Microsoft Security Bulletins: March 2017

Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 141 vulnerabilities that were fixed in 18 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 18 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft Cumulative Security Update for Internet Explorer (MS17-006)

Severity

Urgent 5

Qualys ID

91333

Vendor Reference

MS17-006

CVE Reference

CVE-2017-0008, CVE-2017-0009, CVE-2017-0012, CVE-2017-0018, CVE-2017-0033, CVE-2017-0037, CVE-2017-0040, CVE-2017-0049, CVE-2017-0059, CVE-2017-0130, CVE-2017-0149, CVE-2017-0154

CVSS Scores

Base 7.6 / Temporal 6.6

Description

This security update resolves vulnerabilities in Internet Explorer.
Microsoft has rated this update as Critical for IE9, IE11 and Moderate for IE9, IE10 and IE11 on Windows servers.
The update addresses how affected components like browsers,JavaScript and Visual Basic Script engines handle objects in memory and also make improvements for parsing HTTP responses.

Consequence

The most severe of the vulnerabilities could allow remote code execution. Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems. Microsoft Internet Explorer suffers from a type confusion in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
In a web-based attack scenario an attacker could host a malicious webpage or use a compromised websites and websites that accept or host user-provided content to exploit the vulnerabilities to expose information to further compromise a target system.Due to improper parsing of HTTP responses attacker can redirecting them to a specially crafted website.This requires user action. JavaScript and Visual Basic engines could corrupt memory while handling objects, this could allow arbitrary code execution. The JScript engine can be exploited to detect specific files on the user's computer. Due to improper cross-domain policiy enforcement attacker could access information from one domain and inject it into another domain.

Solution

For more information, Customers are advised to refer the official advisory from Microsoft (MS17-006).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-006
Microsoft Edge Cumulative Security Update (MS17-007)

Severity

Urgent 5

Qualys ID

91332

Vendor Reference

MS17-007

CVE Reference

CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151

CVSS Scores

Base 7.6 / Temporal 6.6

Description

Microsoft Edge is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft Edge suffers multiple security vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Previously this QID was a Zero Day.
Affected Version:
Microsoft Edge on Windows 10 and Windows Server 2016.

Consequence

An unauthenticated remote attacker could exploit this vulnerability to execute malicious code on the system.

Solution

Customers are advised to refer to Microsoft Security Bulletin MS17-007 for details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-007 Windows 10 Version 1511 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1511 for x64-based Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1607 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1607 for x64-based Systems(Microsoft Edge)
MS17-007 Windows 10 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 for x64-based Systems(Microsoft Edge)
MS17-007 Windows Server 2016 for x64-based Systems(Microsoft Edge)
Microsoft Windows Security Update for Hyper-V (MS17-008)

Severity

Critical 4

Qualys ID

91337

Vendor Reference

MS17-008

CVE Reference

CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0109

CVSS Scores

Base 7.9 / Temporal 6.2

Description

Hyper-V is a hypervisor-based technology.
- Multiple denial of service vulnerabilities exist when the Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
- Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate vSMB packet data.
- Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
This security update is rated Critical for all supported editions of Windows.

Consequence

Successful exploitation allows an attacker to execute arbitrary code.

Solution

Refer to Microsoft Security Bulletin MS17-008 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-008 Windows 10 Version 1511 for x64-based Systems
MS17-008 Windows 10 Version 1607 for x64-based Systems
MS17-008 Windows 10 for x64-based Systems
MS17-008 Windows 7 for x64-based Systems Service Pack 1
MS17-008 Windows 8.1 for x64-based Systems
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Monthly Rollup
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Security Only
MS17-008 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-008 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
MS17-008 Windows Server 2012 (Server Core installation) (4012214) Security Only
MS17-008 Windows Server 2012 (Server Core installation) (4012217) Monthly Rollup
MS17-008 Windows Server 2012 R2
MS17-008 Windows Server 2012 R2 (Server Core installation) (4012213) Security Only
MS17-008 Windows Server 2012 R2 (Server Core installation) (4012216) Monthly Rollup
MS17-008 Windows Server 2016 for x64-based Systems
MS17-008 Windows Server 2016 for x64-based Systems [2](Server Core installation)
Microsoft Windows PDF Library Remote Code Execution Vulnerability (MS17-009)

Severity

Serious 3

Qualys ID

91334

Vendor Reference

MS17-009

CVE Reference

CVE-2017-0023

CVSS Scores

Base 7.6 / Temporal 5.6

Description

This security update resolves a vulnerability in Microsoft Windows. The security update addresses the vulnerability by correcting how affected systems handle objects in memory.
This security update is rated Critical for all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016.

Consequence

The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Solution

Customers are advised to refer to Microsoft Advisory MS17-009 for more details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-009 Windows 10 Version 1511 for 32-bit Systems
MS17-009 Windows 10 Version 1511 for x64-based Systems
MS17-009 Windows 10 Version 1607 for 32-bit Systems
MS17-009 Windows 10 Version 1607 for x64-based Systems
MS17-009 Windows 10 for 32-bit Systems
MS17-009 Windows 10 for x64-based Systems
MS17-009 Windows 8.1 for 32-bit Systems
MS17-009 Windows 8.1 for 32-bit Systems
MS17-009 Windows 8.1 for x64-based Systems
MS17-009 Windows 8.1 for x64-based Systems
MS17-009 Windows Server 2012
MS17-009 Windows Server 2012
MS17-009 Windows Server 2012 R2
MS17-009 Windows Server 2012 R2
MS17-009 Windows Server 2016 for x64-based Systems
Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers

Severity

Urgent 5

Qualys ID

91345

Vendor Reference

MS Shadow Brokers, MS17-010

CVE Reference

CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148

CVSS Scores

Base 9.3 / Temporal 8.1

Description

Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.
The Microsoft SMB Server is vulnerable to multiple remote code execution vulnerabilities due to the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.
This security update is rated Critical for all supported editions of Windows XP, Windows 2003, Windows 8, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 Service Pack 1, Windows Server 2012 and 2012 R2, Windows 8.1 and RT 8.1, Windows 10 and Windows Server 2016.

UPDATE: 14 May 2017. Signature for this QID has been updated to detect the patch released by Microsoft for end-of-life operating systems Windows XP, Windows 2003 and Windows 8.
QID Detection Logic (Unauthenticated):
This QID connects the remote server's "IPC$" then sends a "PeekNamedPipe" SMB request with "FID = 0" to the remote target. Vulnerable system should return "STATUS_INSUFF_SERVER_RESOURCES" in the SMB status code.
QID Detection Logic (Authenticated):
Operating Systems: Windows XP, Windows Server 2003 Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\drivers\srv.sys (On Windows XP, Windows Server 2003 Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016)
The following KBs are checked for srv.sys:
The patch version is 5.1.2600.7208 (KB4012598)
The patch version is 5.2.3790.6021 (KB4012598)
The patch version is 6.0.6002.19743 (KB4012598)
The patch version is 6.0.6002.24067 (KB4012598)
The patch version is 6.1.7601.23689 (KB4012212 and KB4012215)
The patch version is 6.2.9200.22099 (KB4012598, KB4012214 and KB4012217)
The patch version is 6.3.9600.18604 (KB4012213 and KB4012216)
The patch version is 10.0.10240.17319 (KB4012606)
The patch version is 10.0.10586.839 (KB4013198)
The patch version is 10.0.14393.953 (KB4013429)

Consequence

A remote attacker could gain the ability to execute code by sending crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
The latest version of the Petya ransomware is spreading over Windows SMB and is reportedly using the ETERNALBLUE exploit.

Solution

Customers are advised to refer to Microsoft Advisory MS17-010 or How to verify that MS17-010 is installed for more details.
Workaround:
Disable SMBv1
Refer to KB2696547 for more information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-010 Windows 10 Version 1511 for 32-bit Systems
MS17-010 Windows 10 Version 1511 for x64-based Systems
MS17-010 Windows 10 Version 1607 for 32-bit Systems
MS17-010 Windows 10 Version 1607 for x64-based Systems
MS17-010 Windows 10 for 32-bit Systems
MS17-010 Windows 10 for x64-based Systems
MS17-010 Windows 7 for 32-bit Systems Service Pack 1
MS17-010 Windows 7 for 32-bit Systems Service Pack 1
MS17-010 Windows 7 for x64-based Systems Service Pack 1
MS17-010 Windows 7 for x64-based Systems Service Pack 1
MS17-010 Windows 8
MS17-010 Windows 8.1 for 32-bit Systems
MS17-010 Windows 8.1 for 32-bit Systems
MS17-010 Windows 8.1 for x64-based Systems
MS17-010 Windows 8.1 for x64-based Systems
MS17-010 Windows RT 8.1
MS17-010 Windows Server 2003 Systems
MS17-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-010 Windows Server 2012
MS17-010 Windows Server 2012
MS17-010 Windows Server 2012 R2
MS17-010 Windows Server 2012 R2
MS17-010 Windows Server 2016 for x64-based Systems
MS17-010 Windows Vista Service Pack 2
MS17-010 Windows Vista x64 Edition Service Pack 2
MS17-010 Windows XP Service Pack 3
Microsoft Uniscribe Multiple Remote Code Execution and Information Disclosure Vulnerabilities (MS17-011)

Severity

Critical 4

Qualys ID

91338

Vendor Reference

MS17-011

CVE Reference

CVE-2017-0038, CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Multiple remote code execution and information disclosure vulnerabilities exist in Windows due to the way Windows Uniscribe handles objects in memory and improperly discloses the contents of its memory.
The security update addresses these vulnerabilities by correcting how Windows Uniscribe handles objects in memory.
This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, and Windows Server 2016.

Consequence

An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the users system or take control of the affected system.

Solution

Customers are advised to refer the official advisory from Microsoft (MS17-011) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-011 Windows 10 Version 1511 for 32-bit Systems
MS17-011 Windows 10 Version 1511 for x64-based Systems
MS17-011 Windows 10 Version 1607 for 32-bit Systems
MS17-011 Windows 10 Version 1607 for x64-based Systems
MS17-011 Windows 10 for 32-bit Systems
MS17-011 Windows 10 for x64-based Systems
MS17-011 Windows 7 for 32-bit Systems Service Pack 1
MS17-011 Windows 7 for 32-bit Systems Service Pack 1
MS17-011 Windows 7 for x64-based Systems Service Pack 1
MS17-011 Windows 7 for x64-based Systems Service Pack 1
MS17-011 Windows 8.1 for 32-bit Systems
MS17-011 Windows 8.1 for 32-bit Systems
MS17-011 Windows 8.1 for x64-based Systems
MS17-011 Windows 8.1 for x64-based Systems
MS17-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-011 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-011 Windows Server 2012
MS17-011 Windows Server 2012
MS17-011 Windows Server 2012 R2
MS17-011 Windows Server 2012 R2
MS17-011 Windows Server 2016 for x64-based Systems
MS17-011 Windows Vista Service Pack 2
MS17-011 Windows Vista x64 Edition Service Pack 2
Microsoft Cumulative Security Update for Windows (MS17-012)

Severity

Urgent 5

Qualys ID

370297

Vendor Reference

MS17-012

CVE Reference

CVE-2017-0007, CVE-2017-0016, CVE-2017-0039, CVE-2017-0057, CVE-2017-0100, CVE-2017-0104

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Microsoft has released a cumulative security update for Windows. The security update is rated Important for all affected Operating Systems.
Microsoft has addressed the vulnerabilities by fixing: 1) Certain elements Device of how Guard validates of signed PowerShell scripts.
2) Microsoft SMBv2/SMBv3 Client handles specially crafted requests.
3) Windows validates input before loading DLL files.
4) Windows dnsclient handles requests.
5) Helppane.exe authenticates the client.
6) iSNS Server service parses requests.

Consequence

Successful exploitation of the vulnerabilities may allow an attacker to perform remote code execution by running a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Solution

Customers are advised to view MS17-012 for instructions pertaining to the remediation of these vulnerabilities.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-012 Monthly Quality Rollup for Windows 7
MS17-012 Monthly Quality Rollup for Windows 7 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows 8.1
MS17-012 Monthly Quality Rollup for Windows 8.1 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Embedded Standard 7
MS17-012 Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2008 R2 for Itanium-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2012
MS17-012 Monthly Quality Rollup for Windows Server 2012 R2
MS17-012 Windows
MS17-012 Windows 10
MS17-012 Windows 10 (for x64-based Systems)
MS17-012 Windows 10 Version 1511
MS17-012 Windows 10 Version 1511 for x64-based Systems
MS17-012 Windows 10 Version 1607
MS17-012 Windows 10 Version 1607 for x64-based Systems
MS17-012 Windows 10 for x64-based Systems
MS17-012 Windows 7
MS17-012 Windows 7 for x64-based Systems
MS17-012 Windows 8.1
MS17-012 Windows 8.1 RT
MS17-012 Windows 8.1 for x64-based Systems
MS17-012 Windows Embedded Standard 7
MS17-012 Windows Embedded Standard 7 for x64-based Systems
MS17-012 Windows Server 2008
MS17-012 Windows Server 2008
MS17-012 Windows Server 2008 R2 for Itanium-based Systems
MS17-012 Windows Server 2008 R2 for x64-based Systems
MS17-012 Windows Server 2008 for Itanium-based Systems
MS17-012 Windows Server 2008 x64
MS17-012 Windows Server 2008 x64
MS17-012 Windows Server 2012
MS17-012 Windows Server 2012 R2
MS17-012 Windows Server 2016 for x64-based Systems
MS17-012 Windows Vista
MS17-012 Windows Vista for x64-based Systems
Microsoft Windows Graphics Component Multiple Vulnerabilities (MS17-013)

Severity

Critical 4

Qualys ID

91331

Vendor Reference

MS17-013

CVE Reference

CVE-2017-0001, CVE-2017-0005, CVE-2017-0014, CVE-2017-0025, CVE-2017-0038, CVE-2017-0047, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0073, CVE-2017-0108

CVSS Scores

Base 9.3 / Temporal 8.1

Description

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight.
The security update addresses the vulnerabilities by correcting how the software handles objects in memory.
This security update is rated Critical for: All supported releases of Microsoft Windows Affected editions of Microsoft Office 2007 and Microsoft Office 2010 Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010 Affected editions of Silverlight

Consequence

The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.

Solution

Refer to MS17-013 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-013 Microsoft Live Meeting 2007 Add-in
MS17-013 Microsoft Live Meeting 2007 Console
MS17-013 Microsoft Lync 2010
MS17-013 Microsoft Lync 2010
MS17-013 Microsoft Lync 2010 Attendee
MS17-013 Microsoft Lync 2010 Attendee
MS17-013 Microsoft Lync 2013 Service Pack 1
MS17-013 Microsoft Lync 2013 Service Pack 1
MS17-013 Microsoft Lync Basic 2013 Service Pack 1
MS17-013 Microsoft Lync Basic 2013 Service Pack 1
MS17-013 Microsoft Office 2007 Service Pack 3
MS17-013 Microsoft Office 2007 Service Pack 3
MS17-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-013 Microsoft Silverlight 5
MS17-013 Microsoft Silverlight 5 Developer Runtime
MS17-013 Microsoft Word Viewer
MS17-013 Microsoft Word Viewer
MS17-013 Skype for Business 2016
MS17-013 Skype for Business 2016
MS17-013 Skype for Business Basic 2016
MS17-013 Skype for Business Basic 2016
Microsoft Office Remote Code Execution Vulnerability (MS17-014)

Severity

Critical 4

Qualys ID

110296

Vendor Reference

MS17-014

CVE Reference

CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0027, CVE-2017-0029, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053, CVE-2017-0105, CVE-2017-0107, CVE-2017-0129

CVSS Scores

Base 9.3 / Temporal 6.9

Description

Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.
An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.
The security update addresses the vulnerabilities by:
- Correcting how Office handles objects in memory
- Changing the way certain functions handle objects in memory
- Properly initializing the affected variable
- Helping to ensure that SharePoint Server properly sanitizes web requests
- Correcting how the Lync for Mac 2011 client validates certificates
Affected versions of Office and Office components handle objects in memory.

Consequence

Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities

Solution

Refer to MS17-014 for more information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-014 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit edition)
MS17-014 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit edition)
MS17-014 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
MS17-014 Excel Services on Microsoft SharePoint Server 2013 Service Pack 1
MS17-014 Microsoft Excel 2007 Service Pack 3
MS17-014 Microsoft Excel 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Excel 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Excel 2013 Service Pack 1 (32-bit editions)
MS17-014 Microsoft Excel 2013 Service Pack 1 (64-bit editions)
MS17-014 Microsoft Excel 2016 (32-bit edition)
MS17-014 Microsoft Excel 2016 (64-bit edition)
MS17-014 Microsoft Excel 2016 for Mac
MS17-014 Microsoft Excel Viewer
MS17-014 Microsoft Excel for Mac 2011
MS17-014 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Office 2016 for Mac
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Web Apps 2010 Service Pack 2
MS17-014 Microsoft Office Web Apps Server 2013 Service Pack 1
MS17-014 Microsoft SharePoint Foundation 2013 Service Pack 1
MS17-014 Microsoft Word 2007 Service Pack 3
MS17-014 Microsoft Word 2007 Service Pack 3
MS17-014 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS17-014 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS17-014 Microsoft Word 2016 (32-bit edition)
MS17-014 Microsoft Word 2016 (64-bit edition)
MS17-014 Microsoft Word Viewer
MS17-014 Microsoft Word for Mac 2011
MS17-014 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Exchange Server Elevation of Privilege Vulnerability (MS17-015)

Severity

Urgent 5

Qualys ID

53006

Vendor Reference

MS17-015

CVE Reference

CVE-2017-0110

CVSS Scores

Base 4.3 / Temporal 3.2

Description

An elevation of privilege vulnerability exists in the way that Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests.
The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.
This security update is rated Important for all supported editions of Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016

Consequence

The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Solution

Please refer to MS17-015 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-015 Microsoft Exchange Server 2013 Cumulative Update 14
MS17-015 Microsoft Exchange Server 2013 Service Pack 1
MS17-015 Microsoft Exchange Server 2016 Cumulative Update 3
Microsoft IIS Server XSS Elevation of Privilege Vulnerability (MS17-016)

Severity

Serious 3

Qualys ID

91339

Vendor Reference

MS17-016

CVE Reference

CVE-2017-0055

CVSS Scores

Base 4.3 / Temporal 3.4

Description

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request.
An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, and inject malicious content in the victims browser.
The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests.
This security update is rated Important for all supported releases of Microsoft Windows.

Consequence

An attacker who successfully exploited this vulnerability could potentially execute scripts in the users browser to obtain information from web sessions.

Solution

Customers are advised to refer the official advisory from Microsoft (MS17-016) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-016 Windows 10 Version 1511 for 32-bit Systems
MS17-016 Windows 10 Version 1511 for x64-based Systems
MS17-016 Windows 10 Version 1607 for 32-bit Systems
MS17-016 Windows 10 Version 1607 for x64-based Systems
MS17-016 Windows 10 for 32-bit Systems
MS17-016 Windows 10 for x64-based Systems
MS17-016 Windows 7 for 32-bit Systems Service Pack 1
MS17-016 Windows 7 for 32-bit Systems Service Pack 1
MS17-016 Windows 7 for x64-based Systems Service Pack 1
MS17-016 Windows 7 for x64-based Systems Service Pack 1
MS17-016 Windows 8.1 for 32-bit Systems
MS17-016 Windows 8.1 for 32-bit Systems
MS17-016 Windows 8.1 for x64-based Systems
MS17-016 Windows 8.1 for x64-based Systems
MS17-016 Windows Server 2008 R2 for 32-bit Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 2
MS17-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-016 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-016 Windows Server 2012
MS17-016 Windows Server 2012
MS17-016 Windows Server 2012 R2
MS17-016 Windows Server 2012 R2
MS17-016 Windows Server 2016 for x64-based Systems
MS17-016 Windows Vista Service Pack 2
MS17-016 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Kernel Elevation of Privileges (MS17-017)

Severity

Critical 4

Qualys ID

91346

Vendor Reference

MS17-017

CVE Reference

CVE-2017-0050, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103

CVSS Scores

Base 7.2 / Temporal 6

Description

Multiple elevation of privilege vulnerabilities exists in the Microsoft Windows Kernel.
The update addresses the vulnerabilities by correcting how Windows handles objects in memory, validates buffer lengths and inputs.
Microsoft has rated this vulnerability as Important for all supported releases of Windows.

Consequence

A local attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.

Solution

Customers are advised to refer to MS17-017 for more information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-017 Windows 10
MS17-017 Windows 10 Version 1511
MS17-017 Windows 10 Version 1607
MS17-017 Windows 7 - Monthly rollup
MS17-017 Windows 7 - Security only
MS17-017 Windows 8.1 - Monthly rollup
MS17-017 Windows 8.1 - Security only
MS17-017 Windows RT 8.1
MS17-017 Windows Server 2008
MS17-017 Windows Server 2008 R2 - Monthly rollup
MS17-017 Windows Server 2008 R2 - Security only
MS17-017 Windows Server 2012 - Monthly rollup
MS17-017 Windows Server 2012 - Security only
MS17-017 Windows Server 2012 R2 - Monthly rollup
MS17-017 Windows Server 2012 R2 - Security only
MS17-017 Windows Server 2016
MS17-017 Windows Vista - 32 bit
MS17-017 Windows Vista - 64 bit
Microsoft Security Update for Windows Kernel-Mode Drivers (MS17-018)

Severity

Critical 4

Qualys ID

91342

Vendor Reference

MS17-018

CVE Reference

CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082

CVSS Scores

Base 7.2 / Temporal 6

Description

Multiple elevation of privilege vulnerabilities exist in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
This security update is rated Important for all supported releases of Microsoft Windows.

Consequence

The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system

Solution

Customers are advised to refer to MS17-018 for more information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-018 Windows 10 Version 1511 for 32-bit Systems
MS17-018 Windows 10 Version 1511 for x64-based Systems
MS17-018 Windows 10 Version 1607 for 32-bit Systems
MS17-018 Windows 10 Version 1607 for x64-based Systems
MS17-018 Windows 10 for 32-bit Systems
MS17-018 Windows 10 for x64-based Systems
MS17-018 Windows 7 for 32-bit Systems Service Pack 1
MS17-018 Windows 7 for 32-bit Systems Service Pack 1
MS17-018 Windows 7 for x64-based Systems Service Pack 1
MS17-018 Windows 7 for x64-based Systems Service Pack 1
MS17-018 Windows 8.1 for 32-bit Systems
MS17-018 Windows 8.1 for 32-bit Systems
MS17-018 Windows 8.1 for x64-based Systems
MS17-018 Windows 8.1 for x64-based Systems
MS17-018 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-018 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-018 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-018 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-018 Windows Server 2012
MS17-018 Windows Server 2012
MS17-018 Windows Server 2012 R2
MS17-018 Windows Server 2012 R2
MS17-018 Windows Server 2016 for x64-based Systems
MS17-018 Windows Vista Service Pack 2
MS17-018 Windows Vista x64 Edition Service Pack 2
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (MS17-019)

Severity

Critical 4

Qualys ID

91341

Vendor Reference

MS17-019

CVE Reference

CVE-2017-0043

CVSS Scores

Base 2.9 / Temporal 2.1

Description

An information disclosure vulnerability exists when Windows Active Directory Federation Services (ADFS) honors XML External Entities. The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.
This security update is rated Important for all supported releases of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.

Consequence

An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.

Solution

Customers are advised to refer the official advisory from Microsoft (MS17-019) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-019 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-019 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-019 Windows Server 2012
MS17-019 Windows Server 2012
MS17-019 Windows Server 2012 R2
MS17-019 Windows Server 2012 R2
MS17-019 Windows Server 2016 for x64-based Systems
Microsoft Windows Update for Vulnerabilities in Windows DVD Maker (MS17-020)

Severity

Critical 4

Qualys ID

91343

Vendor Reference

MS17-020

CVE Reference

CVE-2017-0045

CVSS Scores

Base 4.3 / Temporal 3.7

Description

Windows DVD Maker is a DVD authoring utility developed by Microsoft for Windows Vista and included in Windows 7 which allows users to create DVD slideshows and videos.
An attacker can either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application which may leak information about the target system.
Affected OS:
1) Windows 7 Service Pack 1
2) Windows Vista Service Pack 2

Consequence

Successul exploitation of the vulnerability may lead to information disclosure.

Solution

Customers are advised to view MS17-020 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-020 Windows
MS17-020 Windows 7
MS17-020 Windows 7 - Monthly rollup
MS17-020 Windows 7 for x64-based Systems
MS17-020 Windows 7 for x64-based Systems Monthly Roll-Up
MS17-020 Windows Embedded Standard 7
MS17-020 Windows Embedded Standard 7 Monthly Roll-Up
MS17-020 Windows Embedded Standard 7 Monthly Roll-Up
MS17-020 Windows Embedded Standard 7 for x64-based Systems
MS17-020 Windows Vista
MS17-020 Windows Vista for x64-based Systems
Microsoft Windows DirectShow Information Disclosure Vulnerability (MS17-021)

Severity

Critical 4

Qualys ID

91340

Vendor Reference

MS17-021

CVE Reference

CVE-2017-0042

CVSS Scores

Base 2.6 / Temporal 2

Description

An information disclosure vulnerability exists when Windows DirectShow handles objects in memory.
This security update is rated Important for all affected versions of Windows.
Microsoft does have a patch available for Windows Server 2012.

Consequence

An attacker who successfully exploited the vulnerability can obtain information to further compromise a target system.

Solution

Refer to Microsoft Security Bulletin MS17-021 for details.
Microsoft does have a patch available for Windows Server 2012.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-021 Windows 10 Version 1511 for 32-bit Systems
MS17-021 Windows 10 Version 1511 for x64-based Systems
MS17-021 Windows 10 Version 1607 for 32-bit Systems
MS17-021 Windows 10 Version 1607 for x64-based Systems
MS17-021 Windows 10 for 32-bit Systems
MS17-021 Windows 10 for x64-based Systems
MS17-021 Windows 7 for 32-bit Systems Service Pack 1
MS17-021 Windows 7 for x64-based Systems Service Pack 1
MS17-021 Windows 8.1 for 32-bit Systems
MS17-021 Windows 8.1 for x64-based Systems
MS17-021 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-021 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-021 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-021 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-021 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-021 Windows Server 2012
MS17-021 Windows Server 2012
MS17-021 Windows Server 2012 R2
MS17-021 Windows Server 2016 for x64-based Systems
MS17-021 Windows Vista Service Pack 2
MS17-021 Windows Vista x64 Edition Service Pack 2
Microsoft XML Core Services Information Disclosure Vulnerability (MS17-022)

Severity

Critical 4

Qualys ID

91344

Vendor Reference

MS17-022

CVE Reference

CVE-2017-0022

CVSS Scores

Base 4.3 / Temporal 3.7

Description

An information vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory.
This security update is rated Important for Microsoft XML Core Services 3.0 on all supported releases of Microsoft Windows.

Consequence

Successful exploitation of the vulnerability can allow the attacker to test for the presence of files on disk.

Solution

Refer to Microsoft Security Bulletin MS17-022 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-022 Windows 10 Version 1511 for 32-bit Systems
MS17-022 Windows 10 Version 1511 for 32-bit Systems
MS17-022 Windows 10 Version 1607 for 32-bit Systems
MS17-022 Windows 10 Version 1607 for x64-based Systems
MS17-022 Windows 10 for 32-bit Systems
MS17-022 Windows 10 for x64-based Systems
MS17-022 Windows 7 for 32-bit Systems Service Pack 1 Security Only
MS17-022 Windows 7 for 32-bit Systems Service Pack 1 Monthly Rollup
MS17-022 Windows 7 for x64-based Systems Service Pack 1 Security Only
MS17-022 Windows 7 for x64-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows 8.1 for 32-bit Systems Monthly Rollup
MS17-022 Windows 8.1 for 32-bit Systems Security Only
MS17-022 Windows 8.1 for x64-based Systems Monthly Rollup
MS17-022 Windows 8.1 for x64-based Systems Security Only
MS17-022 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Security Only
MS17-022 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Security Only
MS17-022 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-022 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-022 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-022 Windows Server 2012 R2 Monthly Rollup
MS17-022 Windows Server 2012 R2 Security Only
MS17-022 Windows Server 2016 for x64-based Systems
MS17-022 Windows Vista Service Pack 2
MS17-022 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Edge (MS17-023)

Severity

Urgent 5

Qualys ID

100307

Vendor Reference

MS17-023

CVE Reference

CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

CVSS Scores

Base 9.3 / Temporal 8.1

Description

The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB17-07, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Consequence

Successful exploitation of the vulnerabilites could lead to code execution and information discloure.

Solution

Customers are advised to view MS17-023 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-023 Windows
MS17-023 Windows 10
MS17-023 Windows 10 (for x64-based Systems)
MS17-023 Windows 10 Version 1511
MS17-023 Windows 10 Version 1511 (for x64-based Systems)
MS17-023 Windows 10 Version 1607 (for x64-based Systems)
MS17-023 Windows 8 Embedded
MS17-023 Windows 8.1
MS17-023 Windows 8.1 x64
MS17-023 Windows Embedded 8 Standard for X64-based Systems
MS17-023 Windows Server 2012
MS17-023 Windows Server 2012 R2
MS17-023 Windows Server 2016 (for x64-based Systems)

These new vulnerability checks are included in Qualys vulnerability signature 2.3.562-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 91333
- 91332
- 91337
- 91334
- 91345
- 91338
- 370297
- 91331
- 110296
- 53006
- 91339
- 91346
- 91342
- 91341
- 91343
- 91340
- 91344
- 100307
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

March 14, 2017

Advisory overview

Vulnerability details

Microsoft Cumulative Security Update for Internet Explorer (MS17-006)

Microsoft Edge Cumulative Security Update (MS17-007)

Microsoft Windows Security Update for Hyper-V (MS17-008)

Microsoft Windows PDF Library Remote Code Execution Vulnerability (MS17-009)

Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers

Microsoft Uniscribe Multiple Remote Code Execution and Information Disclosure Vulnerabilities (MS17-011)

Microsoft Cumulative Security Update for Windows (MS17-012)

Microsoft Windows Graphics Component Multiple Vulnerabilities (MS17-013)

Microsoft Office Remote Code Execution Vulnerability (MS17-014)

Microsoft Exchange Server Elevation of Privilege Vulnerability (MS17-015)

Microsoft IIS Server XSS Elevation of Privilege Vulnerability (MS17-016)

Microsoft Windows Kernel Elevation of Privileges (MS17-017)

Microsoft Security Update for Windows Kernel-Mode Drivers (MS17-018)

Microsoft Active Directory Federation Services Information Disclosure Vulnerability (MS17-019)

Microsoft Windows Update for Vulnerabilities in Windows DVD Maker (MS17-020)

Microsoft Windows DirectShow Information Disclosure Vulnerability (MS17-021)

Microsoft XML Core Services Information Disclosure Vulnerability (MS17-022)

Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Edge (MS17-023)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys