I have a question about MS CVE-2017-0228 with respect to Windows 7 First please allow me to quote the related part of the post by Nick in the Update Forum reply # 2 from here The question is: Why is (Internet Explorer 11) on Windows 7 not mentioned there in the announcement by Microsoft? Maybe I am misunderstanding things. Thanks in advance!
I realize that I may not have expressed myself clear enough. I'll try again, but I don't know whether I will succeed this time... There is this vulnerability CVE-2017-0228 : Scripting Engine Memory Corruption Vulnerability It seems to have been fixed for IE 11 in Windows 8.1 Windows Server 2012 R2 Windows 8.1 RT Windows 10 Windows 10 Version 1511 Windows 10 Version 1607 Windows 10 Version 1703 (and for Microsoft Edge on affected editions of Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, and Windows 10 Version 1703) See also https://portal.msrc.microsoft.com/en-us/security-guidance and filter there for CVE-2017-0228 Why is IE 11 on Windows 7 not mentioned there? Is IE 11 on Windows 7 not vulnerable with respect to CVE-2017-0228? And if so, why not? If IE 11 on Windows 7 is vulnerable with respect to CVE-2017-0228, why didn't Microsoft patch it? Or did Microsoft already patch it on Windows 7? Or did Microsoft forgot to mention it? I don't know the answers. It is really puzzling me ..... Does someone know the answer(s)?
Perhaps because IE11 was never officially supported on Win 7; IE10 was. Microsoft did subsequently allow Win 7 users to upgrade to IE11. Two possible reasons here: 1. The patch has hooks into the OS and will not work on Win 7. 2. Microsoft is saying Win 7 users "your on your own" as far as security updates go to non-OS Microsoft software.
This topic is/was about CVE-2017-0228 : Scripting Engine Memory Corruption Vulnerability. But very recently this one got an update: CVE-2017-8607 : Scripting Engine Memory Corruption That one says : = begin quote = Microsoft Security Update Minor Revisions Issued: August 16, 2017 Summary The following CVE has been revised in the July 2017 Security Updates. * CVE-2017-8607 Revision Information: CVE-2017-8607 - Title: CVE-2017-8607 : Scripting Engine Memory Corruption Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Reason for Revision: Added Monthly Rollup 4025341 for Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for x64-based Systems Service Pack 1 to the Affected Products table. This is an informational change only. - Originally posted: July 11, 2017 - Updated: August 16, 2017 - CVE Severity Rating: Critical - Version: 1.1 = end quote = So, we have two CVE's about Scripting Engine Memory Corruption. Are they related? The second one got an info update, what about the first one?