3. Industry News
• Windows 10 1703 released! And has its first round of patches…
• Windows 10 1507 set to EoL in May 2017. start upgrading to a later
branch if you are not running and LTSB
• IIS 6.0 Zero Day will not be patched. Over 600k public facing web
servers discovered running WebDAV and vulnerable. Do you have one?
• The importance of removing or securing EoLed software
• Microsoft resolved the Word Zero Day!
7. Microsoft gets rid of Bulletins!!!
https://portal.msrc.microsoft.com/en-us/security-guidance
8.
9. MS17-W10-04: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 1507, 1511, 1607, and 1703, IE, Edge
Description: This bulletin contains a total of 15 unique KB articles.
Impact: Remote Code Execution
Fixes 32 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017-
0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0164, CVE-2017-0165, CVE-
2017-0166, CVE-2017-0167, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180, CVE-2017-0181,
CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017-
0188, CVE-2017-0189, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211, CVE-2017-0201, CVE-
2017-0202, CVE-2017-0210 (Disclosed Exploited), CVE-2017-0093, CVE-2017-0200, CVE-2017-
0203 (Disclosed), CVE-2017-0205, CVE-2017-0208
Restart Required: Requires Restart
10. MS17-SO7-04: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: This security update resolves security vulnerabilities in scripting engine,
Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K,
Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode
drivers and Lightweight Directory Access Protocol. This bulletin is based on a single KB
article.
Impact: Remote Code Execution
Fixes 9 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017-0156,
CVE-2017-0158, CVE-2017-0166, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199
Restart Required: Requires Restart
11. MS17-SO8-04: Security-only Update Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: This security update resolves security vulnerabilities in Scripting Engine,
Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics
component, Lightweight Directory Access Protocol and Windows OLE. This bulletin is
based on a single KB article.
Impact: Remote Code Execution
Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0158, CVE-2017-
0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0169, CVE-2017-0180, CVE-2017-0182, CVE-
2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017-0188, CVE-2017-0191,
CVE-2017-0192, CVE-2017-0199, CVE-2017-0211
Restart Required: Requires Restart
12. MS17-SO81-04: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1 and Server 2012 R2
Description: This security update resolves security vulnerabilities in Hyper-V, libjpeg
image-process library, Win32K, Adobe Type Manager font driver, Active Directory
Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode
drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in
addition to several quality improvements. This bulletin is based on a single KB article.
Impact: Remote Code Execution
Fixes 24 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017-
0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0165, CVE-2017-0166, CVE-
2017-0167, CVE-2017-0168, CVE-2017-0169, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180,
CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017-
0188, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211
Restart Required: Requires Restart
13. MS17-IE-04: Security Update for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 8, 9, 10 and 11
Description: This security update resolves several reported vulnerabilities in Internet
Explorer. The most severe of these vulnerabilities could allow remote code execution if
a user views a specially crafted webpage in Internet Explorer. The fixes included in this
Security Update for Internet Explorer 4014661 are also included in the April 2017
Security Monthly Quality Rollup. Installing either the Security Update for Internet
Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved with
this update. This bulletin contains a total of 7 KB articles.
Impact: Remote Code Execution
Fixes 3 vulnerabilities: CVE-2017-0201, CVE-2017-0202, CVE-2017-0210
(Disclosed Exploited)
Restart Required: Requires Browser Restart
14. MS17-MR7-04: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2 and IE
Description: This security update includes improvements and fixes that were a part of
update KB4012218 (released March 21, 2017), and also resolves the following security
vulnerabilities in Windows: scripting engine, Hyper-V, libjpeg image-processing library,
Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer,
Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access
Protocol. This bulletin contains a total of 18 unique KB articles.
Impact: Remote Code Execution
Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017-
0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE-
2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199,
CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)
Restart Required: Requires Restart
15. MS17-MR8-04: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: This security update includes improvements and fixes that were a part of
update KB4012220 (released March 21, 2017) and also resolves security
vulnerabilities in Internet Explorer, Scripting Engine, Hyper-V, Win32K, Adobe Type
Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory
Access Protocol and Windows OLE. This bulletin contains a total of 8 unique KB
articles.
Impact: Remote Code Execution
Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-
2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-
2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE-
2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210
(Disclosed Exploited)
Restart Required: Requires Restart
16. MS17-MR81-04: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1 and Server 2012 R2
Description: This security update includes improvements and fixes that were a part of
update KB4012219 (released March 21, 2017) and resolves the security vulnerabilities
in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver,
Active Directory Federation Services, Lightweight Directory Access Protocol, Windows
kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and
Internet Explorer in addition to several quality improvements. This bulletin contains a
total of 8 unique KB articles.
Impact: Remote Code Execution
Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-
2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-
2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE-
2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210
(Disclosed Exploited)
Restart Required: Requires Restart
17. MS17-NET-04: Microsoft .Net
Maximum Severity: Critical
Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7
Description: This update resolves a vulnerability in the Microsoft .NET Framework
that could allow remote code execution when the .NET Framework fails to properly
validate input before loading libraries. An attacker who successfully exploit this
vulnerability could take control of an affected system. The attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights. This bulletin
contains a total of 8 unique KB articles.
Impact: Remote Code Execution
Fixes 1 vulnerability: CVE-2017-0160
Restart Required: Requires Restart
18. MS17-OFF-04: Security Updates for Microsoft Office
Maximum Severity: Critical
Affected Products: Microsoft Office 2007-2016, Excel, Outlook, OneNote, Other
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
contains a total of 22 KB articles.
Impact: Remote Code Execution
Fixes 8 vulnerabilities: CVE-2013-6629, CVE-2017-0106, CVE-2017-0194, CVE-
2017-019, CVE-2017-0197, CVE-2017-0199, CVE-2017-204, CVE-2017-0207
Restart Required: Requires Restart
19. MS17-AFP-04: Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player if it's
installed on any supported edition of Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version
1607, Windows 8.1, or Windows RT 8.1. This bulletin is based on a single KB article.
Impact: Remote Code Execution
Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-
2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Restart Required: Requires Application Restart
20. MS17-2K8-04: Windows Vista and Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Vista and Server 2008
Description: Security update for the libjpeg information disclosure vulnerability and
Microsoft Office remote code execution vulnerability in Windows Vista and Windows
Server 2008. This bulletin contains a total of 11 unique KB articles.
Impact: Remote Code Execution and Information Disclosure
Fixes 11 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-
2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE-
2017-0184, CVE-2017-0192, CVE-2017-0199
Restart Required: Requires Restart
21. APSB17-10: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could potentially allow an attacker to take control of the affected
system.
Impact: Remote Code Execution
Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-
2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Restart Required: Application Restart Required
22. MS17-SLV-04: Security Update for Microsoft Silverlight
Maximum Severity: Important
Affected Products: Microsoft Silverlight 5
Description: This security update addresses an information disclosure vulnerability
within the open-source libjpeg image-processing library where it fails to properly handle
objects in memory, allowing an attacker to retrieve information that could lead to an
Address Space Layout Randomization (ASLR) bypass. An attacker who successfully
exploited this vulnerability could cause information to be disclosed that could allow for
bypassing the ASLR security feature that protects users from a broad class of
vulnerabilities. This bulleting is based on a single KB article.
Impact: Information Disclosure
Fixes 1 vulnerability: CVE-2013-6629
Restart Required: Requires Restart
23. APSB17-09: Security Update for Adobe Campaign
Maximum Severity: Important
Affected Products: Adobe Campaign
Description: Adobe has released a security update for Adobe Campaign v6.11 for
Windows and Linux. This update resolves an important input validation bypass that
could be exploited to read, write or delete data from the Campaign database.
Impact: Information Disclosure and Modification
Fixes 1 vulnerability: CVE-2017-2989
Restart Required: Application Restart Required
24. APSB17-11: Security Update for Adobe Acrobat and Reader
Maximum Severity: Important
Affected Products: Acrobat DC (Continuous and Classic) Acrobat Reader DC
(Continuous and Classic), Acrobat XI, and Reader XI
Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and Macintosh. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.
Impact: Remote Code Execution and Memory Address Leak
Fixes 47 vulnerabilities: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-
2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022,
CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-
3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-
2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042,
CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-
3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-
2017-3056, CVE-2017-3057, CVE-2017-3065
Restart Required: Application Restart Required
25. APSB17-12: Security Update for Adobe Photoshop CC
Maximum Severity: Recommended
Affected Products: Photoshop CC 2017 and 2015.5
Description: Adobe has released updates for Photoshop CC for Windows and
Macintosh. These updates resolve a critical memory corruption vulnerability when
parsing malicious PCX files that could lead to code execution. These updates also
resolve an unquoted search path vulnerability in Photoshop on Windows.
Impact: Remote Code Execution
Fixes 2 vulnerabilities: CVE-2017-3004, CVE-2017-3005
Restart Required: Requires Application Restart
26. APSB17-13: Security Update for Adobe CC Desktop Applications
Maximum Severity: Recommended
Affected Products: Creative Cloud 3.9.5 and earlier
Description: Adobe has released a security update for the Creative Cloud Desktop
Application for Windows. This update resolves an important vulnerability related to the
use of improper resource permissions during the installation of Creative Cloud desktop
applications. This update also resolves a vulnerability related to the directory search
path used to find resources.
Impact: Remote Code Execution
Fixes 2 vulnerabilities: CVE-2017-3006, CVE-2017-3007
Restart Required: Requires Application Restart as well as Logout/Login by Users
Public Disclosure (CVE-2017-0203)
Public Disclosure (CVE-2017-0210)Exploited (CVE-2017-0210)
Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Public Disclosure (CVE-2017-0210)Exploited (CVE-2017-0210)
Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
Public Disclosure (CVE-2017-0210)Exploited (CVE-2017-0210)
Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Public Disclosure (CVE-2017-0210)Exploited (CVE-2017-0210)
Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Public Disclosure (CVE-2017-0210)Exploited (CVE-2017-0210)
Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
Known Issue:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
Public Disclosure (CVE-2017-0199)Exploited (CVE-2017-0199)
One of the zero-days patched by Microsoft this month is CVE-2017-0199, an Office and WordPad vulnerability that can be exploited for remote code execution. The security hole has been exploited in the wild by malicious actors to deliver various pieces of malware, including Dridex, WingBird, Latentbot and Godzilla.