Microsoft released the August 2017 Patch Tuesday security bulletin, and this month the company fixed 48 security issues in six of its main product categories.
The products that received security updates are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft SharePoint, Adobe Flash Player, and Microsoft SQL Server.
Of all the security issues patched this month, three became public before they were patched CVE-2017-8620, CVE-2017-8627, and CVE-2017-8633. Fortunately, Microsoft didn't detect any of them being used in live attacks.
Below is a table listing of all the 48 security issues fixed this month. We used a PowerShell script created by Microsoft employee John Lambert to assemble the table below, but the report generated by this script is much longer. We hosted the full report on GitHub, here.
If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.
| Product | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV170010 | August 2017 Flash Update |
| Common Log File System Driver | CVE-2017-8624 | Windows CLFS Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2017-8669 | Microsoft Browser Memory Corruption Vulnerability |
| Internet Explorer | CVE-2017-8625 | Internet Explorer Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2017-8653 | Microsoft Browser Memory Corruption Vulnerability |
| Internet Explorer | CVE-2017-8651 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8503 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2017-8652 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2017-8650 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2017-8662 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2017-8661 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8642 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2017-8644 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2017-0250 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2017-8654 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8656 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8655 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8657 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8641 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8645 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8634 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8647 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8674 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8646 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8659 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8671 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8672 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8639 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8640 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8637 | Scripting Engine Security Feature Bypass Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8670 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8635 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8638 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8636 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2017-0174 | Windows NetBIOS Denial of Service Vulnerability |
| Microsoft Windows | CVE-2017-8633 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows PDF | CVE-2017-0293 | Windows PDF Remote Code Execution Vulnerability |
| Microsoft Windows Search Component | CVE-2017-8620 | Windows Search Remote Code Execution Vulnerability |
| SQL Server | CVE-2017-8516 | Microsoft SQL Server Analysis Services Information Disclosure Vulnerability |
| Volume Manager Driver | CVE-2017-8668 | Volume Manager Extension Driver Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2017-8623 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2017-8664 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8666 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8691 | Express Compressed Fonts Remote Code Execution Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8593 | Win32k Elevation of Privilege Vulnerability |
| Windows RDP | CVE-2017-8673 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
| Windows Shell | CVE-2017-8591 | Windows IME Remote Code Execution Vulnerability |
| Windows Subsystem for Linux | CVE-2017-8627 | Windows Subsystem for Linux Denial of Service Vulnerability |
| Windows Subsystem for Linux | CVE-2017-8622 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Comments
hniop - 5 years ago
Oh, great, your article gives me useful information and a fresh perspective on the subject. https://blog.loveawake.com/2019/01/08/8-conversation-starters-for-dates