MS Sec Notification mailing list archives
The following CVEs have been added to June 2017 security release.
From: "Microsoft" <securitynotifications () e-mail microsoft com>
Date: Wed, 21 Jun 2017 15:51:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: June 21, 2017 ******************************************************************** Summary ======= The following CVEs have been added to June 2017 security release. * CVE-2017-8575 * CVE-2017-8576 * CVE-2017-8579 Revision Information: ===================== - CVE-2017-8575 | Microsoft Graphics Component Information Disclosure Vulnerability - CVE-2017-8576 | Microsoft Graphics Component Elevation of Privilege Vulnerability - CVE-2017-8579 | DirectX Elevation of Privilege Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Version: 1.0 - Reason for Revision: Information published. - Originally posted: June 19, 2017 - Aggregate CVE Severity Rating: Important Summary ======= The following CVEs have been revised in the June 2017 Security Updates. * CVE-2017-0228 * CVE-2017-0292 * CVE-2017-8509 Revision Information: ===================== CVE-2017-0228 - Title: CVE-2017-0228 | Scripting Engine Memory Corruption Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: Revised Affected Products table to include Microsoft Edge on Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, and Windows 10 Version 1703 because these products are affected by this CVE. This is an informational change only. - Originally posted: June 21, 2017 - CVE Severity Rating: Critical - Version: 1.1 CVE-2017-0292 - Title: CVE-2017-0292 | Windows PDF Remote Code Execution Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: Corrected the updates replaced for Microsoft Word 2013 Service Pack 1 and Microsoft Word 2016. This is an informational change only. Customers who have already successfully installed the updates do not need to take any action. - Originally posted: June 21, 2017 - CVE Severity Rating: Critical - Version: 1.1 CVE-2017-8509 - Title: CVE-2017-8509 | Microsoft Office Remote Code Execution Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: In the Affected Products table corrected the updates replaced for Microsoft Word 2013 Service Pack 1 and Microsoft Word 2016. In addition, corrected the affected software for security update 3191908 from OneNote 2010 to Office 2010. These are informational changes only. Customers who have already successfully installed the updates do not need to take any action. - Originally posted: June 21, 2017 - CVE Severity Rating: Critical - Version: 1.1 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters youâve requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsFVAwUBWUrVFfsCXwi14Wq8AQg4Hw/8Da2ha5jyPqNyba+2MLrkOxdVA727rw2u yLJGndqAAW6gkA1cTzo5MuZnQOKWanzndZfvVgOUM9Lm2guSq2nC8S1KZCATkTux oilXXUwpU7Lh5X4KhiyRgZBnEjpoBqzC+Tvq7aswPo+uTPNWCK6IR5tEIbkfTI9C 4RRtMSFkKQfHb4TPBMl0QpbX1E/fr0vaPhF4DJaq0drfd8uRnGeC0zZFBEFTGQ5e fsqhBz0RdctLrZHhSFb6kOT7+GwItXQ/jlSPxMWzNQ12if2E5GZ+uAYhJrnXPF9f coUe8wvMmnouhIGK8wiirv8cbkONulFHb0Z3zpB1GJgbUljKWJVL6So6oNb+wH7Q JuEYKtDAIaBnWqAwI2SkcIZ8OEQmXOqxwo1lCGpxxur6IrMKOVHY3R/Cptm4UHqd dJbN8kpAkq7tGt7EfDoqS94I8Na9mYowapl+RNtepCBEUtNI24pGorzrtUwxpIL8 /wmU8+fOkzBso0Dc7dIAPmaCcR7lyAQK56oMsNhkR0jAmBx1Jlj3kw1bLb+YaBbc kSToexchSqDC66UloIAaNVVgd24h0rXfsm38UULL9u2qY2gaupV6SlFiuJ8HE698 MCwDR48lYHQ95OWC2VE65GmMeEf6ukLwBWYU363MJj9ugtXCCyEKwTMrsIomHFms jt7WAAsUA9c= =wDjy -----END PGP SIGNATURE-----
Current thread:
- The following CVEs have been added to June 2017 security release. Microsoft (Jun 21)