Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th.
Ease of Use (published exploits) to Risk Table
Automated Exploit
|
|||||||
Easy
|
|||||||
Moderate
|
|||||||
Difficult
|
|||||||
Extremely Difficult
|
MS17-006 MS17-007 MS17-008 MS17-013 MS17-014 |
MS17-017 MS17-018 |
MS17-012 |
||||
No Known Exploit
|
MS17-019 MS17-021 MS17-022 |
|
MS17-009 MS17-011 MS17-020 MS17-023 |
|
MS17-015 MS17-016 |
|
MS17-010 |
Exposure
|
Local Availability
|
Local Access
|
Remote Availability
|
Remote Access
|
Local Privileged
|
Remote Privileged
|
MS17-006 | Cumulative Security Update for Internet Explorer | KB4013073 |
MS17-007 | Cumulative Security Update for Microsoft Edge | KB4013071 |
MS17-008 | Security Update for Windows Hyper-V | KB4013082 |
MS17-009 | Security Update for Microsoft Windows PDF Library | KB4010319 |
MS17-010 | Security Update for Microsoft Windows SMB Server | KB4013389 |
MS17-011 | Security Update for Microsoft Uniscribe | KB4013076 |
MS17-012 | Security Update for Microsoft Windows | KB4013078 |
MS17-013 | Security Update for Microsoft Graphics Component | KB4013075 |
MS17-014 | Security Update for Microsoft Office | KB4013241 |
MS17-015 | Security Update for Microsoft Exchange Server | KB4013242 |
MS17-016 | Security Update for Windows IIS | KB4013074 |
MS17-017 | Security Update for Windows Kernel | KB4013081 |
MS17-018 | Security Update for Windows Kernel-Mode Drivers | KB4013083 |
MS17-019 | Security Update for Active Directory Federation Services | KB4010320 |
MS17-020 | Security Update for Windows DVD Maker | KB3208223 |
MS17-021 | Security Update for Windows DirectShow | KB4010318 |
MS17-022 | Security Update for Microsoft XML Core Services | KB4010321 |
MS17-023 | Security Update for Adobe Flash Player | KB4014329 |
MS17-006
The first bulletin this month (Microsoft published bulletins to ensure a smooth transition away from bulletins) is the typical Internet Explorer cumulative update. While this bulletin contains your traditional mix of IE-only and IE/Edge vulnerabilities, the most important aspect of it is found in the ‘Update FAQ’. Customers must install both the cumulative update and a second standalone update for Microsoft IMAPI on Vista and Server 2008. CVE-2017-0008 has been publicly disclosed. CVE-2017-0037 has been publicly disclosed. CVE-2017-0012 has been publicly disclosed. CVE-2017-0033 has been publicly disclosed. CVE-2017-0154 has been publicly disclosed.
MS17-007
Up next, we have the cumulative update for Microsoft Edge. Like MS17-006 this is a rather standard update and there’s nothing out of the ordinary here. 5 of the 32 included CVEs have been publicly disclosed, 3 of which overlap with CVEs in MS17-006 that had been publicly disclosed. CVE-2017-0037 has been publicly disclosed. CVE-2017-0012 has been publicly disclosed. CVE-2017-0033 has been publicly disclosed. CVE-2017-0069 has been publicly disclosed. CVE-2017-0065 has been publicly disclosed.
MS17-008
This bulletin contains a number of Hyper-V related vulnerabilities, including multiple code execution vulnerabilities that could allow a malicious guest OS user to execute code on the host OS. CVE-2017-0097 has been publicly disclosed.
MS17-009
Up next, we have a single CVE for the Microsoft PDF library. If you’ve been paying attention to the details, you’ll notice that the CVE resolved here was also referenced in MS17-007. That is because, for Windows 10, the update for this is part of the Edge update. It is worth nothing that Windows 10 systems with Edge are the only platform that can be compromised by drive-by exploitation.
MS17-010
MS17-010 describes a number of Windows SMBv1 vulnerabilities that impact all supported versions of Windows. If it is not possible to apply the update immediately, Microsoft has provided guidance for disabling SMBv1 in KB2696547.
MS17-011
This bulletin contains 29 vulnerabilities impacting Microsoft Uniscribe. Microsoft has noted that there is overlap between MS17-011 and MS17-013, as update 4012853 is available in both bulletins, however, users do not need to install the fix twice.
MS17-012
MS17-012 is the mixed bag of patches this month. It contains fixes for vulnerabilities impacting Device Guard, SMBv2/SMBv3 Client, DLL Loading, dnsclient, helppane.exe, and the iSNS server. Be sure to pay close attention to the affected software table for this bulletin as not every version of Windows is impacted by every vulnerability. CVE-2017-0016 has been publicly disclosed.
MS17-013
This bulletin is another ‘everything but the kitchen sink’ bulletin with patches for Windows, Office, Skype, Lync, and Silverlight. This bulletin includes 12 vulnerabilities in total and, in addition to the overlap in MS17-001, also contains overlap with security update 4012497 in MS17-018. CVE-2017-0005 has been exploited. CVE-2017-0014 has been publicly disclosed.
MS17-014
As is usually this case, this month’s Microsoft Office update provides fixes for both the traditional Microsoft Office suite as well as the various Microsoft Office web applications. Microsoft has also provided details on how to prevent Microsoft Office from opening RTF documents from unknown or untrusted sources. Even if you can apply the patch, this workaround provides additional peace of mind and should be applied if possible. CVE-2017-0029 has been publicly disclosed.
MS17-015
The next bulletin this month, MS17-015 provides a fix for a single vulnerability affecting OWA in Microsoft Exchange. A user would have to follow a malicious URL in order for this vulnerability to be exploited.
MS17-016
This bulletin resolves a single Cross-Site Scripting vulnerability impacting Microsoft IIS. As with MS17-015, a user would have to follow a malicious link in order for this vulnerability to be exploited.
MS17-017
Next up, we have a fix for a number of vulnerabilities impacting the Windows kernel. CVE-2017-0050 has been Publicly Disclosed.
MS17-018
With this bulletin, we have the other update that overlaps with MS17-013 and resolves 8 Win32k privilege elevation vulnerabilities.
MS17-019
In MS17-019, we have a single vulnerability in Microsoft Active Directory Federation Services, an information disclosure that can occur when working with XML External Entities.
MS17-020
Windows DVD Maker contains a Cross-Site Request Forgery (CSRF) based on the details in MS17-020. This vulnerability is exploited when parsing malicious .msdvd files.
MS17-021
Continuing the information disclosure trend, we have a single information disclosure vulnerability in MS17-021 impacting Windows DirectShow. As with many other vulnerabilities this month, the user would have to follow a malicious link in order for this vulnerability to be exploited.
MS17-022
The penultimate vulnerability this month is an information disclosure in MSXML that can allow an attacker to test for the presence of files on the disk. A user would have to visit a malicious website that calls MSXML to see this vulnerability exploited. CVE-2017-0022 has been exploited.
MS17-023
The final update this month is, as always, the Adobe Flash update. Specifically, this update addresses the vulnerabilities found in APSB17-07. As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.