Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Patch Tuesday June 2017 current page
Link copied

Patch Tuesday June 2017

Jun 15, 2017
Author:
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust
Blog banner default
Patch Tuesday June 2017
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust

Patch TuesdayMicrosoft Patch Tuesday June 2017 addresses 96 unique vulnerabilities within Microsoft Windows, Office, Skype, Internet Explorer, and the Edge browser. Of these vulnerabilities, 18 are rated Critical, 76 Important, one Moderate, and one Low severity. In addition, unsupported OSes received patches due to heightened risk of exploitation, making this Patch Tuesday particularly interesting.

Silverlight

Silverlight makes a return this Patch Tuesday, with a vulnerability that allows for remote code execution if a user visits a compromised website. The vulnerability revolves around how the uniscribe component handles objects in memory, and an attacker who successfully exploits the vulnerability could potentially install programs; view, change or delete user data; or create user accounts with full privileges. This vulnerability is rated Critical by Microsoft.

Windows Search

Windows Search is an unusual face on Patch Tuesday, as it appears with a vulnerability that could allow for information disclosure or remote code execution. The vulnerability deals with the corruption of memory objects when Windows Search is supplied with malicious input. An attacker who successfully exploits could potentially install programs; view, change or delete user data; or create user accounts with full privileges equal to that of the victim user. This vulnerability is rated Critical by Microsoft.

Windows Kernel

The Windows Kernel was patched for multiple Information Disclosure vulnerabilities. While these vulnerabilities themselves do not compromise the victim system, they do provide information that could aid an attacker’s ongoing compromise of a system. As usual, the vulnerability involves improper initialization of objects in kernel memory. Microsoft rated this vulnerability as Important.

Office

It wouldn’t be a Patch Tuesday without discussing Office, however this Patch Tuesday introduces a particularly large number of fixes for Office. These vulnerabilities could allow for an attacker to execute code remotely on the victim’s system with privileges equal to that of the victim user. This serves as a persistent reminder to be cautious about opening documents from untrusted sources. Microsoft rates these vulnerabilities as Important.

Skype

Skype makes an appearance this Patch Tuesday with a vulnerability that allows for remote code execution if a user is lured into viewing malicious content. Like Silverlight, the vulnerability revolves around how the uniscribe component handles objects in memory, and an attacker who successfully exploits the vulnerability could potentially install programs; view, change or delete user data; or create user accounts with full privileges. This vulnerability is rated Critical by Microsoft.

Internet Explorer and Edge

Microsoft’s web browsers make their usual appearance, hosting multiple memory corruption vulnerabilities. An attacker who exploits these vulnerabilities by luring the user to view malicious content would be able to remotely execute commands on the victim’s system, view memory contents, and create user accounts with privileges equal to that of the victim user. Microsoft rates the most severe of these vulnerabilities as Critical.

Graphics

Windows Graphics was patched for a remote code execution vulnerability. The vulnerability stems from the Windows font library improperly processing embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system with privileges equal to that of the victim user. Microsoft has rated this vulnerability as Critical.

Legacy OS Patches

In an unusual twist, Microsoft released patches for legacy OSes – such as Windows XP, Vista, Server 2003, and Windows 8 – to address the most severe vulnerabilities suspected to be leveraged by state-sponsored attackers. Microsoft makes it clear that this will not be a change in policy about any OS they consider unsupported. They are releasing this patch to shore up the Internet’s overall security for users who cannot or refuse to update to supported operating systems. While these patches do resolve some vulnerabilities, there are still numerous vulnerabilities on these legacy systems that remain unpatched. Users should still upgrade to a supported operating system, if possible.

Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • February 2019 Patch Tuesday
    Feb 13, 2019 February 2019 Patch Tuesday
    Blog
    1m
  • BeyondTrust Remote Support Version 21.1 Introduces New Capabilities for Unattended Support, Raspberry Pi, Zebra Devices, & More
    Jan 21, 2021 BeyondTrust Remote Support Version 21.1 Introduces New Capabilities for Unattended Support, Raspberry Pi, Zebra Devices, & More
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.