|S2-052 Apache Struts REST Plugin Java Deserialization Vulnerability||CVE-2017-9805|
|Oracle Security Alert Advisory – CVE-2017-9805||CVE-2017-9805|
|Microsoft 2017-September Developer Tools Vulnerabilities||CVE-2017-8759|
|Microsoft 2017-September Browser Vulnerabilities||CVE-2017-8649, CVE-2017-8648, CVE-2017-8643, CVE-2017-8660, CVE-2017-11764, CVE-2017-11766, CVE-2017-8751, CVE-2017-8750, CVE-2017-8753, CVE-2017-8752, CVE-2017-8755, CVE-2017-8754, CVE-2017-8757, CVE-2017-8756, CVE-2017-8733, CVE-2017-8731, CVE-2017-8597, CVE-2017-8736, CVE-2017-8735, CVE-2017-8734, CVE-2017-8739, CVE-2017-8738, CVE-2017-8748, CVE-2017-8749, CVE-2017-8729, CVE-2017-8724, CVE-2017-8740, CVE-2017-8741, CVE-2017-8747, CVE-2017-8723|
|Chrome Stable Channel Update for Desktop||CVE-2017-5118,CVE-2017-5119,CVE-2017-5111,CVE-2017-5112,CVE-2017-5113,CVE-2017-5114,CVE-2017-5115,CVE-2017-5116,CVE-2017-5117,CVE-2017-5120|
|Microsoft 2017-September Microsoft Office Vulnerabilities||CVE-2017-8632, CVE-2017-8742, CVE-2017-8630, CVE-2017-8631, CVE-2017-8567, CVE-2017-8696, CVE-2017-8743, CVE-2017-8725, CVE-2017-8744|
|Microsoft 2017-September Microsoft SharePoint Vulnerabilities||CVE-2017-8745, CVE-2017-8629|
|Microsoft 2017-September Windows Vulnerabilities||CVE-2017-8706, CVE-2017-8707, CVE-2017-9417, CVE-2017-8702, CVE-2017-8704, CVE-2017-8708, CVE-2017-8709, CVE-2017-8628, CVE-2017-8737, CVE-2017-0161, CVE-2017-8692, CVE-2017-8695, CVE-2017-8728, CVE-2017-8714, CVE-2017-8716, CVE-2017-8711, CVE-2017-8710, CVE-2017-8713, CVE-2017-8712, CVE-2017-8719, CVE-2017-8678, CVE-2017-8679, CVE-2017-8676, CVE-2017-8677, CVE-2017-8675, CVE-2017-8699, CVE-2017-8746, CVE-2017-8687, CVE-2017-8686, CVE-2017-8685, CVE-2017-8684, CVE-2017-8683, CVE-2017-8682, CVE-2017-8681, CVE-2017-8680, CVE-2017-8720, CVE-2017-8688|
|Microsoft 2017-September Exchange Server Vulnerabilities||CVE-2017-8758, CVE-2017-11761|
|MS15-042||Windows Hyper-V DoS Vulnerability|
The September 2017 Patch Priority Index (PPI) brings together a collection of high priority vulnerabilities that should be patched as soon as possible. The PPI this month includes vulnerabilities from Microsoft, Adobe, Chrome, Oracle, and Apache Struts.
Up first this month on the priority list is the S2-052 security bulletin for Apache Struts. This bulletin covers a remote code execution vulnerability, identified as CVE-2017-9805. Administrators should act quickly to discover and patch any devices running vulnerable versions, which include Struts 2.1.2 – Struts 2.3.33 and Struts 2.5 – Struts 2.5.12. Exploitation code and proof-of-concepts are available from both Metasploit and Exploit-db. Note also that Apache Struts can be embedded into other products, i.e. Oracle products. (See links above for more information.)
Next is CVE-2017-8759 for the Microsoft .NET Framework. This vulnerability is due to flawed SOAP WSDL parser code and, according to Microsoft, has been actively exploited in the wild.
We also have some patches for Microsoft Browsers, Adobe Flash, and Chrome. These are normally higher on the PPI, but the above-stated vulnerabilities are more important this month.
Finally for this month, we recommend focusing on Microsoft Office patches, which address vulnerabilities in both client-side and server-side Office products. These patches should be followed by fixes for Microsoft Windows and then for Microsoft Exchange. This month, Exchange has patches for a Cross-Site Scripting (XSS) vulnerability along with an information disclosure vulnerability, so it falls at the bottom of the priority list.
September 2017 – Special Notes
CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability
A patch for CVE-2017-8529 was initially released by Microsoft in June 2017. However, Microsoft has released an updated patch for this CVE. Note closely that installation of this new patch alone does not resolve the vulnerability. Further steps are required by the administrator.
The revision notes from the security guidance states:
“Please note that with the installation of these updates, the solution to CVE-2017-8529 is turned off by default to help prevent the risk of further issues with print regressions, and must be activated via your Registry. To be fully protected from this vulnerability, please see the Update FAQ section for instructions to activate the solution.”
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.