MS Sec Notification mailing list archives

Previous By Date Next
Previous By Thread Next

The following CVEs and security bulletins have undergone a major revision increment.

From: "Microsoft" <securitynotifications () e-mail microsoft com>
Date: Tue, 12 Sep 2017 12:26:35 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Update Releases
Issued: Septemner 12, 2017
********************************************************************

Summary
=======

The following CVEs and security bulletins have undergone a major 
revision increment.

* CVE-2016-0165
* CVE-2016-3238
* CVE-2016-3326
* CVE-2016-3376
* CVE-2017-0213
* CVE-2017-8529
* CVE-2017-8599
* MS16-039
* MS16-APR
* MS16-087
* MS16-JUL
* MS16-095
* MS16-AUG
* MS16-123
* MS16-OCT


CVE Revision Information:
=====================

CVE-2016-0165

 - Title: CVE-2016-0165 | Win32k Elevation of Privilege 
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: Revised the Affected Products table to 
   include Windows 10 Version 1703 for 32-bit Systems and Windows 10 
   Version 1703 for x64-based Systems because they are affected by 
   CVE-2016-0165. Consumers running Windows 10 are automatically 
   protected. Microsoft recommends that enterprise customers running 
   Windows 10 Version 1703 ensure they have update 4038788 installed 
   to be protected from this vulnerability.
 - Originally posted: April 12, 2016  
 - Updated: September 12, 2017 
 - CVE Severity Rating: Important
 - Version: 2.0

CVE-2016-3238

 - Title: CVE-2016-3238 | Windows Print Spooler Remote Code Execution 
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: To address known issues with the 3170455 
   update for CVE-2016-3238, Microsoft has made available the 
   following updates for currently-supported versions of Microsoft 
   Windows: • Rereleased update 3170455 for Windows Server 2008 
   • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 
   and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security 
   Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 
   and Security Update 4038793 for Windows 8.1 and Windows Server 2012
   R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 
   4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 
   for Windows 10 Version 1607 and Windows Server 2016. Microsoft 
   recommends that customers running Windows Server 2008 reinstall 
   update 3170455. Microsoft recommends that customers running other 
   supported versions of Windows install the appropriate update. See 
   Microsoft Knowledge Base Article 3170005 (https://support.
   microsoft.com/en-us/help/3170005) for more information.
 - Originally posted: July 12, 2016
 - Updated: September 12, 2017
 - CVE Severity Rating: Critical
 - Version: 2.0

CVE-2016-3326

 - Title: CVE-2016-3326 | Microsoft Browser Information Disclosure 
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: Revised the Affected Products table to include
   Microsoft Edge and Internet Explorer 11 installed on Windows 10 
   Version 1703 for 32-bit Systems, and Microsoft Edge and Internet 
   Explorer 11 installed on Windows 10 Version 1703 for x64-based 
   Systems because they are affected by CVE-2016-3326. In addition, 
   corrected the Affected Products table to include Microsoft Edge 
   installed on Windows 10, Windows 10 Version 1511, and Windows 10 
   Version 1607 because they are also affected by this vulnerability. 
   Consumers using Windows 10 are automatically protected. Microsoft 
   recommends that enterprise customers running Microsoft Edge or 
   Internet Explorer on Windows 10 Version 1703 ensure they have update
   4038788 installed to be protected from this vulnerability. Customers
   who are running other versions of Windows 10 and who have installed 
   the August cumulative updates do not need to take any further action.
 - Originally posted: August 9, 2016
 - Updated: September 12, 2017
 - CVE Severity Rating: Important
 - Version: 3.0

CVE-2016-3376

 - Title: CVE-2016-3376 | Win32k Elevation of Privilege Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: Revised the Affected Products table to 
   include Windows 10 Version 1703 for 32-bit Systems and Windows 10
   Version 1703 for x64-based Systems because they are affected by 
   CVE-2016-3376. Consumers using Windows 10 are automatically 
   protected. Microsoft recommends that enterprise customers running 
   Windows 10 Version 1703 ensure they have update 4038788 installed 
   to be protected from this vulnerability.
 - Originally posted: October 11, 2016
 - Updated: September 12, 2017
 - CVE Severity Rating: Important
 - Version: 3.0

CVE-2017-0213

 - Title: CVE-2017-0213 | Windows COM Elevation of Privilege
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: To comprehensively address CVE-2017-0213, 
   Microsoft has released security update 4038788 for Windows 10 
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for 
   x64-based Systems. Consumers using Windows 10 are automatically 
   protected. Microsoft recommends that enterprise customers running
   Windows 10 Version 1703 ensure that they have update 4038788 
   installed to be protected from this vulnerability.
 - Originally posted: May 8, 2017
 - Updated: September 12, 2017
 - CVE Severity Rating: Important
 - Version: 3.0

CVE-2017-8529

 - Title: CVE-2017-8529 | Microsoft Browser Information Disclosure
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: To address known print regression issues 
   customers may experience when printing from Internet Explorer
   or Microsoft Edge after installing any of the June security 
   updates, monthly rollups, or IE cumulative updates, Microsoft has
   released the following September security updates: Internet 
   Explorer Cumulative Update 4036586; Monthly Rollups 4038777, 
   4038799, 4038792; Security Updates 4038781, 4038783, 4038782, 
   and 4038788 for all affected editions of Microsoft Edge and 
   Internet Explorer when installed on supported editions of Windows. 
   Please note that with the installation of these updates, the 
   solution to CVE-2017-8529 is turned off by default to help 
   prevent the risk of further issues with print regressions, and 
   must be activated via your Registry. To be fully protected from 
   this vulnerability, please see the Update FAQ section for 
   instructions to activate the solution.
 - Originally posted: June 13, 2017
 - Updated: September 12, 2017
 - CVE Severity Rating: Moderate
 - Version: 5.0

CVE-2017-8599

 - Title: CVE-2017-8599 | Microsoft Edge Security Feature 
   Bypass Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: To comprehensively address CVE-2017-8599,  
   Microsoft has released September security updates for all affected
   editions of Microsoft Edge installed on supported editions of 
   Windows 10. Microsoft strongly recommends that customers install
   the updates to be fully protected from the vulnerability. 
   Customers whose systems are configured to receive automatic updates 
   do not need to take any further action.
 - Originally posted: July 11, 2017
 - Updated: September 12, 2017
 - CVE Severity Rating: Important
 - Version: 2.0


Security Bulletin Revision Information:
=====================

MS16-039

 - Title: Security Update for Microsoft Graphics Component (3148522)
 - https://technet.microsoft.com/library/security/ms16-039.aspx
 - Reason for Revision: Revised the Microsoft Windows affected software 
   table to include Windows 10 Version 1703 for 32-bit Systems and 
   Windows 10 Version 1703 for x64-based Systems because they are 
   affected by CVE-2016-0165. Consumers running Windows 10 are 
   automatically protected. Microsoft recommends that enterprise 
   customers running Windows 10 Version 1703 ensure they have update 
   4038788 installed to be protected from this vulnerability.
 - Originally posted: April 12, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: Critical
 - Version: 4.0

MS16-APR

 - Title: Microsoft Security Bulletin Summary for April 2016
 - https://technet.microsoft.com/library/security/ms16-APR.aspx
 - Reason for Revision: For MS16-039, revised the Windows Operating 
   Systems and Components affected software table to include Windows 10
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for 
   x64-based Systems because they are affected by CVE-2016-0165. 
   Consumers running Windows 10 are automatically protected. Microsoft 
   recommends that enterprise customers running Windows 10 Version 
   1703 ensure they have update 4038788 installed to be protected from 
   this vulnerability.
 - Originally posted: April 12, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: N/A
 - Version: 4.0

MS16-087

 - Title: Security Update for Windows Print Spooler Components (3170005)
 - https://technet.microsoft.com/library/security/ms16-087.aspx
 - Reason for Revision: To address known issues with the 3170455 update
   for CVE-2016-3238, Microsoft has made available the following updates
   for currently-supported versions of Microsoft Windows:
   Rereleased update 3170455 for Windows Server 2008
   Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and 
   Windows Server 2008 R2
   Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 
   2012
   Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 
   and Windows Server 2012 R2
   Cumulative Update 4038781 for Windows 10
   Cumulative Update 4038781 for Windows 10 Version 1511
   Cumulative Update 4038782 for Windows 10 Version 1607 and Windows 
   Server 2016.
   Microsoft recommends that customers running Windows Server 2008 
   reinstall update 3170455. Microsoft recommends that customers running 
   other supported versions of Windows install the appropriate update. 
   See Microsoft Knowledge Base Article 3170005 for more information.
 - Originally posted: July 12, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: Critical
 - Version: 2.0

MS16-JUL

 - Title: Microsoft Security Bulletin Summary for July 2016
 - https://technet.microsoft.com/library/security/ms16-JUL.aspx
 - Reason for Revision: For MS16-087, To address known issues with the 
   3170455 update for CVE-2016-3238, Microsoft has made available the 
   following updates for currently-supported versions of Microsoft Windows:
   Rereleased update 3170455 for Windows Server 2008
   Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and 
   Windows Server 2008 R2
   Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 
   2012
   Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 
   and Windows Server 2012 R2
   Cumulative Update 4038781 for Windows 10
   Cumulative Update 4038781 for Windows 10 Version 1511
   Cumulative Update 4038782 for Windows 10 Version 1607 and Windows 
   Server 2016.
   Microsoft recommends that customers running Windows Server 2008 
   reinstall update 3170455. Microsoft recommends that customers running 
   other supported versions of Windows install the appropriate update. 
   See Microsoft Knowledge Base Article 3170005 for more information.
 - Originally posted: July 12, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: N/A
 - Version: 2.0

MS16-095

 - Title: Cumulative Security Update for Internet Explorer (3177356)
 - https://technet.microsoft.com/library/security/ms16-095.aspx
 - Reason for Revision:  Revised the Affected Software table to include 
   Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit
   Systems and Internet Explorer 11 installed on Windows 10 Version 1703
   for x64-based Systems because they are affected by CVE-2016-3326. 
   Consumers using Windows 10 are automatically protected. Microsoft 
   recommends that enterprise customers running Internet Explorer on 
   Windows 10 Version 1703 ensure they have update 4038788 installed 
   to be protected from this vulnerability. Customers who are running 
   other versions of Windows 10 and who have installed the June 
   cumulative updates do not need to take any further action.
 - Originally posted: August 9, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: Critical
 - Version: 3.0

MS16-AUG

 - Title: Microsoft Security Bulletin Summary for August 2016
 - https://technet.microsoft.com/library/security/ms16-AUG.aspx
 - Reason for Revision: For MS16-095, revised the Windows Operating 
   System and Components Affected Software table to include Internet 
   Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems 
   and Internet Explorer 11 installed on Windows 10 Version 1703 for 
   x64-based Systems because they are affected by CVE-2016-3326. Microsoft
   recommends that customers running Internet Explorer on Windows 10
Version 
   1703 install update 4038788 to be protected from this vulnerability.
 - Originally posted: August 9, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: N/A
 - Version: 3.0

MS16-123

 - Title: Security Update for Windows Kernel-Mode Drivers (3192892)
 - https://technet.microsoft.com/library/security/ms16-123.aspx
 - Reason for Revision: Revised the Affected Software table to include 
   Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703
   for x64-based Systems because they are affected by CVE-2016-3376. 
   Consumers using Windows 10 are automatically protected. Microsoft 
   recommends that enterprise customers running Windows 10 Version 1703 
   ensure they have update 4038788 installed to be protected from this 
   vulnerability.
 - Originally posted: October 11, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: Important
 - Version: 3.0

MS16-OCT

 - Title: Microsoft Security Bulletin Summary for October 2016
 - https://technet.microsoft.com/library/security/ms16-OCT.aspx
 - Reason for Revision: For MS16-123, revised the Windows Operating 
   System and Components affected software table to include Windows 10 
   Version 1703 for 32-bit Systems and Windows 10 Version 1703 for 
   x64-based Systems because they are affected by CVE-2016-3376. 
   Consumers using Windows 10 are automatically protected. Microsoft 
   recommends that enterprise customers running Windows 10 Version 1703
   ensure they have update 4038788 installed to be protected from this 
   vulnerability.
 - Originally posted: October 11, 2016
 - Updated: September 12, 2017
 - Bulletin Severity Rating: N/A
 - Version: 3.0


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you’ve requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8

wsFVAwUBWbgjKfsCXwi14Wq8AQjMCw//S0PwaB93XKBGzjt9mcxKN0BxWklnLuC+
xLZXEK8nxroWgluI+Hh3KGwI1LacdDYUgC7XCq71WgYHrrYxRU1Ve1X5bAdjDkC3
w6jwfHGkycY0z9s0ihP3G6FPPPI/RtjDqpK6kc2ebjQypBstQh0UhPvafOTRrPBU
fjtTKTPyHugiQHrr44Mz/MrCfeL9Je+SVw4SDZDnHq35KhWacfx42bH33cb8eGOZ
fcBouJ83vHu6+4hg/zNe3tmXEMi4ar3rpNRULHSf8TXEprz6RGvBqNMaHKoGkQO8
C9eqUVnsewosz3t5SoDEbpfEh0sr4ocbVXvM7vLSZxvuRZQR16NdDqcCFADcwHjo
Nj/mz4/21BX8YQLl3Wf8smiq85hwzQjHAMB3znb6PW1t8UaKzsNJKXlbZ/yOJQST
5bDxdLm6+5YwKF+KKpUHoc8d1MvJvnuJiyk5WSyxrSGvh9Vp9yrc6J+asAx9Xka7
lZYqqxaEHFJaj5ifnjbIOSQ06AJ1p+1yex6xN/THMN72ykYC1bt7HDzH4qZsrvoW
M/pOz07+J1iGUWzfojZPrVzld6FwSQNioa/dSMThbo96nunqa/JeTU/mwYlO7LFy
RehAW0OdGa5QccDOJX4iiTonPlsjPB2V2krH4eyXdJrH1I9wzCGct/QD9mLvn+YB
ndp0m8dC1JA=
=U+7V
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: