1. Forum
  2. League10
  3. Microsoft Sec. Bulletin

  • The following CVEs have been revised in the September 2017 Security Updates.

    From Lord Time@TIME to All on Tue Sep 12 21:30:02 2017
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    ********************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: September 12, 2017 ********************************************************************

    Summary
    =======

    The following CVEs have been revised in the September 2017 Security
    Updates.

    * CVE-2017-8686
    * CVE-2017-8707
    * CVE-2017-8708
    * CVE-2017-8710
    * CVE-2017-8714
    * CVE-2017-8750
    * CVE-2017-8759


    Revision Information:
    =====================

    CVE-2017-8686

    - Title: CVE-2017-8686| Windows DHCP Server Remote Code Execution
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Added a mitigation stating that customers
    who have not configured their DHCP server as a failover are not
    affected by this vulnerability. This is an informational change
    only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Critical
    - Version: 1.1

    CVE-2017-8707

    - Title: CVE-2017-8707 | Hyper-V Information Disclosure
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Added Windows Server 2012 and Windows Server
    2012 (Server Core Installation) as affected by CVE-2017-8707.
    This is an informational change only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    CVE-2017-8708

    - Title: CVE-2017-8708 | Windows Kernel Information Disclosure
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Updated acknowledgment. This is an
    informational change only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    CVE-2017-8710

    - Title: CVE-2017-8710 | Windows Information Disclosure
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Corrected the affected Windows component
    in the CVE description. This is an informational change only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    CVE-2017-8714

    - Title: CVE-2017-8714 | Remote Desktop Virtual Host Remote Code
    Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Removed Windows 10 for x64-based Systems as
    affected by CVE-2017-8714. This is an informational change only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    CVE-2017-8750

    - Title: CVE-2017-8750 | Microsoft Browser Memory Corruption
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Updated acknowledgment. This is an
    informational change only.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Critical
    - Version: 1.1

    CVE-2017-8759

    - Title: CVE-2017-8759 | .NET Framework Remote Code Execution
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Corrected Product versions and
    supersedence entries in the Affected Products table, corrected
    .NET versions in the table in the FAQ, and updated the
    acknowledgment. These are informational changes only.
    Customers who have already successfully installed the updates
    do not need to take any further action.
    - Originally posted: September 12, 2017
    - Updated: September 12, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    Other Information
    =================

    Recognize and avoid fraudulent email to Microsoft customers: =============================================================
    If you receive an email message that claims to be distributing
    a Microsoft security update, it is a hoax that may contain
    malware or pointers to malicious websites. Microsoft does
    not distribute security updates via email.

    The Microsoft Security Response Center (MSRC) uses PGP to digitally
    sign all security notifications. However, PGP is not required for
    reading security notifications, reading security bulletins, or
    installing security updates. You can obtain the MSRC public PGP key
    at <https://technet.microsoft.com/security/dn753714>.

    ********************************************************************
    THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
    PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
    DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
    THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE.
    IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
    LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
    INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
    DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
    ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
    FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
    LIMITATION MAY NOT APPLY. ********************************************************************

    Microsoft respects your privacy. Please read our online Privacy
    Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

    If you would prefer not to receive future technical security
    notification alerts by email from Microsoft and its family of
    companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

    These settings will not affect any newsletters youΓÇÖve requested or
    any mandatory service communications that are considered part of
    certain Microsoft services.

    For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>.

    This newsletter was sent by:
    Microsoft Corporation
    1 Microsoft Way
    Redmond, Washington, USA
    98052

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 10.2.0 (Build 1950)
    Charset: utf-8

    wsFVAwUBWbhTd/sCXwi14Wq8AQjIog/9HQlFVF8ddfgm8PrH0MpTFQbA4/lwmQuW oSBLBy1C9u0UDtiSxvn8nnAHveTx9E7gXUcbsiDW9ZDx2ml93f4WfRbAS/+Upy2T Wp5aENvt1q1VWZTa/HAwm8xjQF450rTYjrKntB+QnTXQMnjnCGI+1xPu+6/Xa4Lr dYJqA8K9Y1RT6uvG37chveAlLzbbJzXxp6iCjlJ/I1h30HJ5c5pq1PWGTbEwK9Pp B2bYscVgqFbtNsF4nkUt4VJSyn58yapT7n4OW6gj34s15ZaX0cGji/2vx23yZRSW a45/gM814IrqnIlLPkDFnn6ofoKb6HoSZgjF6mE7AhExT7eAm+EAwsUF/iXIeD/w oY2Aj2N3pcHNXOiTsUyuHA/12eB9gvpCUnYwlhv0ydfX53di0SYt8lQgS7fJuaoD 14iXVil6+mdBGzxUz8JbEiyxtjtY7B7C8EbxbQEuMma+ULgVgIKN+TMJeSqXxOve tj7sHuyeJrD7xZAmYp3roKgZpM4VsuhQTTxApaevHLE+O2A8k4qOWDf52AfLANlY FI6XsviPoQrs9zRAoFO4VL4s7dV7s1wVGbwOv19L+0JOaaWHkoxV6a9sS2v5arCF M26jEB6/40ghI6SR2CrizexNVZQHtvlCHDzWAzpMk7vw/sX5aARArB7fyzEBaOLP
    LRxpnZu7bRY=
    =HO+9
    -----END PGP SIGNATURE-----
    ---
    ■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
  • From Lord Time@TIME to All on Tue Oct 3 20:47:08 2017
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    ********************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: October 3, 2017 ********************************************************************

    Summary
    =======

    The following CVEs have been revised in the September 2017 Security
    Updates.

    * CVE-2017-8759


    Revision Information:
    =====================

    CVE-2017-8759

    - Title: CVE-2017-8759 | .NET Framework Remote Code Execution
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Corrected links to the Monthly Rollup KB
    articles for Microsoft .NET Framework 4.5.2 and Microsoft .NET
    Framework 4.6 installed on Windows Server 2008, and added a link
    to the 4041085 monthly rollup for Microsoft .NET Framework
    4.6/4.6.1/4.6.2/4.7 installed on Windows RT 8.1. This is an
    informational change only. Customers who have successfully
    installed the updates do not need to take any further action.
    - Originally posted: September 12, 2017
    - Updated: October 3, 2017
    - CVE Severity Rating: Important
    - Version: 1.2


    Other Information
    =================

    Recognize and avoid fraudulent email to Microsoft customers: =============================================================
    If you receive an email message that claims to be distributing
    a Microsoft security update, it is a hoax that may contain
    malware or pointers to malicious websites. Microsoft does
    not distribute security updates via email.

    The Microsoft Security Response Center (MSRC) uses PGP to digitally
    sign all security notifications. However, PGP is not required for
    reading security notifications, reading security bulletins, or
    installing security updates. You can obtain the MSRC public PGP key
    at <https://technet.microsoft.com/security/dn753714>.

    ********************************************************************
    THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
    PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
    DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
    THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE.
    IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
    LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
    INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
    DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
    ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
    FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
    LIMITATION MAY NOT APPLY. ********************************************************************

    Microsoft respects your privacy. Please read our online Privacy
    Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

    If you would prefer not to receive future technical security
    notification alerts by email from Microsoft and its family of
    companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

    These settings will not affect any newsletters youΓÇÖve requested or
    any mandatory service communications that are considered part of
    certain Microsoft services.

    For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>.

    This newsletter was sent by:
    Microsoft Corporation
    1 Microsoft Way
    Redmond, Washington, USA
    98052

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 10.2.0 (Build 1950)
    Charset: utf-8

    wsFUAwUBWdP8A/sCXwi14Wq8AQjk+w/47aqMkoNfUEfVthJ5uEHkAJQvrpBI6Trk 7jbLyuKtG9ScUH0l7zEFb59TSQBOuja67ysC1QEy4Ck+udiTq/gTuXJdn8gsh9EY b++2qZVUsk2vUyHTkXxECxCiY/brc4B3XPhmqt+lLlJH+lW2Cv70uQrntS6Q2zu/ kTCgr+3IgCwyNwd32uGts6jEWhEI0OXtUnLErDkFlYhr7NQsGZpEZLlZ5sMvoRUA ilQduvQuOZJ9pENF7yrtXP2NUrkpIRQBOOLTJxNRwbeBw9/QvSJvXnTAhN/7cu0G GbKdqDobDr89VOB9iFHFUB/FHeXG1IVuOl6k/7vImmFe+QZRIA6NgxEXUB6Xq/dp A15E7jGIKx+6mjxorO8zh/Nv89qOECMHkFIB40/9nlr6c/Fp38UOLKUIhRDS+O30 nVPKKN4gF2N9+oTG86YmT9kOMzUOIa25fWkneCdGVGWNW79UAqJGUUDzi39c2U52 Bchxfg1zn+bFuqqBZ4ggWyjeV8LD7yzN4z44idr4KZ2uJXTXTGlT9UjxbbXVMw6i IhD8FN48bV5KGaMCEfECWE+mUf3zLln9OJHlbEthtVZVsyw+27cnTmsYCJmwy5p5 HgI5WMLoQFwFr4JhPJXNIwtEJVclntFBGV5+NGiuc9q2v0kt1p0hViV1/PjoJlTp
    J3hjp8TXNQ==
    =Eaoh
    -----END PGP SIGNATURE-----
    ---
    ■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games