Microsoft Patch Tuesday August 2017

Published: 2017-08-08
Last Updated: 2017-08-08 15:53:06 UTC
by Johannes Ullrich (Version: 1)

When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsoft's patches. Finally, I think we have a way to get at least some of it back, and this is our first take on it. Please let me know if I should change anything. I know a few people wrote scripts to parse the table. I would recommend that you use Microsoft's own API to do so in the future. The layout of the table may change and screen-scraping is never a good idea.

What do the fields mean:

Description: Microsoft's description of the flaw
MSFT Severity: The highest severity Microsoft assigned to the flaw. Sometimes, Microsoft assigns different severities to different versions of the product affected by the flaw.
CVE: CVE Number
Disclosed/Exploited: Has the vulnerability been publicly disclosed or exploited in the wild prior to the release of the patch
Exploitablity: How likley is it, that this vulnerability will be exploited. (old: oldest supported version of the sooftware, current: current software version)
Client Severity: The severity we (ISC) assigned to this vulnerability for clients (Desktops)
Server Severtiy: The severity we (ISC) assigned to this vulnerability to servers (servers run software like IIS and are more exposed to the internet)

Expect a few updates as I am refining the table. Use our contact form for feedback.

Description				MSFT Severity
CVE	Disclosed/Exploited	Exploitability (old/current)	Client Severity	Server Severity
Scripting Engine Security Feature Bypass Vulnerability				Important
CVE-2017-8637	No/No	?/?	Important	Important
Windows Subsystem for Linux Denial of Service Vulnerability
CVE-2017-8627	Yes/No	?/?
August 2017 Flash Update				Critical
ADV170010	No/No	?/?	Critical	Critical
Volume Manager Extension Driver Information Disclosure Vulnerability				Important
CVE-2017-8668	No/No	Less Likely/Less Likely	Important	Important
Windows Error Reporting Elevation of Privilege Vulnerability				Important
CVE-2017-8633	Yes/No	More Likely/More Likely	Important	Important
Microsoft Edge Memory Corruption Vulnerability				Critical
CVE-2017-8661	No/No	?/?	Critical	Critical
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2017-8622	No/No	?/?
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability				Important
CVE-2017-8673	No/No	?/?	Important	Important
Microsoft Edge Security Feature Bypass Vulnerability				Moderate
CVE-2017-8650	No/No	?/?	Moderate	Moderate
Scripting Engine Memory Corruption Vulnerability				Critical
CVE-2017-8634	No/No	?/?	Critical	Critical
CVE-2017-8635	No/No	More Likely/More Likely
CVE-2017-8636	No/No	More Likely/More Likely
CVE-2017-8638	No/No	?/?
CVE-2017-8639	No/No	?/?
CVE-2017-8640	No/No	?/?
CVE-2017-8670	No/No	?/?
CVE-2017-8671	No/No	?/?
CVE-2017-8672	No/No	?/?
CVE-2017-8641	No/No	More Likely/More Likely
CVE-2017-8645	No/No	?/?
CVE-2017-8646	No/No	?/?
CVE-2017-8647	No/No	?/?
CVE-2017-8655	No/No	?/?
CVE-2017-8656	No/No	?/?
CVE-2017-8657	No/No	?/?
CVE-2017-8674	No/No	?/?
Windows Hyper-V Remote Code Execution Vulnerability				Important
CVE-2017-8664	No/No	Less Likely/Less Likely	Important	Important
Microsoft Browser Memory Corruption Vulnerability				Critical
CVE-2017-8669	No/No	More Likely/More Likely	Critical	Critical
CVE-2017-8653	No/No	More Likely/More Likely
Win32k Information Disclosure Vulnerability				Important
CVE-2017-8666	No/No	More Likely/More Likely	Important	Important
Express Compressed Fonts Remote Code Execution Vulnerability				Important
CVE-2017-8691	No/No	Less Likely/Less Likely	Important	Important
Windows NetBIOS Denial of Service Vulnerability				Important
CVE-2017-0174	No/No	Less Likely/Less Likely	Important	Important
Windows CLFS Elevation of Privilege Vulnerability				Important
CVE-2017-8624	No/No	More Likely/More Likely	Important	Important
Windows IME Remote Code Execution Vulnerability				Critical
CVE-2017-8591	No/No	Less Likely/Less Likely	Critical	Critical
Microsoft Office SharePoint XSS Vulnerability				Important
CVE-2017-8654	No/No	Unlikely/Unlikely	Important	Important
Windows Search Remote Code Execution Vulnerability				Critical
CVE-2017-8620	No/No	More Likely/More Likely	Critical	Critical
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability				Important
CVE-2017-8516	No/No	Unlikely/Unlikely	Important	Important
Scripting Engine Information Disclosure Vulnerability				Important
CVE-2017-8659	No/No	?/?	Important	Important
Windows Hyper-V Denial of Service Vulnerability				Important
CVE-2017-8623	No/No	Unlikely/Unlikely	Important	Important
Microsoft Edge Elevation of Privilege Vulnerability				Important
CVE-2017-8503	No/No	?/?	Important	Important
CVE-2017-8642	No/No	?/?
Microsoft Edge Information Disclosure Vulnerability
CVE-2017-8662	No/No	?/?
CVE-2017-8644	No/No	?/?
CVE-2017-8652	No/No	?/?
Windows PDF Remote Code Execution Vulnerability				Critical
CVE-2017-0293	No/No	Less Likely/Less Likely	Critical	Critical
Win32k Elevation of Privilege Vulnerability				Important
CVE-2017-8593	No/No	More Likely/More Likely	Important	Important
Internet Explorer Security Feature Bypass Vulnerability				Important
CVE-2017-8625	No/No	Less Likely/Less Likely	Important	Important
Microsoft JET Database Engine Remote Code Execution Vulnerability				Critical
CVE-2017-0250	No/No	Unlikely/Unlikely	Critical	Critical
Internet Explorer Memory Corruption Vulnerability
CVE-2017-8651	No/No	?/?

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Keywords:

6 comment(s)

Comments

cwqwqwq

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

dwqqqwqwq mashood

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

What's this all about ..?

password reveal .

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

https://thehomestore.com.pk/

Internet Storm Center

Microsoft Patch Tuesday August 2017

Comments

www

Nov 17th 2022
4 months ago

EEW

Nov 17th 2022
4 months ago

qwq

Nov 17th 2022
4 months ago

mashood

Nov 17th 2022
4 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

Microsoft Patch Tuesday August 2017

Comments

www

Nov 17th 20224 months ago

EEW

Nov 17th 20224 months ago

qwq

Nov 17th 20224 months ago

mashood

Nov 17th 20224 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 26th 20222 months ago

isc.sans.edu

Dec 26th 20222 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 23rd 2022
3 months ago

Nov 23rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 26th 2022
2 months ago

Dec 26th 2022
2 months ago