Ivanti, profile picture
Uploaded byIvanti
PPTX, PDF813 views

Patch Tuesday Analysis - March 2017

This document summarizes the March 2017 Patch Tuesday updates from Microsoft and other vendors. It describes several security bulletins affecting Windows, Internet Explorer, Edge, Hyper-V, and other Microsoft products that fix over 130 vulnerabilities including remote code execution issues. Updates are also provided for Adobe Flash Player, VMware Workstation, and Exchange Server addressing critical remote code execution vulnerabilities.

Embed presentation

Download to read offline
Patch Tuesday Webinar Wednesday, March 15th, 2017 Chris Goettl Worlton Dial In: 1-877-668-4490 (US) Attendees: 800 990 613
Agenda March 2017 Patch Tuesday Overview NewsKnown Issues Bulletins Q & A 1 2 3 4
Industry News Vault 7 – The latest from Wikileaks https://www.ivanti.com/blog/vault-7-tracker/
CSWU-048: Cumulative update for Windows 10: March, 2017  Maximum Severity: Critical  Affected Products: Windows 10, IE, Edge  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17- 013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022, MS17-023  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 132 vulnerabilities:  Restart Required: Requires Restart
SB17-002, SB17-003, SB17-004: Security Only Quality Update : March, 2017  Maximum Severity: Critical  Affected Products: Windows 7, 8.1, Server 2008 R2, Server 2012, Server 2012 R2  Description: This security update resolves the following bulletins: MS17-008, MS17-009, MS17- 010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 81 vulnerabilities:  Restart Required: Requires Restart
CR17-002, CR17-003, CR17-004: Security Monthly Quality Rollup : March, 2017  Maximum Severity: Critical  Affected Products: Windows 7, 8.1, Server 2008 R2, Server 2012, Server 2012 R2  Description: This cumulative security update resolves the following bulletins: MS17-006, MS17- 008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 81 vulnerabilities:  Restart Required: Requires Restart
MS17-006: Cumulative Security Update for Internet Explorer (4013073)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0008 (Publicly Disclosed), CVE-2017-0009, CVE-2017- 0012 (Publicly Disclosed), CVE-2017-0018, CVE-2017-0033 (Publicly Disclosed), CVE-2017- 0037 (Publicly Disclosed), CVE-2017-0040, CVE-2017-0049, CVE-2017-0059, CVE-2017-0130, CVE-2017-0149 (Exploited), CVE-2017-0154 (Publicly Disclosed)  Restart Required: Requires Restart
MS17-007: Cumulative Security Update for Microsoft Edge (4013071)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 32 vulnerabilities: CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012 (Publicly Disclosed), CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE- 2017-0033 (Publicly Disclosed), CVE-2017-0034, CVE-2017-0035, CVE-2017-0037 (Publicly Disclosed), CVE-2017-0065 (Publicly Disclosed), CVE-2017-0066, CVE-2017-0067, CVE-2017- 0068, CVE-2017-0069 (Publicly Disclosed), CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017- 0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE- 2017-0151  Restart Required: Requires Restart
MS17-008: Security Update for Windows Hyper-V (4013082)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 11 vulnerabilities: CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097 (Publicly Disclosed), CVE- 2017-0098, CVE-2017-0099, CVE-2017-0109  Restart Required: Requires Restart
MS17-009: Security Update for Microsoft Windows PDF Library (4010319)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0023  Restart Required: Requires Restart
MS17-010: Security Update for Microsoft Windows SMB Server (4013389)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.  Impact: Remote Code Execution  Fixes 6 vulnerabilities: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148  Restart Required: Requires Restart
MS17-011: Security Update for Microsoft Uniscribe (4013076)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 29 vulnerabilities: CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017- 0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE- 2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017- 0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE- 2017-0126, CVE-2017-0127, CVE-2017-0128  Restart Required: Requires Restart
MS17-012: Security Update for Microsoft Windows (4013078)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.  Impact: Remote Code Execution  Fixes 6 vulnerabilities: CVE-2017-0007, CVE-2017-0016, CVE-2017-0039, CVE-2017-0057, CVE-2017-0100, CVE-2017-0104  Restart Required: Requires Restart
MS17-013: Security Update for Microsoft Graphics Component (4013075)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0001, CVE-2017-0005 (Exploited), CVE-2017-0014 (Publicly Disclosed), CVE-2017-0025, CVE-2017-0038, CVE-2017-0047, CVE-2017-0060, CVE- 2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0073, CVE-2017-0108  Restart Required: Requires Restart
MS17-014: Security Update for Microsoft Office (4013241)  Maximum Severity: Important  Affected Products: Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft Communications Platforms and Software  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017- 0027, CVE-2017-0029 (Publicly Disclosed), CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053, CVE-2017-0105, CVE-2017-0107, CVE-2017-0129  Restart Required: May Require Restart
MS17-017: Security Update for Windows Kernel (4013081)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 4 vulnerabilities: CVE-2017-0050 (Publicly Disclosed), CVE-2017-0101, CVE-2017- 0102, CVE-2017-0103  Restart Required: Requires Restart
MS17-022: Security Update for Microsoft XML Core Services (4010321)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0022 (Exploited)  Restart Required: Requires Restart
MS17-023: Security Update for Adobe Flash Player (4014329)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003  Restart Required: Requires Restart
APSB17-07: Security Update for Adobe Flash Player (4014329)  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003  Restart Required:
VMWW-004, VMWP-028: Security Update for VMware Workstation and Player (VMSA-2017-0005)  Maximum Severity: Critical  Affected Products: VMware Workstation Pro, VMware Player  Description: VMware Workstation and Fusion updates address critical out-of-bounds  memory access vulnerability.  Impact: Remote Code Execution  Fixes 1 vulnerabilities: CVE-2017-4901  Restart Required:
MS17-015: Security Update for Microsoft Exchange Server (4013242)  Maximum Severity: Important  Affected Products: Microsoft Exchange  Description: This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0110  Restart Required: Requires Restart
MS17-016: Security Update for Windows IIS (4013074)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0055  Restart Required: Requires Restart
MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.  Impact: Elevation of Privilege  Fixes 8 vulnerabilities: CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082  Restart Required: Requires Restart
MS17-019: Security Update for Active Directory Federation Services (4010320)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0043  Restart Required: Requires Restart
MS17-020: Security Update for Windows DVD Maker (3208223)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0045  Restart Required: Requires Restart
MS17-021: Security Update for Windows DirectShow (4010318)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0042  Restart Required: Requires Restart
APSB17-08: Security update available for Adobe Shockwave Player  Maximum Severity: Important  Affected Products: Adobe Shockwave Player  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.  Impact: Escalation of Privilege  Fixes 1 vulnerability: CVE-2017-2983  Restart Required:
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank You

More Related Content

PPTX
May 2017 Patch Tuesday Ivanti
byIvanti
 
PPTX
June2017 patchtuesdayivanti
byIvanti
 
PPTX
January2017 patchtuesdayshavlik
byLANDESK
 
PPTX
Patch Tuesday - August 2017 - Ivanti
byErica Azad
 
PPTX
April 2017 patch tuesday ivanti
byChris Goettl
 
PPTX
December2016 patchtuesdayshavlik
byLANDESK
 
PPTX
September 2017 Patch Tuesday
byIvanti
 
PPTX
July 2017 Patch Tuesday - Ivanti
byIvanti
 
May 2017 Patch Tuesday Ivanti
byIvanti
 
June2017 patchtuesdayivanti
byIvanti
 
January2017 patchtuesdayshavlik
byLANDESK
 
Patch Tuesday - August 2017 - Ivanti
byErica Azad
 
April 2017 patch tuesday ivanti
byChris Goettl
 
December2016 patchtuesdayshavlik
byLANDESK
 
September 2017 Patch Tuesday
byIvanti
 
July 2017 Patch Tuesday - Ivanti
byIvanti
 

What's hot

PPTX
October 2017 Ivanti Patch Tuesday Analysis
byIvanti
 
PPTX
February Patch Tuesday 2019
byIvanti
 
PPTX
October2016 patchtuesdayshavlik
byLANDESK
 
PPTX
August Patch Tuesday 2016
byLANDESK
 
PPTX
November2016 patchtuesdayshavlik
byLANDESK
 
PPTX
December 2017 Patch Tuesday
byIvanti
 
PPTX
Patch Tuesday Analysis - October 2015
byIvanti
 
PPTX
October Patch Tuesday Analysis 2018
byIvanti
 
PPTX
Patch Tuesday for January 2020
byIvanti
 
PPTX
February 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
January Patch Tuesday Webinar 2018
byIvanti
 
PPTX
Shavlik September Patch Tuesday 2016
byLANDESK
 
PPTX
December 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
November Patch Tuesday Analysis
byIvanti
 
PPTX
Ivanti Patch Tuesday for March 2020
byIvanti
 
PPTX
Ivanti Patch Tuesday November 2017
byIvanti
 
October 2017 Ivanti Patch Tuesday Analysis
byIvanti
 
February Patch Tuesday 2019
byIvanti
 
October2016 patchtuesdayshavlik
byLANDESK
 
August Patch Tuesday 2016
byLANDESK
 
November2016 patchtuesdayshavlik
byLANDESK
 
December 2017 Patch Tuesday
byIvanti
 
Patch Tuesday Analysis - October 2015
byIvanti
 
October Patch Tuesday Analysis 2018
byIvanti
 
Patch Tuesday for January 2020
byIvanti
 
February 2018 Patch Tuesday Analysis
byIvanti
 
January Patch Tuesday Webinar 2018
byIvanti
 
Shavlik September Patch Tuesday 2016
byLANDESK
 
December 2018 Patch Tuesday Analysis
byIvanti
 
November Patch Tuesday Analysis
byIvanti
 
Ivanti Patch Tuesday for March 2020
byIvanti
 
Ivanti Patch Tuesday November 2017
byIvanti
 

Similar to Patch Tuesday Analysis - March 2017

PPTX
Patch Tuesday Analysis - April 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - February 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - January 2017
byIvanti
 
PPTX
Patch Tuesday Analysis - January 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - October 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - August 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - December 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - May 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - November 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - March 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - July 2016
byIvanti
 
PPTX
Patch Tuesday Analysis - June 2016
byIvanti
 
PPTX
April Patch Tuesday Analysis 2018
byIvanti
 
PPTX
Patch Tuesday Analysis - August 2015
byIvanti
 
PPTX
July 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
June Patch Tuesday 2018
byIvanti
 
PPTX
Patch Tuesday Analysis - September 2016
byIvanti
 
PPTX
May 2018 Patch Tuesday Analysis
byIvanti
 
PPTX
August Patch Tuesday Analysis
byIvanti
 
PPTX
March 2018 Patch Tuesday Ivanti
byIvanti
 
Patch Tuesday Analysis - April 2016
byIvanti
 
Patch Tuesday Analysis - February 2016
byIvanti
 
Patch Tuesday Analysis - January 2017
byIvanti
 
Patch Tuesday Analysis - January 2016
byIvanti
 
Patch Tuesday Analysis - October 2016
byIvanti
 
Patch Tuesday Analysis - August 2016
byIvanti
 
Patch Tuesday Analysis - December 2016
byIvanti
 
Patch Tuesday Analysis - May 2016
byIvanti
 
Patch Tuesday Analysis - November 2016
byIvanti
 
Patch Tuesday Analysis - March 2016
byIvanti
 
Patch Tuesday Analysis - July 2016
byIvanti
 
Patch Tuesday Analysis - June 2016
byIvanti
 
April Patch Tuesday Analysis 2018
byIvanti
 
Patch Tuesday Analysis - August 2015
byIvanti
 
July 2018 Patch Tuesday Analysis
byIvanti
 
June Patch Tuesday 2018
byIvanti
 
Patch Tuesday Analysis - September 2016
byIvanti
 
May 2018 Patch Tuesday Analysis
byIvanti
 
August Patch Tuesday Analysis
byIvanti
 
March 2018 Patch Tuesday Ivanti
byIvanti
 

More from Ivanti

PDF
Français Patch Tuesday - décembre_______
byIvanti
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - novembre
byIvanti
 
PDF
August Patch Tuesday
byIvanti
 
PDF
November Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Septembre
byIvanti
 
PDF
Français Patch Tuesday - Mars
byIvanti
 
PDF
March Patch Tuesday
byIvanti
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
May Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Mai
byIvanti
 
PDF
Français Patch Tuesday - Février
byIvanti
 
PDF
Français Patch Tuesday - octobre
byIvanti
 
PDF
September Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Avril
byIvanti
 
PDF
April Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Juillet
byIvanti
 
PDF
July Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Juin
byIvanti
 
PDF
June Patch Tuesday
byIvanti
 
Français Patch Tuesday - décembre_______
byIvanti
 
December Patch Tuesday
byIvanti
 
Français Patch Tuesday - novembre
byIvanti
 
August Patch Tuesday
byIvanti
 
November Patch Tuesday
byIvanti
 
Français Patch Tuesday - Septembre
byIvanti
 
Français Patch Tuesday - Mars
byIvanti
 
March Patch Tuesday
byIvanti
 
2025 October Patch Tuesday
byIvanti
 
May Patch Tuesday
byIvanti
 
Français Patch Tuesday - Mai
byIvanti
 
Français Patch Tuesday - Février
byIvanti
 
Français Patch Tuesday - octobre
byIvanti
 
September Patch Tuesday
byIvanti
 
Français Patch Tuesday - Avril
byIvanti
 
April Patch Tuesday
byIvanti
 
Français Patch Tuesday - Juillet
byIvanti
 
July Patch Tuesday
byIvanti
 
Français Patch Tuesday - Juin
byIvanti
 
June Patch Tuesday
byIvanti
 

Recently uploaded

PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
The year in review - MarvelClient in 2025
bypanagenda
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 

Patch Tuesday Analysis - March 2017

  • 1.
    Patch Tuesday Webinar Wednesday,March 15th, 2017 Chris Goettl Worlton Dial In: 1-877-668-4490 (US) Attendees: 800 990 613
  • 2.
    Agenda March 2017 PatchTuesday Overview NewsKnown Issues Bulletins Q & A 1 2 3 4
  • 3.
    Industry News Vault 7– The latest from Wikileaks https://www.ivanti.com/blog/vault-7-tracker/
  • 9.
    CSWU-048: Cumulative updatefor Windows 10: March, 2017  Maximum Severity: Critical  Affected Products: Windows 10, IE, Edge  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17- 013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022, MS17-023  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 132 vulnerabilities:  Restart Required: Requires Restart
  • 10.
    SB17-002, SB17-003, SB17-004:Security Only Quality Update : March, 2017  Maximum Severity: Critical  Affected Products: Windows 7, 8.1, Server 2008 R2, Server 2012, Server 2012 R2  Description: This security update resolves the following bulletins: MS17-008, MS17-009, MS17- 010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 81 vulnerabilities:  Restart Required: Requires Restart
  • 11.
    CR17-002, CR17-003, CR17-004:Security Monthly Quality Rollup : March, 2017  Maximum Severity: Critical  Affected Products: Windows 7, 8.1, Server 2008 R2, Server 2012, Server 2012 R2  Description: This cumulative security update resolves the following bulletins: MS17-006, MS17- 008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure,  Fixes 81 vulnerabilities:  Restart Required: Requires Restart
  • 12.
    MS17-006: Cumulative SecurityUpdate for Internet Explorer (4013073)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0008 (Publicly Disclosed), CVE-2017-0009, CVE-2017- 0012 (Publicly Disclosed), CVE-2017-0018, CVE-2017-0033 (Publicly Disclosed), CVE-2017- 0037 (Publicly Disclosed), CVE-2017-0040, CVE-2017-0049, CVE-2017-0059, CVE-2017-0130, CVE-2017-0149 (Exploited), CVE-2017-0154 (Publicly Disclosed)  Restart Required: Requires Restart
  • 13.
    MS17-007: Cumulative SecurityUpdate for Microsoft Edge (4013071)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 32 vulnerabilities: CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012 (Publicly Disclosed), CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE- 2017-0033 (Publicly Disclosed), CVE-2017-0034, CVE-2017-0035, CVE-2017-0037 (Publicly Disclosed), CVE-2017-0065 (Publicly Disclosed), CVE-2017-0066, CVE-2017-0067, CVE-2017- 0068, CVE-2017-0069 (Publicly Disclosed), CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017- 0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE- 2017-0151  Restart Required: Requires Restart
  • 14.
    MS17-008: Security Updatefor Windows Hyper-V (4013082)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.  Impact: Remote Code Execution  Fixes 11 vulnerabilities: CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097 (Publicly Disclosed), CVE- 2017-0098, CVE-2017-0099, CVE-2017-0109  Restart Required: Requires Restart
  • 15.
    MS17-009: Security Updatefor Microsoft Windows PDF Library (4010319)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0023  Restart Required: Requires Restart
  • 16.
    MS17-010: Security Updatefor Microsoft Windows SMB Server (4013389)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.  Impact: Remote Code Execution  Fixes 6 vulnerabilities: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148  Restart Required: Requires Restart
  • 17.
    MS17-011: Security Updatefor Microsoft Uniscribe (4013076)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 29 vulnerabilities: CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017- 0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE- 2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017- 0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE- 2017-0126, CVE-2017-0127, CVE-2017-0128  Restart Required: Requires Restart
  • 18.
    MS17-012: Security Updatefor Microsoft Windows (4013078)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.  Impact: Remote Code Execution  Fixes 6 vulnerabilities: CVE-2017-0007, CVE-2017-0016, CVE-2017-0039, CVE-2017-0057, CVE-2017-0100, CVE-2017-0104  Restart Required: Requires Restart
  • 19.
    MS17-013: Security Updatefor Microsoft Graphics Component (4013075)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0001, CVE-2017-0005 (Exploited), CVE-2017-0014 (Publicly Disclosed), CVE-2017-0025, CVE-2017-0038, CVE-2017-0047, CVE-2017-0060, CVE- 2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0073, CVE-2017-0108  Restart Required: Requires Restart
  • 20.
    MS17-014: Security Updatefor Microsoft Office (4013241)  Maximum Severity: Important  Affected Products: Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft Communications Platforms and Software  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities: CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017- 0027, CVE-2017-0029 (Publicly Disclosed), CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053, CVE-2017-0105, CVE-2017-0107, CVE-2017-0129  Restart Required: May Require Restart
  • 21.
    MS17-017: Security Updatefor Windows Kernel (4013081)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 4 vulnerabilities: CVE-2017-0050 (Publicly Disclosed), CVE-2017-0101, CVE-2017- 0102, CVE-2017-0103  Restart Required: Requires Restart
  • 22.
    MS17-022: Security Updatefor Microsoft XML Core Services (4010321)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0022 (Exploited)  Restart Required: Requires Restart
  • 23.
    MS17-023: Security Updatefor Adobe Flash Player (4014329)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003  Restart Required: Requires Restart
  • 24.
    APSB17-07: Security Updatefor Adobe Flash Player (4014329)  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003  Restart Required:
  • 25.
    VMWW-004, VMWP-028: SecurityUpdate for VMware Workstation and Player (VMSA-2017-0005)  Maximum Severity: Critical  Affected Products: VMware Workstation Pro, VMware Player  Description: VMware Workstation and Fusion updates address critical out-of-bounds  memory access vulnerability.  Impact: Remote Code Execution  Fixes 1 vulnerabilities: CVE-2017-4901  Restart Required:
  • 26.
    MS17-015: Security Updatefor Microsoft Exchange Server (4013242)  Maximum Severity: Important  Affected Products: Microsoft Exchange  Description: This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0110  Restart Required: Requires Restart
  • 27.
    MS17-016: Security Updatefor Windows IIS (4013074)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0055  Restart Required: Requires Restart
  • 28.
    MS17-018: Security Updatefor Windows Kernel-Mode Drivers (4013083)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.  Impact: Elevation of Privilege  Fixes 8 vulnerabilities: CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082  Restart Required: Requires Restart
  • 29.
    MS17-019: Security Updatefor Active Directory Federation Services (4010320)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0043  Restart Required: Requires Restart
  • 30.
    MS17-020: Security Updatefor Windows DVD Maker (3208223)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0045  Restart Required: Requires Restart
  • 31.
    MS17-021: Security Updatefor Windows DirectShow (4010318)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2017-0042  Restart Required: Requires Restart
  • 32.
    APSB17-08: Security updateavailable for Adobe Shockwave Player  Maximum Severity: Important  Affected Products: Adobe Shockwave Player  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.  Impact: Escalation of Privilege  Fixes 1 vulnerability: CVE-2017-2983  Restart Required:
  • 34.
    Resources and Webinars GetShavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
  • 35.

Editor's Notes

  • #7 NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
  • #19 User Targeted – Privilege Management Mitigates Multiple Microsoft Browser Information Disclosure Vulnerabilities (Publicly Disclosed CVE-2017-0008) Multiple information disclosure vulnerabilities exist because of how the affected components handle objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise a target system. In a web-based attack scenario an attacker could host a website in an attempt to exploit the vulnerabilities. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerabilities. However, in all cases an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. Multiple Microsoft Browser Memory Corruption Vulnerabilities (Publicly Disclosed CVE-2017-0037, Exploited CVE-2017-0149) Multiple remote code execution vulnerabilities exist when affected Microsoft browsers improperly access objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.  In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. Multiple Microsoft Browser Spoofing Vulnerabilities (Publicly Disclosed CVE-2017-0012, CVE-2017-0033) Multiple spoofing vulnerabilities exist when a Microsoft browser does not properly parse HTTP responses. An attacker who successfully exploited these vulnerabilities could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services. To exploit these vulnerabilities, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or Instant Messenger message, and then convince the user to interact with content on the website. Internet Explorer Elevation of Privilege Vulnerability – Publicly Disclosed CVE-2017-0154 An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Internet Explorer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. The vulnerability by itself does not allow arbitrary code to be run. However, the vulnerability could be used in conjunction with another vulnerability (for example, a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code. For example, an attacker could exploit another vulnerability to run arbitrary code through Internet Explorer, but due to the context in which processes are launched by Internet Explorer, the code might be restricted to run at a low integrity level (very limited permissions). However, an attacker could, in turn, exploit this vulnerability to cause the arbitrary code to run at a medium integrity level (permissions of the current user).
  • #20 User Targeted – Privilege Management Mitigates Multiple Microsoft Edge Information Disclosure Vulnerabilities - Publicly Disclosed CVE-2017-0065 Multiple information disclosure vulnerabilities exist in the way that the affected components handle objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise a target system. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerabilities. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit these vulnerabilities. However, in all cases, an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. Multiple Microsoft Edge Spoofing Vulnerabilities – (Publicly Disclosed) CVE-2017-0012, CVE-2017-0033, CVE-2017-0069 Multiple spoofing vulnerabilities exist when a Microsoft browser does not properly parse HTTP responses. An attacker who successfully exploited these vulnerabilities could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services. To exploit these vulnerabilities, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or Instant Messenger message, and then convince the user to interact with content on the website. Microsoft Browser Memory Corruption Vulnerability – Publicly Disclosed CVE-2017-0037 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory that enables an attacker to execute arbitrary code in the context of the current user. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. In order to effect full code execution, an adversary would also need to combine this vulnerability with other exploits. An attacker who successfully combined multiple vulnerabilities to create an exploit chain could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • #21 Multiple Hyper-V Denial of Service Vulnerabilities - CVE-2017-0097 Multiple denial of service vulnerabilities exist when the Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.
  • #22 User Targeted – Privilege Management Mitigates Microsoft PDF Memory Corruption Vulnerability CVE – 2017-0023 A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability on Windows 10 systems with Microsoft Edge set as the default browser, an attacker could host a specially crafted website that contains malicious PDF content and then convince users to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted PDF content to such sites. Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website. The browsers for all other affected operating systems do not automatically render PDF content, so an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to open a specially crafted PDF document, typically by way of an enticement in an email or instant message or by way of an email attachment.
  • #23 Multiple Windows SMB Remote Code Execution Vulnerabilities Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server. The security update addresses the vulnerabilities by correcting how SMBv1 handles these specially crafted requests.
  • #24 User Targeted Multiple Windows Uniscribe Remote Code Execution Vulnerabilities Multiple remote code execution vulnerabilities exist in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit these vulnerabilities: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit these vulnerabilities and then convince a user to open the document file.
  • #25 User Targeted SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability – Publicly Disclosed CVE-2017-0016 A denial of service vulnerability exists in implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client. The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To exploit the vulnerability, an attacker could use various methods such as redirectors, injected HTML header links, etc., which could cause the SMB client to connect to a malicious SMB server. The security update addresses the vulnerability by correcting how the Microsoft SMBv2/SMBv3 Client handles specially crafted requests.
  • #26 User Targeted Multiple Windows GDI Elevation of Privilege Vulnerabilities – Exploited CVE-2017-0005 Elevation of privilege vulnerabilities exist in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit these vulnerabilities and take control of an affected system. The update addresses these vulnerabilities by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. Multiple Graphics Component Remote Code Execution Vulnerabilities – Publicly Disclosed CVE-2017-0014 Remote code execution vulnerabilities exist due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit these vulnerabilities. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit these vulnerabilities, and then convince a user to open the document file. Note that for affected Microsoft Office products, the Preview Pane is an attack vector.
  • #27 User Targeted – Privilege Management Mitigates Impact Microsoft Office Denial of Service Vulnerability – Publicly Disclosed CVE-2017-0029 A denial of service vulnerability exists when a specially crafted file is opened in Microsoft Office. An attacker who successfully exploited the vulnerability could cause Office to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. For an attack to be successful, this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.
  • #28 Windows Kernel Elevation of Privilege Vulnerability – Publicly Disclosed CVE-2017-0050 An elevation of privilege vulnerability exists when the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Kernel API validates input.
  • #29 User Targeted Microsoft XML Core Services Information Disclosure Vulnerability – Exploited CVE-2017-0022 An information vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk. To exploit the vulnerability, an attacker could host a specially-crafted website that is designed to invoke MSXML through Internet Explorer. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or a link in an Instant Messenger request that would then take the user to the website. The update addresses the vulnerability by changing the way MSXML handles objects in memory.
  • #30 User Targeted Mitigating Factors Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a website that contains a webpage that is used to exploit any of these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. Internet Explorer in the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list. This restriction requires an attacker to first compromise a website already listed on the CV list. An attacker could then host specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables scripts and ActiveX controls, helps reduce the risk of an attacker being able to use any of these vulnerabilities to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of any of these vulnerabilities through the web-based attack scenario. By default, Internet Explorer on Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode can help reduce the likelihood of the exploitation of these Adobe Flash Player vulnerabilities in Internet Explorer.
  • #31 User Targeted Mitigating Factors Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a website that contains a webpage that is used to exploit any of these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. Internet Explorer in the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list. This restriction requires an attacker to first compromise a website already listed on the CV list. An attacker could then host specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables scripts and ActiveX controls, helps reduce the risk of an attacker being able to use any of these vulnerabilities to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of any of these vulnerabilities through the web-based attack scenario. By default, Internet Explorer on Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode can help reduce the likelihood of the exploitation of these Adobe Flash Player vulnerabilities in Internet Explorer.
  • #33 User Targeted Microsoft Exchange Elevation of Privilege Vulnerability – CVE-2017-0110 An elevation of privilege vulnerability exists in the way that Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. To exploit the vulnerability, an attacker who successfully exploited this vulnerability could, perform script/content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could exploit the vulnerability by sending a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking on the malicious link. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests. NOTE: For this vulnerability to be exploited, a user must click on a maliciously crafted link from an attacker.
  • #34 User Targeted Microsoft IIS Server XSS Elevation of Privilege Vulnerability – CVE-2017-0055 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, and inject malicious content in the victim’s browser. For this vulnerability to be exploited, a user must click a specially crafted URL. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user and by convincing the user to click on the specially crafted URL. In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an instant messenger or email message that directs them to the affected website by way of a specially crafted URL.
  • #35 Multiple Win32k Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses these vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
  • #36 Microsoft Active Directory Federation Services Information Disclosure Vulnerability – CVE- 2017-0043 An information disclosure vulnerability exists when Windows Active Directory Federation Services (ADFS) honors XML External Entities. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the ADFS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by causing ADFS to ignore these malicious entities.
  • #37 User Targeted Windows DVD Maker Cross-Site Request Forgery Vulnerability CVE-2017-0045 An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how Windows DVD Maker parses files.
  • #38 User Targeted Windows DirectShow Information Disclosure Vulnerability - CVE-2017-0042 An information disclosure vulnerability exists when Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system. In a web-based attack scenario, an attacker could host a website used to attempt to exploit the vulnerability. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerability. However, in all cases, an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The security update addresses the vulnerability by correcting how Windows DirectShow handles objects in memory.
  • #39 User Targeted
  • #42 Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/