-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: June 21, 2017
********************************************************************
Summary
=======
The following CVEs have been added to June 2017 security release.
* CVE-2017-8575
* CVE-2017-8576
* CVE-2017-8579
Revision Information:
=====================
- CVE-2017-8575 | Microsoft Graphics Component Information
Disclosure Vulnerability
- CVE-2017-8576 | Microsoft Graphics Component Elevation of
Privilege Vulnerability
- CVE-2017-8579 | DirectX Elevation of Privilege Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 1.0
- Reason for Revision: Information published.
- Originally posted: June 19, 2017
- Aggregate CVE Severity Rating: Important
Summary
=======
The following CVEs have been revised in the June 2017 Security Updates.
* CVE-2017-0228
* CVE-2017-0292
* CVE-2017-8509
Revision Information:
=====================
CVE-2017-0228
- Title: CVE-2017-0228 | Scripting Engine Memory Corruption
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised Affected Products table to include
Microsoft Edge on Windows 10, Windows 10 Version 1511, Windows 10
Version 1607, and Windows 10 Version 1703 because these products
are affected by this CVE. This is an informational change only.
- Originally posted: June 21, 2017
- CVE Severity Rating: Critical
- Version: 1.1
CVE-2017-0292
- Title: CVE-2017-0292 | Windows PDF Remote Code Execution
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Corrected the updates replaced for
Microsoft Word 2013 Service Pack 1 and Microsoft Word 2016. This
is an informational change only. Customers who have already
successfully installed the updates do not need to take any action.
- Originally posted: June 21, 2017
- CVE Severity Rating: Critical
- Version: 1.1
CVE-2017-8509
- Title: CVE-2017-8509 | Microsoft Office Remote Code Execution
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: In the Affected Products table corrected the
updates replaced for Microsoft Word 2013 Service Pack 1 and Microsoft
Word 2016. In addition, corrected the affected software for security
update 3191908 from OneNote 2010 to Office 2010. These are
informational changes only. Customers who have already successfully
installed the updates do not need to take any action.
- Originally posted: June 21, 2017
- CVE Severity Rating: Critical
- Version: 1.1
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.