Microsoft has released the third security bulletin for 2017. The March Patch Tuesday has rolled out 18 security bulletins that cover over 140 vulnerabilities.
Nine of the security bulletins are rated as Critical. They include patches for 47 critical vulnerabilities that affect Internet Explorer, Edge, Adobe Flash Player, Windows PDF Library, Hyper-V, Microsoft SMB Server, Uniscribe, Microsoft Graphics Component, and Microsoft Windows. The critical issues allow remote code execution on the unpatched systems.
The remaining 11 are Important and resolve 92 vulnerabilities in Microsoft Office, Internet Information Services, Microsoft Exchange Server, Microsoft XML Core Services, Windows DVD Maker, Active Directory Federation Services, DirectShow, Internet Information Services, Windows Kernel and Windows Kernel-Mode Drivers.
All Windows users are advised to check their systems for available updates and install all of the available updates as soon as possible.
Which Are the Microsoft Security Bulletins Rated as Critical?
Critical Windows updates are included in bulletins MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013 and MS17-023.
MS17-006 – Cumulative Security Update for Internet Explorer (4013073)
MS17-006 is a cumulative update which means it incorporates not just all of the newest security updates but all the older fixes from previous packs, too.
Аs the name implies this security update covers vulnerabilities in Internet Explorer. Six of the covered vulnerabilities are critical. The evilest vulnerabilities allow remote code execution due to how browsers handle objects in memory. One of these, the CVE-2017-0149 is reported to be actively exploited in the wild.
A security issue could occur when a user views a compromised web page via Internet Explorer. Once an attacker exploits these vulnerabilities successfully he could gain the same rights as the current user. Thus an attacker could install programs, create new accounts with full user rights, and view, change or delete data whenever the victim is logged on with administrative user rights.
MS17-006 security bulletin also covers several significant vulnerabilities that once exploited can expose information from the memory disk or allow an attacker to redirect a victim to a malicious website.
MS17-007 – Cumulative Security Update for Microsoft Edge (4013071)
MS17-007 security bulletin patches vulnerabilities in Microsoft Edge. All critical vulnerabilities concern eventual remote code execution attacks if they are successfully exploited. Most of them potentially allow attackers to execute arbitrary code on affected systems.
The flaws could be again exploited when a user views a website that contains malicious content.
Some of the important vulnerabilities included in this security bulletin potentially allow an attack that will grant access to information from the affected PC’s memory.
Once you install this update, it will modify how Microsoft Edge handles objects in memory pushing away all existing vulnerabilities.
MS17-008 – Security Update for Windows Hyper-V (4013082)
The security update for Windows Hyper-V also covers critical Windows flaws. One of them occurs when Hyper-V fails to validate VSMB packet data properly. In other words, it is a file sharing vulnerability that is possible to be exploited when two or more virtual machines exchange information. An attacker who is also using virtual machine could exploit this vulnerability to execute arbitrary code on the host.
Besides another two critical flaws potentially allow an attacker to execute arbitrary code on the host due to how the host system validates input from authenticated users on a guest OS.
MS17-008 is rated Critical for all Windows supported editions.
MS17-009 – Security Update for Microsoft Windows PDF Library (4010319)
The MS17-009 security update corrects how affected systems handle objects in memory. One of the critical vulnerabilities addresses the MS Windows PRD library. By exploiting the flaw, an attacker could compromise a website that contains PDF content. So, once a user who is using an unpatched Windows system, lands on this web page, a remote code execution attack could be easily triggered.
MS17-010 – Security Update for Microsoft Windows SMB Server (4013389)
Five critical vulnerabilities included in MS17-010 security update can be exploited by sending a malicious packet to Microsoft Server Message Block 1.0 (SMBv1) server. The attack could then lead to remote code execution or leak of information stored on the server. The update corrects how SMBv1 handles specially crafted requests.
MS17-011 – Security Update for Microsoft Uniscribe (4013076)
The way Windows Uniscribe handles objects in memory is the reason why remote code execution attacks could arise. Multiple critical vulnerabilities in Uniscribe allow attackers to grant access to the system once a user is tricked into visiting a specially crafted website or downloading a malicious file. The vulnerabilities rated as important can be exploited in the same way, but result in the disclosure of memory contents to the attacker.
MS17-012 – Security Update for Microsoft Windows (4013078)
The MS17-012 bulletin fixes one critical vulnerability. It is in the Internet Storage Name Service (iSNS) server service. The iSNS fails to properly validate client input so an attacker could potentially run arbitrary code on the affected system.
All security vulnerabilities addressed by MS17-012 are:
• Correcting how Device Guard validates certain elements of signed PowerShell scripts.
• Correcting how the Microsoft SMBv2/SMBv3 Client handles specially crafted requests.
• Correcting how Windows validates input before loading DLL files.
• Modifying how Windows dnsclient handles requests.
• Correcting how Helppane.exe authenticates the client.
• Modifying how the iSNS Server service parses requests.
MS17-013 – Security Update for Microsoft Graphics Component (4013075)
Microsoft rates MS17-013 security bulletin as Critical for:
• All supported releases of Microsoft Windows
• Affected editions of Microsoft Office 2007 and Microsoft Office 2010
• Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010
• Affected editions of Silverlight
MS17-023 – Security Update for Adobe Flash Player (4014329)
The last critical security bulletin is for Adobe Flash Player. It is addressing critical vulnerabilities that could again result in remote code execution once they are successfully exploited by an attacker. All Adobe vulnerabilities are also included in Adobe Security Bulletin APSB17-07 that was released on March 14. As the company informs affected Flash Player versions are all 18.104.22.168 and earlier.
How could an attacker exploit these vulnerabilities?
In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.
Source: Microsoft Security TechCenter
The rest security bulletins are rated Important and include:
MS17-014, MS17-015, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, and MS17-022
More information about the Microsoft Security Bulletin March 2017 you could find on the official Microsoft Security TechCenter page.
Don’t forget to update your system if you haven’t done it yet.