Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - September 12, 2017

Zscaler protects against 11 new vulnerabilities for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Exchange Server.

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 11 vulnerabilities included in the September 2017 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary. 

CVE-2017-8738 – Scripting Engine Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

CVE-2017-8577 – Microsoft PDF Remote Code Execution Vulnerability

Severity: Critical
Affected Software

  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows Server 2012 R2 (Server Core installation)
  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1703 for x64-based Systems

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability on Windows 10 systems with Microsoft Edge set as the default browser, an attacker could host a specially crafted website that contains malicious PDF content and then convince users to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted PDF content to such sites. Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website. The browsers for all other affected operating systems do not automatically render PDF content, so an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to open a specially crafted PDF document, typically by way of an enticement in an email or instant message or by way of an email attachment. The update addresses the vulnerability by modifying how affected systems handle objects in memory. 

CVE-2017-8750 – Microsoft Browser Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
  • Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows 8.1 for 32-bit systems
  • Internet Explorer 11 on Windows 8.1 for x64-based systems
  • Internet Explorer 11 on Windows Server 2012 R2
  • Internet Explorer 11 on Windows RT 8.1
  • Internet Explorer 11 on Windows 10 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
  • Internet Explorer 11 on Windows Server 2016
  • Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems
  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems

 A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a Microsoft browser, and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. 

CVE-2017-8734 – Microsoft Edge Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1703 for x64-based Systems

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. 

CVE-2017-8682 – Win32k Graphics Remote Code Execution Vulnerability

Severity: Critical
Affected Software

  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Office 2007 Service Pack 3
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Windows Server 2012 R2 (Server Core installation)
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1511 for x64-based Systems
  • Windows 10 Version 1511 for 32-bit Systems
  • Windows Server 2016
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016  (Server Core installation)
  • Windows 10 Version 1703 for 32-bit Systems
  • Windows 10 Version 1703 for x64-based Systems
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data;or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.

CVE-2017-8747 – Internet Explorer Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
  • Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows 8.1 for 32-bit systems
  • Internet Explorer 11 on Windows 8.1 for x64-based systems
  • Internet Explorer 11 on Windows Server 2012 R2
  • Internet Explorer 11 on Windows RT 8.1
  • Internet Explorer 11 on Windows 10 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
  • Internet Explorer 11 on Windows Server 2016
  • Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems
  • Internet Explorer 10 on Windows Server 2012

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

CVE-2017-8757 –  Scripting Engine Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1703 for x64-based Systems

A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. In addition, an attacker could embed an ActiveX control marked "safe for initialization; in an application or Microsoft Office document that hosts the browser rendering engine. Finally, the attacker could take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

CVE-2017-8753 –  Scripting Engine Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1703 for x64-based Systems

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer or Microsoft Edge and then convince a user to view the website. An attacker could also embed an ActiveX control marked safe for initialization in an application or Microsoft Office document that hosts the scripting rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerabilities. The security update addresses the vulnerability by modifying how the Scripting Engine handles objects in memory.

CVE-2017-8749 – Internet Explorer Memory Corruption Vulnerability

Severity: Critical
Affected Software

  • Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
  • Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Internet Explorer 11 on Windows 8.1 for 32-bit systems
  • Internet Explorer 11 on Windows 8.1 for x64-based systems
  • Internet Explorer 11 on Windows Server 2012 R2
  • Internet Explorer 11 on Windows RT 8.1
  • Internet Explorer 11 on Windows 10 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
  • Internet Explorer 11 on Windows Server 2016
  • Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems
  • Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems
  • Internet Explorer 10 on Windows Server 2012

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

CVE-2017-8737 – Microsoft PDF Remote Code Execution Vulnerability

Severity: Critical
Affected Software

  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows Server 2012 R2 (Server Core installation)
  • Microsoft Edge on Windows 10 for 32-bit Systems
  • Microsoft Edge on Windows 10 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
  • Microsoft Edge on Windows Server 2016
  • Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
  • Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
  • Microsoft Edge on Windows 10 Version 1703 for x64-based Systems

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability on Windows 10 systems with Microsoft Edge set as the default browser, an attacker could host a specially crafted website that contains malicious PDF content and then convince users to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted PDF content to such sites. Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website. The browsers for all other affected operating systems do not automatically render PDF content, so an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to open a specially crafted PDF document, typically by way of an enticement in an email or instant message or by way of an email attachment. The update addresses the vulnerability by modifying how affected systems handle objects in memory.

CVE-2017-8759 – .NET Framework Remote Code Execution Vulnerability

Severity: Important
Affected Software

  • Microsoft .NET Framework 4.5.2 on Windows 
  • Microsoft .NET Framework 4.6 on Windows 10 
  • Microsoft .NET Framework 4.6.1 on Windows 10 
  • Microsoft .NET Framework 4.7 on Windows 10 Version 1703 
  • Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016
  • Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607
  • Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016  (Server Core installation)
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for x64-based Systems Service Pack 1
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 (Server Core installation)
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for 32-bit systems
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for x64-based systems
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows RT 8.1
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2 (Server Core installation)
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft .NET Framework 3.5 on Windows Server 2012
  • Microsoft .NET Framework 3.5 on Windows 8.1 
  • Microsoft .NET Framework 3.5 on Windows Server 2012 R2
  • Microsoft .NET Framework 3.5 on Windows 10 
  • Microsoft .NET Framework 3.5 on Windows Server 2016
  • Microsoft .NET Framework 3.5 on Windows 10 Version 1607 
  • Microsoft .NET Framework 3.5 on Windows Server 2016  (Server Core installation)
  • Microsoft .NET Framework 3.5 on Windows 10 Version 1703
  • Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1
  • Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to open a malicious document or application. The security update addresses the vulnerability by correcting how .NET validates untrusted input.