==================================================================== CERT-Renater Note d'Information No. 2017/VULN210 _____________________________________________________________________ DATE : 12/07/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions 7, 8.1, RT 8.1, 10, Server 2008, Server 2012, Server 2016, Systems running Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Web Apps, Microsoft Office Online Server, Microsoft Office Compatibility Pack, Microsoft SharePoint Enterprise Server, Microsoft .NET Framework, Microsoft Exchange Server, Adobe Flash Player for Windows. ===================================================================== https://portal.msrc.microsoft.com/en-us/security-guidance ____________________________________________________________________ ******************************************************************** Microsoft Security Update Summary for July 2017 Issued: July 11, 2017 ******************************************************************** This summary lists security updates released for July 2017. Complete information for the July 2017 security update release can Be found at . Critical Security Updates ============================ Critical Adobe Flash Player Critical Internet Explorer 9 Critical Internet Explorer 11 Critical Microsoft Edge Critical Windows 7 for 32-bit Systems Service Pack 1 Critical Windows 7 for x64-based Systems Service Pack 1 Critical Windows 8.1 for 32-bit systems Critical Windows 8.1 for x64-based systems Critical Windows RT 8.1 Critical Windows 10 for 32-bit Systems Critical Windows 10 for x64-based Systems Critical Windows 10 Version 1511 for 32-bit Systems Critical Windows 10 Version 1511 for x64-based Systems Critical Windows 10 Version 1607 for 32-bit Systems Critical Windows 10 Version 1607 for x64-based Systems Critical Windows 10 Version 1703 for 32-bit Systems Critical Windows 10 Version 1703 for x64-based Systems Critical Windows Server 2008 for 32-bit Systems Service Pack 2 Critical Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical Windows Server 2008 for Itanium-Based Systems Service Pack 2 Critical Windows Server 2008 for x64-based Systems Service Pack 2 Critical Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Critical Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical Windows Server 2012 Critical Windows Server 2012 (Server Core installation) Critical Windows Server 2012 R2 Critical Windows Server 2012 R2 (Server Core installation) Critical Windows Server 2016 Critical Windows Server 2016 (Server Core installation) Important Security Updates ============================ Important Excel Services installed on Microsoft SharePoint Server 2010 Service Pack 2 Important Microsoft Business Productivity Servers 2010 Service Pack 2 Important Microsoft Excel 2007 Service Pack 3 Important Microsoft Excel 2010 Service Pack 2 (32-bit editions) Important Microsoft Excel 2010 Service Pack 2 (64-bit editions) Important Microsoft Excel 2013 RT Service Pack 1 Important Microsoft Excel 2016 (32-bit edition) Important Microsoft Excel 2016 (64-bit edition) Important Microsoft Excel Viewer 2007 Service Pack 3 Important Microsoft Office 2007 Service Pack 3 Important Microsoft Office 2010 Service Pack 2 (32-bit editions) Important Microsoft Office 2010 Service Pack 2 (64-bit editions) Important Microsoft Office 2013 RT Service Pack 1 Important Microsoft Office 2013 Service Pack 1 (32-bit editions) Important Microsoft Office 2013 Service Pack 1 (64-bit editions) Important Microsoft Office 2016 (32-bit edition) Important Microsoft Office 2016 (64-bit edition) Important Microsoft Office 2016 for Mac Important Microsoft Office for Mac 2011 Important Microsoft Office Compatibility Pack Service Pack 3 Important Microsoft Office Online Server 2016 Important Microsoft Office Web Apps 2010 Service Pack 2 Important Microsoft SharePoint Enterprise Server 2013 Important Microsoft SharePoint Enterprise Server 2016 Important Microsoft .NET Framework 4.6 Important Microsoft .NET Framework 4.6.1 Important Microsoft .NET Framework 4.6.2/4.7 Important Microsoft .NET Framework 4.7 Important Microsoft Exchange Server 2013 Service Pack 1 Important Microsoft Exchange Server 2013 Cumulative Update 16 Important Microsoft Exchange Server 2016 Cumulative Update 5 Moderate Security Updates ============================ Moderate Internet Explorer 10 Moderate Microsoft Exchange Server 2010 Service Pack 3 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security information, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ____________________________________________________________________ ******************************************************************** Title: Microsoft Security Update Releases Issued: July 11, 2017 ******************************************************************** Summary ======= The following CVEs and Microsoft security bulletins have undergone a major revision increment. * CVE-2016-3305 * CVE-2017-0292 * CVE-2017-8543 * MS16-111 * MS16-SEP CVE Revision Information: ===================== CVE-2016-3305 - Title: CVE-2016-3305 | Windows Session Object Elevation of Privilege Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: Revised the Affected Products table to include 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability. - Originally posted: September 13, 2016 - CVE Severity Rating: Important - Version: 2.0 CVE-2017-0292 - Title: CVE-2017-0292 | Windows PDF Remote Code Execution Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: To address a known issue customers may have experienced when rendering PDF files, Microsoft has released an update with the July security and monthly rollup updates. Microsoft recommends that customers who have experienced this known issue should install the July security or monthly rollup updates. - Originally posted: June 13, 2017 - Updated: June 13, 2017 - CVE Severity Rating: Critical - Version: 5.0 CVE-2017-8543 - CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: To more comprehensively address CVE-2017-8543, Microsoft is releasing security update 4025339 for affected editions of Windows 10 Version 1607 and security update 4025342 for affected editions of Windows 10 Version 1703. Microsoft recommends that customers running these versions of Windows 10 install the updates to be protected from this vulnerability. - Originally posted: June 13, 2017 - Updated: July 11, 2017 - CVE Severity Rating: Critical - Version: 5.0 Microsoft Becurity Bulletin Revision Information: ===================== MS16-111 - Title: Security Update for Windows Kernel (3186973) - https://technet.microsoft.com/library/security/ms16-111 - Reason for Revision: Revised the Windows Affected Software and Vulnerability Severity Ratings table to include 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability. - Originally posted: September 13, 2016 - CVE Severity Rating: Important - Version: 2.0 MS16-SEP - Title: Microsoft Security Bulletin Summary for September 2016 - https://technet.microsoft.com/library/security/ms16-SEP - Reason for Revision: For MS16-111, added Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems to the Affected Software table because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability. - Originally posted: September 13, 2016 - CVE Severity Rating: N/A - Version: 2.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================