust 09, 2016 - Updated: June 13, 2017 - CVE Severity Rating: Important - Version: 2.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ____________________________________________________________________ ******************************************************************** Title: Microsoft Security Update Releases Issued: June 13, 2017 ******************************************************************** Summary ======= The following bulletins have undergone a major revision increment. * MS16-095 * MS16-AUG Revision Information: ===================== MS16-095 - Title: Cumulative Security Update for Internet Explorer (3177356) - https:https://technet.microsoft.com/en-us/library/security/ ms16-095.aspx - Reason for Revision: To comprehensively address CVE-2016-3326, Microsoft is releasing June security updates for all affected Microsoft browsers. Microsoft recommends that customers running affected Microsoft browsers should install the applicable June security update to be fully protected from this vulnerability. See the applicable Release Notes or Microsoft Knowledge Base article for more information. - Originally posted: August 9, 2016 - Updated: June 13, 2017 - CVE Severity Rating: Critical - Version: 2.0 MS16-AUG - Title: Microsoft Security Bulletin Summary for August 2016 - https:https://technet.microsoft.com/en-us/library/security/ ms16-aug.aspx - Reason for Revision: To comprehensively address CVE-2016-3326, Microsoft is releasing June security updates for all affected Microsoft browsers. Microsoft recommends that customers running affected Microsoft browsers should install the applicable June security update to be fully protected from this vulnerability. See the applicable Release Notes or Microsoft Knowledge Base article for more information. - Originally posted: August 09, 2016 - Updated: June 13, 2017 - CVE Severity Rating: N/A - Version: 2.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================