CVE-2017-0064 Microsoft Internet Explorer Security Update for May 2017

2017年5月11日 2272点热度 0人点赞 0条评论

漏洞类别：Internet Explorer

漏洞等级：

漏洞信息

Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.

Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Important for for Internet Explorer 9 (IE 9) and Internet Explorer 10 (IE 10) and Critical for Internet Explorer 11 (IE 11).

The Security Update addresses the vulnerabilities by fixing:

1) The update addresses the vulnerability by fixing the way Internet Explorer handles mixed content (CVE-2017-0064)
2) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-0222 )
3) The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. (CVE-2017-0226)
4) The update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines objects in memory. (CVE-2017-0228)
5) The update addresses the vulnerability by fixing how Microsoft browsers parse HTML. (CVE-2017-0231)
6) The update addresses the vulnerability by modifying how JavaScript scripting engines objects in memory. (CVE-2017-0238)
KB Articles associated with the Update:

1) 4019264
2) 4019473
3) 4019215
4) 4019472
5) 4019474
6) 4016871
7) 4018271

QID Detection Logic (Authenticated):
Operating Systems: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\mshtml.dll
The following KBs are checked:
The patch version of 9.0.8112.16896 (KB4018271)
The patch version of 9.0.8112.21007 (KB4018271)
The patch version of 10.0.9200.22137 (KB4018271)
The patch version of 11.0.9600.18666 (KB4018271 or KB4019215 or KB4019264)
The patch version of 11.0.10240.17394 (KB4019474)
The patch version of 11.0.10586.916 (KB4019473)
The patch version of 11.0.14393.1198 (KB4019472)
The patch version of 11.0.15063.296 (KB4016871)

漏洞危害

Successful exploitation of the vulnerability allows:

1) Remote Code Execution (CVE-2017-0238, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0238)
2) Spoofing (CVE-2017-0231)
3) Security Feature Bypass (CVE-2017-0064)

解决方案

For more information, Customers are advised to refer the Security Update Guide.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Microsoft Internet Explorer Security Update for May 2017

KB4018271: Windows Server 2012 (Internet Explorer 10 )

KB4018271: Windows Embedded 8 Standard for x64-based Systems (Internet Explorer 10)

KB4018271: Windows Embedded 8 Standard (Internet Explorer 10)

KB4018271: Windows Server 2008 (Internet Explorer 9)

KB4018271: Windows Server 2008 x64 Edition (Internet Explorer 9)

KB4018271: Windows Embedded Standard 7 for x64-based Systems (Internet Explorer 11)

KB4018271: Windows 7 for x64-based Systems (Internet Explorer 11)

KB4018271: Windows 8.1 (Internet Explorer 11)