Endpoint Protection

Microsoft Patch Tuesday – April 2017 

04-11-2017 03:16 PM

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 44 vulnerabilities, 13 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

  • Microsoft .NET Framework
  • Microsoft Hyper-V
  • Microsoft Internet Explorer
  • Microsoft Edge
  • Microsoft Office
  • Visual Studio for Mac
  • Microsoft Graphics Component
  • Microsoft Windows Active Directory
  • Microsoft Windows
     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft .NET Framework

    .NET Remote Code Execution Vulnerability (CVE-2017-0160) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this issue could take control of an affected system.

  2. Cumulative Security Update for Microsoft Windows Hyper-V

    Hyper-V Remote Code Execution Vulnerability (CVE-2017-0162) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.

    Hyper-V Remote Code Execution Vulnerability (CVE-2017-0163) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.

    Windows Remote Code Execution Vulnerability (CVE-2017-0180) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.

    Windows Remote Code Execution Vulnerability (CVE-2017-0181) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0178) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0179) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0182) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0183) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0184) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0185) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Denial of Service Vulnerability (CVE-2017-0186) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.

    Hyper-V Information Disclosure Vulnerability (CVE-2017-0168) MS Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.

    Hyper-V Information Disclosure Vulnerability (CVE-2017-0169) MS Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.

  3. Cumulative Security Update for Microsoft Internet Explorer

    Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Browsers improperly access objects in memory. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0210) MS Rating: Important

    A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. This may allow an attacker to access information from one domain and inject it into another domain.

  4. Cumulative Security Update for Microsoft Edge

    Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-0093) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-0200) MS Rating: Critical

    A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) MS Rating: Important

    An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user’s system.

    Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0203) MS Rating: Moderate

    A security bypass vulnerability exists when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content.

  5. Cumulative Security Update for Microsoft Office

    Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0106) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.

    Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.

    Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited this issue could use the information to compromise the user computer or data.

    Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-0204) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Office software when the Office software improperly handles the parsing of file formats.

    Microsoft Office XSS Elevation of Privilege Vulnerability (CVE-2017-0195) MS Rating: Important

    A privilege escalation vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this issue by sending a specially crafted request to an affected Office Web Apps server.

    Office DLL Loading Vulnerability (CVE-2017-0197) MS Rating: Important

    A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.

    Microsoft Office Spoofing Vulnerability (CVE-2017-0207) MS Rating: Moderate

    A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.

  6. Cumulative Security Update for Microsoft Windows Graphics

    Windows Graphics Elevation of Privilege Vulnerability (CVE-2017-0155) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Graphics fails to properly sanitize handles in memory. An attacker who successfully exploited this issue could run arbitrary code as System.

    Windows Graphics Component Elevation of Privilege Vulnerability (CVE-2017-0156) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  7. Cumulative Security Update for Microsoft Windows Active Directory

    Active Directory Denial of Service Vulnerability (CVE-2017-0164) MS Rating: Important

    A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this issue could cause the Active Directory service to become nonresponsive.

    ADFS Security Feature Bypass Vulnerability (CVE-2017-0159) MS Rating: Important

    A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests.

  8. Cumulative Security Update for Microsoft Windows

    ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192) MS Rating: Important

    An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) because it fails to properly handle objects in memory. An attacker who successfully exploits this issue could obtain information to further compromise the user system.

    LDAP Elevation of Privilege Vulnerability (CVE-2017-0166) MS Rating: Important

    A privilege escalation vulnerability exists when LDAP request buffer lengths are improperly calculated. An attacker can exploit this issue by running a specially crafted application to send malicious traffic to a Domain Controller.

    libjpeg Information Disclosure Vulnerability (CVE-2013-6629) MS Rating: Important

    An information disclosure vulnerability exists when the open-source libjpeg image-processing library fails to properly handle objects in memory. An attacker can exploit this issue to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass.

    Win32k Elevation of Privilege Vulnerability (CVE-2017-0189) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.

    Win32k Information Disclosure Vulnerability (CVE-2017-0058) MS Rating: Important

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited this issue could obtain information to further compromise the user system.

    Win32k Information Disclosure Vulnerability (CVE-2017-0188) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.

    Windows Denial of Service Vulnerability (CVE-2017-0191) MS Rating: Important

    A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited this issue could cause a target system to stop responding.

    Windows Elevation of Privilege Vulnerability (CVE-2017-0165) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited this issue could run arbitrary code as System.

    Windows Kernel Information Disclosure Vulnerability (CVE-2017-0167) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user system.

    Windows OLE Elevation of Privilege Vulnerability (CVE-2017-0211) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. An attacker who successfully exploited this issue could allow an application with limited privileges on an affected system to execute code at a medium integrity level.

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.