las vulnerabilidades más últimas de la persona notable de Advisories

Risk Rating: Important

This security update resolves an information disclosure vulnerability when Microsoft Edge does not properly handle objects in memory. Attackers who successfuly exploit the vulnerability can obtain information to further compromise the user's system. The security update addresses the vulnerability by changing how Microsoft Edge handles objects in memory.


  • CVE-2017-8629 | Microsoft SharePoint XSS Vulnerability
  • Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. This update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.



  • CVE-2017-8630 | Microsoft Office Memory Corruption Vulnerability
  • Risk Rating: Important

    This security update resolves a remote code execution vulnerability in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.



  • CVE-2017-8631 | Microsoft Office Memory Corruption Vulnerability
  • Risk Rating: Important

    This security update resolves a vulnerability the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.



  • CVE-2017-8632 | Microsoft Office Memory Corruption Vulnerability
  • Risk Rating: Important

    This security update resolves a remote code execution vulnerability in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. This security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • CVE-2017-8675 | Win32k Elevation of Privilege Vulnerability
  • Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. This update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.


  • CVE-2017-8676| Windows GDI Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. The security update addresses the vulnerability by correcting how GDI handles memory addresses.



  • CVE-2017-8677| Win32k Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. This security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2017-8678 | Win32k Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-8679 | Windows Kernel Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. This update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-8680 |Win32k Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. This security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2017-8681 | Win32k Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. This security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2017-8682 | Win32k Graphics Remote Code Execution Vulnerability
  • Risk Rating: Important

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. This security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.


  • CVE-2017-8683 | Win32k Graphics Information Disclosure Vulnerability
  • Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.





  • CVE-2017-8684 | Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2017-8685 | Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    This security update resolves an information disclosure vulnerability when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2017-0250 | Microsoft JET Database Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.


  • CVE-2017-8686 | Windows DHCP Server Remote Code Execution Vulnerability
    Risk Rating: Critical

    This security update resolves a memory corruption vulnerability in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.


  • CVE-2017-8687 | Win32k Information Disclosure Vulnerability
    Risk Rating: Important

    This security update resolves an Information disclosure vulnerability in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2017-8688 | Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    This security update resolves an information disclosure vulnerability in the way that the Windows Graphics Device Interface (GDI ) handles objects in memory, allowing an attacker to retrieve information from a targeted system. The security update addresses the vulnerability by correcting how GDI handles memory addresses.


  • CVE-2017-9417 | Broadcom BCM43xx Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists when the Broadcom chipset in HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting how the Broadcom chipset in HoloLens handles objects in memory.


  • ADV170013 | September 2017 Flash Security Update
    Risk Rating: Critical

    This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB17-28: CVE-2017-11281, CVE-2017-11282.


  • CVE-2017-8744 | Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • CVE-2017-8745 | Microsoft SharePoint Cross Site Scripting Vulnerability
    Risk Rating: Important

    This security update addresses a cross-site scripting (XSS) vulnerability when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-8737 | Microsoft PDF Remote Code Execution Vulnerability
    Risk Rating: Moderate

    A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. The update addresses the vulnerability by modifying how affected systems handle objects in memory.


  • CVE-2017-8748 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


  • CVE-2017-8758 | Microsoft Exchange Cross-Site Scripting Vulnerability
    Risk Rating: Important

    This security update addresses an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.


  • CVE-2017-0161 | NetBIOS Remote Code Execution Vulnerability
    Risk Rating: Critical

    A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted system. The security update addresses the vulnerability by correcting how NetBT sequences certain operations.


  • CVE-2017-8567 | Microsoft Office Remote Code Execution
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory.


  • CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing Vulnerability
    Risk Rating: Important

    A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.


  • CVE-2017-8643 | Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser.


  • CVE-2017-8648 | Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by modifying how Microsoft Edge handle objects in memory.


  • CVE-2017-8649 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


  • CVE-2017-8660 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


  • CVE-2017-8692 | Uniscribe Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.


  • CVE-2017-8695 | Graphics Component Information Disclosure Vulnerability
    Risk Rating: Important

    AAn information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.


  • CVE-2017-8696 | Microsoft Graphics Component Remote Code Execution
    Risk Rating: Important

    A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.


  • CVE-2017-8699 | Windows Shell Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by helping to ensure that Windows Shell validates file copy destinations.


  • CVE-2017-8702 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The security update addresses the vulnerability by properly validating input.


  • CVE-2017-8706 | Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


  • CVE-2017-8707 | Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


  • CVE-2017-8708 | Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2017-8709 | Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-8710 | Volume Manager Extension Driver Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.


  • CVE-2017-8711 | Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


  • CVE-2017-8712 | Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


  • CVE-2017-8713| Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


  • CVE-2017-8714 | Remote Desktop Virtual Host Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.


  • CVE-2017-8716| Windows Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory. To exploit the vulnerability, an attacker could run a specially crafted application to bypass Control Flow Guard. The security update addresses the vulnerability by correcting how Windows Control Flow Guard handles objects in memory.


  • CVE-2017-8719 | Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-8720 | Win32k Elevation of Privilege Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how affected Microsoft scripting engines handle objects in memory.


  • CVE-2017-8723 | Microsoft Edge Security Feature Bypass Vulnerability
    Risk Rating: Low

    A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. The update addresses the bypass by correcting how the Edge CSP validates documents.


  • CVE-2017-8724 | Microsoft Edge Spoofing Vulnerability
    Risk Rating: Important

    A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses.


  • CVE-2017-8728 | Microsoft PDF Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how affected systems handle objects in memory.


  • CVE-2017-8729 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8731 | Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-8733 | Internet Explorer Spoofing Vulnerability
    Risk Rating: Important

    A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The security update addresses the vulnerability by correcting how Internet Explorer handles specific HTML content.


  • CVE-2017-8734 | Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-8736 | Microsoft Browser Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain. The security update addresses the vulnerability by helping to ensure that Microsoft browsers restrict access to certain functionality between the subdomain and the parent domain.


  • CVE-2017-8738 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8739 | Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2017-8740 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8741| Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


  • CVE-2017-8742 | PowerPoint Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory.


  • CVE-2017-8743 | PowerPoint Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory.


  • CVE-2017-8725 | Microsoft Office Publisher Remote Code Execution
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • CVE-2017-8735| Microsoft Edge Spoofing Vulnerability
    Risk Rating: Moderate

    A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses.


  • CVE-2017-8746 | Device Guard Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.


  • CVE-2017-8747 | Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Moderate

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-8749 | Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-8750 | Microsoft Browser Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.


  • CVE-2017-8751 | Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-8752 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8753 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8754 | Microsoft Edge Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. The update addresses the bypass by correcting how the Edge CSP validates documents.


  • CVE-2017-8755 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8756 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-8757 | Microsoft Edge Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-11761 | Microsoft Exchange Information Disclosure Vulnerability
    Risk Rating: Important

    An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. The update corrects the way that Exchange parses Calendar-related messages.


  • CVE-2017-11764 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11766 | Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. The security update addresses the vulnerability by correcting how .NET validates untrusted input.


  • August 2017 - Microsoft Releases 48 Security Patches
     Fecha recomendada:  09 de agosto de 2017

    Microsoft addresses several vulnerabilities in its August batch of patches:

    • CVE-2017-8591 | Windows IME Remote Code Execution Vulnerability
      Risk Rating: Critical

      This security update resolves a remote code execution vulnerability that exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The security update addresses this vulnerability by correcting how Windows IME handles parameters in a method of a DCOM class.


    • CVE-2017-8593 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      This security update resolves an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how Win32k handles objects in memory.


    • CVE-2017-8634 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This security update resolves a vulnerability the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8635 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This security update resolves a vulnerability the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8636 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This security update resolves vulnerabilities in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8637 | Scripting Engine Security Feature Bypass Vulnerability (4013075)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Edge. This is the result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Arbitrary Code Guard (ACG) to be bypassed. The security update addresses the ACG bypass vulnerability by helping to ensure that Microsoft Edge properly handles accessing memory in code compiled by the Edge JIT compiler.


    • CVE-2017-8638| Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8639| Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.


    • CVE-2017-8640 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.


    • CVE-2017-8662 | Microsoft Edge Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exist in Microsoft Edge. It is a result of how strings are validated in specific scenarios, which can allow an attacker to read sensitive data from memory and thereby potentially bypass Address Space Layout Randomization (ASLR).The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server. The security update addresses the vulnerability by helping to ensure that Microsoft Edge properly validates strings in affected scenarios.


    • CVE-2017-8669 |Microsoft Browser Memory Corruption Vulnerability (CVE-2017-7269)
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.


    • CVE-2017-8670 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8671 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8672 | Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487)
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8654 | Microsoft Office SharePoint XSS Vulnerability
      Risk Rating: Critical

      A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


    • CVE-2017-0174 | Windows NetBIOS Denial of Service Vulnerability
      Risk Rating: Important

      A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic.


    • CVE-2017-0250 | Microsoft JET Database Engine Remote Code Execution Vulnerability
      Risk Rating: Critical

      A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.


    • CVE-2017-0293 | Windows PDF Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how affected systems handle objects in memory.


    • CVE-2017-8503 | Microsoft Edge Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.


    • CVE-2017-8516 | Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.


    • CVE-2017-8620 | Windows Search Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.


    • CVE-2017-8622 | Windows Subsystem for Linux Elevation of Privilege Vulnerability
      Risk Rating: Critical

      An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles NT pipes. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles NT pipes.


    • CVE-2017-8624 | Windows CLFS Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. The update addresses the vulnerability by correcting how CLFS handles objects in memory.


    • CVE-2017-8625 | Internet Explorer Security Feature Bypass Vulnerability
      Risk Rating: Important

      A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UCMI policies. The update addresses the vulnerability by correcting how Internet Explorer validates UMCI policies.


    • CVE-2017-8627 | Windows Subsystem for Linux Denial of Service Vulnerability
      Risk Rating: Important

      A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


    • CVE-2017-8633 | Windows Error Reporting Elevation of Privilege Vulnerability
      Risk Rating: Important

      This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality.


    • CVE-2017-8641 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8642 | Microsoft Edge Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges. The security update addresses the vulnerability by correcting how Microsoft Edge validates and sanitizes JavaScript parameters.


    • CVE-2017-8644 | Microsoft Edge Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how certain functions handle objects in memory.


    • CVE-2017-8645 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8646 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8647 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8650 | Microsoft Edge Security Feature Bypass Vulnerability
      Risk Rating: Moderate

      A security feature bypass vulnerability exists when Microsoft Edge does not properly enforce same-origin policies, which could allow an attacker to access information from origins outside the current one. In a web-based attack scenario, an attacker could trick a user into loading a webpage with malicious content. The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge.


    • CVE-2017-8651 | Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


    • CVE-2017-8652 | Microsoft Edge Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how certain functions handle objects in memory.


    • CVE-2017-8653 | Microsoft Browser Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.


    • CVE-2017-8655 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8656 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8657 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8659 | Scripting Engine Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how certain functions handle objects in memory.


    • CVE-2017-8661 | Microsoft Edge Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how affected Microsoft scripting engines handle objects in memory.


    • CVE-2017-8664 | Windows Hyper-V Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


    • CVE-2017-8666 | Win32k Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how win32k handles objects in memory.


    • CVE-2017-8668 | Volume Manager Extension Driver Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how Volume Manager Extension Driver handles objects in memory.


    • CVE-2017-8673 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
      Risk Rating: Important

      A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. The update addresses the vulnerability by correcting how RDP handles connection requests.


    • CVE-2017-8674 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8691 | Express Compressed Fonts Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.


    • CVE-2017-8668 | Volume Manager Extension Driver Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how Volume Manager Extension Driver handles objects in memory.


  • July 2017 - Microsoft Releases 54 Security Patches
     Fecha recomendada:  11 de julio de 2017

    Microsoft addresses several vulnerabilities in its July batch of patches:

    • CVE-2017-0243 | Microsoft Office Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. This security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.

    • CVE-2017-8569 | SharePoint Server XSS Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

    • CVE-2017-8570 | Microsoft Office Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.

    • CVE-2017-8573 | Microsoft Graphics Component Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.

    • CVE-2017-8574 | Microsoft Graphics Component Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.

    • CVE-2017-8577 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.

    • CVE-2017-8578 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.


    • CVE-2017-8580 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.


    • CVE-2017-8581 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. The update addresses the vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.


    • CVE-2017-8582 | Https.sys Information Disclosure Vulnerability
      Risk Rating: Important

      An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory. The update addresses the vulnerability by correcting how the HTTP.sys server application handles objects in memory.


    • CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting how Hololens handles objects in memory.


    • CVE-2017-8585 | .NET Denial of Service Vulnerability
      Risk Rating: Important

      A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. The update addresses the vulnerability by correcting how the .NET web application handles web requests.


    • CVE-2017-8587 | Windows Explorer Denial of Service Vulnerability
      Risk Rating: Important

      An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service. The update addresses the vulnerability by correcting how Windows Explorer handles open attempts for non-existent files.


    • CVE-2017-8588 | WordPad Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. The update addresses the vulnerability by correcting the way that Microsoft WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft WordPad will leverage to resolve the identified issue.


    • CVE-2017-8589 | Windows Search Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


    • CVE-2017-8590 | Windows CLFS Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.The update addresses the vulnerability by correcting how CLFS handles objects in memory.


    • CVE-2017-8592 | Microsoft Browser Security Feature Bypass
      Risk Rating: Important

      A security feature bypass vulnerability exists when Microsoft Browsers improperly handle redirect requests. This vulnerability allows Microsoft Browsers to bypass CORS redirect restrictions and to follow redirect requests that should otherwise be ignored. The security update addresses the vulnerability by modifying how affected Microsoft Browsers handle redirect requests.


    • CVE-2017-8594 | Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


    • CVE-2017-8595 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8596 | Microsoft Edge Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8617 | Microsoft Edge Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8618 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory.


    • CVE-2017-8619 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8621 | Microsoft Exchange Open Redirect Vulnerability
      Risk Rating: Moderate

      An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. The update addresses the vulnerability by correcting how Exchange handles open redirect requests.


    • CVE-2017-0170 | Windows Performance Monitor Information Disclosure Vulnerability
      Risk Rating: Moderate

      An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. The update addresses the vulnerability by modifying the way that the Windows Performance Monitor Console parses XML input.


    • CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be less affected. The update addresses the vulnerability by correcting how Windows Explorer handles executable files and shares during rename operations.


    • CVE-2017-8467 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.


    • CVE-2017-8486 | Win32k Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Win32k handles objects in memory.


    • CVE-2017-8495 | Kerberos SNAME Security Feature Bypass Vulnerability
      Risk Rating: Important

      A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. The update addresses this vulnerability by adding integrity protection to the SNAME field.


    • CVE-2017-8501 | Microsoft Office Memory Corruption Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory. The security update addresses the vulnerability by correcting how Office handles objects in memory.


    • CVE-2017-8502 | Microsoft Office Memory Corruption Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory.


    • CVE-2017-8556 | Microsoft Graphics Component Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.


    • CVE-2017-8557 | Windows System Information Console Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.


    • CVE-2017-8560 | Microsoft Exchange Cross-Site Scripting Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.


    • CVE-2017-8559 | Microsoft Exchange Cross-Site Scripting Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.


    • CVE-2017-8561| Windows Kernel Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.


    • CVE-2017-8562 | Windows ALPC Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). The update addresses the vulnerability by correcting how Windows handles calls to ALPC.


    • CVE-2017-8563 | Windows Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. The update addresses this vulnerability by incorporating enhancements to authentication protocols designed to mitigate authentication attacks. It revolves around the concept of channel binding information.


    • CVE-2017-8564 | Windows Kernel Information Disclosure Vulnerability
      Risk Rating: Important

      An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


    • CVE-2017-8565 | Windows PowerShell Remote Code Execution Vulnerability
      Risk Rating: Important

      A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.The update addresses the vulnerability by correcting how PowerShell deserializes user supplied scripts.


    • CVE-2017-8566| Windows IME Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The security update addresses this vulnerability by correcting how Windows IME handles parameters in a method of a DCOM class.


    • CVE-2017-8598 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8599| Microsoft Edge Security Feature Bypass Vulnerability
      Risk Rating: Important

      A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content. The update addresses the vulnerability by correcting the Same Origin Policy check for scripts attempting to manipulate HTML elements in other browser windows.


    • CVE-2017-8601 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the Chakra JavaScript scripting engine handles objects in memory.


    • CVE-2017-8602 | Microsoft Browser Spoofing Vulnerability
      Risk Rating: Important

      A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.The security update addresses the vulnerability by correcting how Microsoft browsers parse HTTP responses.


    • CVE-2017-8603 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8604 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8605 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8606 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8607 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8608 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.


    • CVE-2017-8609 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Moderate

      A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the Scripting Engine handles objects in memory.


    • CVE-2017-8610 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


    • CVE-2017-8611 | Microsoft Edge Spoofing Vulnerability
      Risk Rating: Moderate

      A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses.


  • June 2017 - Microsoft Releases 15 Security Patches
     Fecha recomendada:  14 de junio de 2017

    Microsoft addresses several vulnerabilities in its June batch of patches:

    • MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644)
      Risk Rating: Critical

      This security update resolves a vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.


    • MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
      Risk Rating: Critical

      This security update resolves three vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service.


    • MS10-061 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
      Risk Rating: Critical

      This security update resolves a vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC.


    • MS14-068 | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
      Risk Rating: Critical

      This security update resolves a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.


    • MS17-010 | Security Update for Microsoft Windows SMB Server (4013389)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.


    • MS17-013 | Security Update for Microsoft Graphics Component (4013075)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.


    • CVE-2017-0176 | Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 )
      Risk Rating: Critical

      A remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system.


    • CVE-2017-0222| Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222)
      Risk Rating: Critical

      A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.


    • CVE-2017-0231 | Microsoft Browser Spoofing Vulnerability
      Risk Rating: Critical

      This vulnerability exists in Internet Explorer 11 and Microsoft Edge browsers. The vulnerability lies in the rendering of SmartScreen Filter.


    • CVE-2017-0267 - CVE-2017-0280 | Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280)
      Risk Rating: Critical

      Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server.


    • CVE-2017-7269 | WebDAV Remote Code Execution Vulnerability (CVE-2017-7269)
      Risk Rating: Critical

      A vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


    • CVE-2017-8461 | Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
      Risk Rating: Critical

      A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


    • CVE-2017-8464 | LNK Remote Code Execution Vulnerability (CVE-2017-8464)
      Risk Rating: Critical

      A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.


    • CVE-2017-8487 | Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487)
      Risk Rating: Critical

      A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.


    • CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
      Risk Rating: Critical

      A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.


    • CVE-2017-8552 | Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
  • May 2017 - Microsoft Releases Security Patches
     Fecha recomendada:  10 de mayo de 2017

    Microsoft addresses several vulnerabilities in its May batch of patches:

    • CVE-2017-0290 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
      Risk Rating: Critical

      This vulnerability allows attackers full access to a vulnerable system by exploiting Microsoft Malware Protection Engine's NScript component. It is a remote code execution vulnerability.


    • CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory.


    • CVE-2017-0261 | Microsoft Office Remote Code Execution Vulnerability
      Risk Rating: Important

      This recmote code execution vulnerability that exists in Microsoft Office in the way it handles malformed graphics image.


    • CVE-2017-0262 | Microsoft Office Remote Code Execution Vulnerability
      Risk Rating: Important

      This recmote code execution vulnerability that exists in Microsoft Office in the way it handles malformed graphics image.


    • CVE-2017-0064 | Internet Explorer Security Feature Bypass Vulnerability
      Risk Rating: Low

      This vulnerability exists in the way Internet Explorer allows bypass of Mixed Content warnings when loading unsecure content from HTTPS websites.


    • CVE-2017-0222 | Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Moderate

      This vulnerability exists in the way Internet Explorer may incorrectly access objects in memory. It is a remote code execution vulnerability.


    • CVE-2017-0226 | Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Important

      This vulnerability exists in the way Internet Explorer may incorrectly access objects in memory. It is a remote code execution vulnerability.


    • CVE-2017-0228 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the JavaScript engine's rendering of objects in memory in Microsoft Edge and Internet Explorer 11 browsers. It is a remote code execution vulnerability.


    • CVE-2017-0231 | Microsoft Browser Spoofing Vulnerability
      Risk Rating: Important

      This vulnerability exists in Internet Explorer 11 and Microsoft Edge browsers. The vulnerability lies in the rendering of SmartScreen Filter.


    • CVE-2017-0238 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Important

      This vulnerability exists in the Microsoft Edge browser's JavaScript scripting engine. The vulnerability lies in the way the engine handles objects in memory.


  • April 2017 - Microsoft Releases Security Patches
     Fecha recomendada:  12 de abril de 2017

    Microsoft addresses several vulnerabilities in its April batch of patches:

    • CVE-2017-0160 | .NET Remote Code Execution Vulnerability
      Risk Rating: Critical

      This vulnerability exists in several .NET Framework versions. It happens when the .NET Framework version fails to validate input upon loading of libraries. It is a remote code execution vulnerability.


    • CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory.


    • CVE-2017-0166 | LDAP Elevation of Privilege Vulnerability
      Risk Rating: Important

      This vulnerability in LDAP exists in the calculation of request lengths. An attacker successfully exploiting this vulnerability can have elevated privileges on the vulnerable machine.


    • CVE-2017-0058 | Win32k Information Disclosure Vulnerability
      Risk Rating: Important

      This vulnerability in the win32k component in specific Windows operating systems exists in its inability to handle kernel information properly.


    • CVE-2017-0192 | ATMFD.dll Information Disclosure Vulnerability
      Risk Rating: Important

      This vulnerability exists in the Adobe Type Manager Font Driver library. It exists in the way it handles objects loaded in memory.


    • CVE-2013-6629 | libjpeg Information Disclosure Vulnerability
      Risk Rating: Important

      This vulnerability exists in the libjpeg library. When successfully exploited, it may bypass the Address Space Layout Randomization (ASLR).


    • CVE-2017-0195 | Microsoft Office XSS Elevation of Privilege Vulnerability
      Risk Rating: Important

      This vulnerability exists in the Office Web Apps server way of sanitizing specially crafted requests. Said vulnerability may be exploited a number of ways.


    • CVE-2017-0106 | Microsoft Outlook Remote Code Execution Vulnerability
      Risk Rating: Critical

      This vulnerability exists in the way Microsoft Outlook parses specially crafted messages.


    • CVE-2017-0204 | Microsoft Office Security Feature Bypass Vulnerability
      Risk Rating: Important

      This vulnerability exists in the way Microsoft Office parses file formats.


    • CVE-2017-0199 | Microsoft Office Remote Code Execution Vulnerability
      Risk Rating: Important

      This vulnerability could allow remote code execution when successfully exploited. There are exploits in the wild found to be using this vulnerability.


    • CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability
      Risk Rating: Important

      This vulnerability exists in the way Microsoft Office handles objects in the memory.


    • CVE-2017-0197 | Office DLL Loading Vulnerability
      Risk Rating: Important

      This vulnerability exists in the way Microsoft Office validates dynamic link libraries loading.


    • CVE-2017-0163 | Hyper-V Remote Code Execution Vulnerability
      Risk Rating: Critical

      This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.


    • CVE-2017-0168 | Hyper-V Information Disclosure Vulnerability
      Risk Rating: Important

      This vulnerability exists in the way Windows Hyper-V Network Switch validates input of a guest operating system.


    • CVE-2017-0180 | Hyper-V Remote Code Execution Vulnerability
      Risk Rating: Critical

      This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.


  • March 2017 - Microsoft Releases 18 Security Advisories
     Fecha recomendada:  14 de marzo de 2017

    Microsoft addresses several vulnerabilities in its March batch of patches. More information are found in the Trend Micro Security Intelligence Blog.

    • (MS17-006) Cumulative Security Update for Internet Explorer (4013073)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


    • (MS17-007) Cumulative Security Update for Microsoft Edge (4013071)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system.


    • (MS17-008) Security Update for Windows Hyper-V (4013082)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code.


    • (MS17-009) Security Update for Microsoft Windows PDF Library (4010319)
      Risk Rating: Critical

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.


    • (MS17-010) Security Update for Microsoft Windows SMB Server (4013389)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.


    • (MS17-011) Security Update for Microsoft Uniscribe (4013076)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document.


    • (MS17-012) Security Update for Microsoft Windows (4013078)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.


    • (MS17-013) Security Update for Microsoft Graphics Component (4013075)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.


    • (MS17-014) Security Update for Microsoft Office (4013241)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


    • (MS17-015) Security Update for Windows Kernel (3199720)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.


    • (MS17-016) Security Update for Windows IIS (4013074)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server.


    • (MS17-017) Security Update for Windows Kernel (4013081)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.


    • (MS17-018) Security Update for Windows Kernel-Mode Drivers (4013083)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.


    • (MS17-019) Security Update for Active Directory Federation Services (4010320)
      Risk Rating: Important

      This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.


    • (MS17-020) Security Update for Windows DVD Maker (3208223)
      Risk Rating: Important

      This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.


    • (MS17-021) Security Update for Windows DirectShow (4010318)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website.


    • (MS17-022) Security Update for Microsoft XML Core Services (4010321)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.


    • (MS17-023) Security Update for Adobe Flash Player (4014329))
      Risk Rating: Critical

      This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


  • January 2017 - Microsoft Releases 4 Security Advisories
     Fecha recomendada:  10 de enero de 2017
    Microsoft addresses the following vulnerabilities in its January batch of patches:

    • (MS17-003) Security Update for Adobe Flash Player (3214628)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


    • (MS17-001) Security Update for Microsoft Edge (3214288)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.


    • (MS17-002) Security Update for Microsoft Office (3214291)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


    • (MS17-004) Security Update for Local Security Authority Subsystem Service (3216771) Risk Rating: Important

      A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system..


  • December 2016 - Microsoft Releases 12 Security Advisories
     Fecha recomendada:  13 de diciembre de 2016
    Microsoft addresses the following vulnerabilities in its December batch of patches:

    • (MS16-144) Cumulative Security Update for Internet Explorer (3204059)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


    • (MS16-145) Cumulative Security Update for Microsoft Edge (3204062)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


    • (MS16-146) Security Update for Microsoft Graphics Component (3204066)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.


    • (MS16-147) Security Update for Microsoft Uniscribe (3204063) Risk Rating: Critical

      This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document.


    • (MS16-148) Security Update for Microsoft Office (3204068)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


    • (MS16-149) Security Update for Microsoft Windows (3205655)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.


    • (MS16-150) Security Update for Secure Kernel Mode (3205642)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system.


    • (MS16-151) Security Update for Windows Kernel-Mode Drivers (3205651)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.


    • (MS16-152) Security Update for Windows Kernel (3199709))
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.


    • (MS16-153) Security Update for Common Log File System Driver (3207328)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.


    • (MS16-154) Security Update for Adobe Flash Player (3209498)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


    • (MS16-155) Security Update for .NET Framework (3205640)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.


  • November 2016 - Microsoft Releases 14 Security Advisories
     Fecha recomendada:  08 de noviembre de 2016
    Microsoft addresses the following vulnerabilities in its November batch of patches:

    • (MS16-129) Cumulative Security Update for Microsoft Edge (3199057)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


    • (MS16-130) Security Update for Microsoft Windows (3199172)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.


    • (MS16-131) Security Update for Microsoft Video Control (3199151)
      Risk Rating: Critical

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


    • (MS16-132) Security Update for Microsoft Graphics Component (3199120)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of these could allow remote code execution on the vulnerable system.


    • (MS16-133) Security Update for Microsoft Office (3199168)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


    • (MS16-134) Security Update for Common Log File System Driver (3193706)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.


    • (MS16-135) Security Update for Windows Kernel-Mode Drivers (3199135)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege.


    • (MS16-137) Security Update for Windows Authentication Methods (3199173)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege.


    • (MS16-138) Security Update to Microsoft Virtual Hard Disk Driver (3199647)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.


    • (MS16-139) Security Update for Windows Kernel (3199720)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information.


    • (MS16-140) Security Update for Boot Manager (3193479)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.


    • (MS16-141) Security Update for Adobe Flash Player (3202790)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


    • (MS16-142) Cumulative Security Update for Internet Explorer (3198467)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.