Microsoft security alert.
March 14, 2017
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 141 vulnerabilities that were fixed in 18 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 18 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Cumulative Security Update for Internet Explorer (MS17-006)
- Severity
- Urgent 5
- Qualys ID
- 91333
- Vendor Reference
- MS17-006
- CVE Reference
- CVE-2017-0008, CVE-2017-0009, CVE-2017-0012, CVE-2017-0018, CVE-2017-0033, CVE-2017-0037, CVE-2017-0040, CVE-2017-0049, CVE-2017-0059, CVE-2017-0130, CVE-2017-0149, CVE-2017-0154
- CVSS Scores
- Base 7.6 / Temporal 6.6
- Description
-
This security update resolves vulnerabilities in Internet Explorer.
Microsoft has rated this update as Critical for IE9, IE11 and Moderate for IE9, IE10 and IE11 on Windows servers.
The update addresses how affected components like browsers,JavaScript and Visual Basic Script engines handle objects in memory and also make improvements for parsing HTTP responses. - Consequence
-
The most severe of the vulnerabilities could allow remote code execution. Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems. Microsoft Internet Explorer suffers from a type confusion in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
In a web-based attack scenario an attacker could host a malicious webpage or use a compromised websites and websites that accept or host user-provided content to exploit the vulnerabilities to expose information to further compromise a target system.Due to improper parsing of HTTP responses attacker can redirecting them to a specially crafted website.This requires user action. JavaScript and Visual Basic engines could corrupt memory while handling objects, this could allow arbitrary code execution. The JScript engine can be exploited to detect specific files on the user's computer. Due to improper cross-domain policiy enforcement attacker could access information from one domain and inject it into another domain.
- Solution
-
For more information, Customers are advised to refer the official advisory from Microsoft (MS17-006).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-006
-
Microsoft Edge Cumulative Security Update (MS17-007)
- Severity
- Urgent 5
- Qualys ID
- 91332
- Vendor Reference
- MS17-007
- CVE Reference
- CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0015, CVE-2017-0017, CVE-2017-0023, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0150, CVE-2017-0151
- CVSS Scores
- Base 7.6 / Temporal 6.6
- Description
-
Microsoft Edge is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft Edge suffers multiple security vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Previously this QID was a Zero Day.Affected Version:
Microsoft Edge on Windows 10 and Windows Server 2016. - Consequence
- An unauthenticated remote attacker could exploit this vulnerability to execute malicious code on the system.
- Solution
-
Customers are advised to refer to Microsoft Security Bulletin MS17-007 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-007 Windows 10 Version 1511 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1511 for x64-based Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1607 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 Version 1607 for x64-based Systems(Microsoft Edge)
MS17-007 Windows 10 for 32-bit Systems(Microsoft Edge)
MS17-007 Windows 10 for x64-based Systems(Microsoft Edge)
MS17-007 Windows Server 2016 for x64-based Systems(Microsoft Edge)
-
Microsoft Windows Security Update for Hyper-V (MS17-008)
- Severity
- Critical 4
- Qualys ID
- 91337
- Vendor Reference
- MS17-008
- CVE Reference
- CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0109
- CVSS Scores
- Base 7.9 / Temporal 6.2
- Description
-
Hyper-V is a hypervisor-based technology.
- Multiple denial of service vulnerabilities exist when the Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
- Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate vSMB packet data.
- Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
This security update is rated Critical for all supported editions of Windows.
- Consequence
- Successful exploitation allows an attacker to execute arbitrary code.
- Solution
-
Refer to Microsoft Security Bulletin MS17-008 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-008 Windows 10 Version 1511 for x64-based Systems
MS17-008 Windows 10 Version 1607 for x64-based Systems
MS17-008 Windows 10 for x64-based Systems
MS17-008 Windows 7 for x64-based Systems Service Pack 1
MS17-008 Windows 8.1 for x64-based Systems
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Monthly Rollup
MS17-008 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Security Only
MS17-008 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-008 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
MS17-008 Windows Server 2012 (Server Core installation) (4012214) Security Only
MS17-008 Windows Server 2012 (Server Core installation) (4012217) Monthly Rollup
MS17-008 Windows Server 2012 R2
MS17-008 Windows Server 2012 R2 (Server Core installation) (4012213) Security Only
MS17-008 Windows Server 2012 R2 (Server Core installation) (4012216) Monthly Rollup
MS17-008 Windows Server 2016 for x64-based Systems
MS17-008 Windows Server 2016 for x64-based Systems [2](Server Core installation)
-
Microsoft Windows PDF Library Remote Code Execution Vulnerability (MS17-009)
- Severity
- Serious 3
- Qualys ID
- 91334
- Vendor Reference
- MS17-009
- CVE Reference
- CVE-2017-0023
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
This security update resolves a vulnerability in Microsoft Windows. The security update addresses the vulnerability by correcting how affected systems handle objects in memory.
This security update is rated Critical for all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016.
- Consequence
- The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS17-009 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-009 Windows 10 Version 1511 for 32-bit Systems
MS17-009 Windows 10 Version 1511 for x64-based Systems
MS17-009 Windows 10 Version 1607 for 32-bit Systems
MS17-009 Windows 10 Version 1607 for x64-based Systems
MS17-009 Windows 10 for 32-bit Systems
MS17-009 Windows 10 for x64-based Systems
MS17-009 Windows 8.1 for 32-bit Systems
MS17-009 Windows 8.1 for 32-bit Systems
MS17-009 Windows 8.1 for x64-based Systems
MS17-009 Windows 8.1 for x64-based Systems
MS17-009 Windows Server 2012
MS17-009 Windows Server 2012
MS17-009 Windows Server 2012 R2
MS17-009 Windows Server 2012 R2
MS17-009 Windows Server 2016 for x64-based Systems
-
Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers
- Severity
- Urgent 5
- Qualys ID
- 91345
- Vendor Reference
- MS Shadow Brokers, MS17-010
- CVE Reference
- CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.
The Microsoft SMB Server is vulnerable to multiple remote code execution vulnerabilities due to the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.
This security update is rated Critical for all supported editions of Windows XP, Windows 2003, Windows 8, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 Service Pack 1, Windows Server 2012 and 2012 R2, Windows 8.1 and RT 8.1, Windows 10 and Windows Server 2016.
UPDATE: 14 May 2017. Signature for this QID has been updated to detect the patch released by Microsoft for end-of-life operating systems Windows XP, Windows 2003 and Windows 8.
QID Detection Logic (Unauthenticated):
This QID connects the remote server's "IPC$" then sends a "PeekNamedPipe" SMB request with "FID = 0" to the remote target. Vulnerable system should return "STATUS_INSUFF_SERVER_RESOURCES" in the SMB status code.QID Detection Logic (Authenticated):
Operating Systems: Windows XP, Windows Server 2003 Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
This QID checks for the file version of %windir%\System32\drivers\srv.sys (On Windows XP, Windows Server 2003 Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016)
The following KBs are checked for srv.sys:
The patch version is 5.1.2600.7208 (KB4012598)
The patch version is 5.2.3790.6021 (KB4012598)
The patch version is 6.0.6002.19743 (KB4012598)
The patch version is 6.0.6002.24067 (KB4012598)
The patch version is 6.1.7601.23689 (KB4012212 and KB4012215)
The patch version is 6.2.9200.22099 (KB4012598, KB4012214 and KB4012217)
The patch version is 6.3.9600.18604 (KB4012213 and KB4012216)
The patch version is 10.0.10240.17319 (KB4012606)
The patch version is 10.0.10586.839 (KB4013198)
The patch version is 10.0.14393.953 (KB4013429) - Consequence
-
A remote attacker could gain the ability to execute code by sending crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
The latest version of the Petya ransomware is spreading over Windows SMB and is reportedly using the ETERNALBLUE exploit.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS17-010 or How to verify that MS17-010 is installed for more details.
Workaround:
Disable SMBv1
Refer to KB2696547 for more information.Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-010 Windows 10 Version 1511 for 32-bit Systems
MS17-010 Windows 10 Version 1511 for x64-based Systems
MS17-010 Windows 10 Version 1607 for 32-bit Systems
MS17-010 Windows 10 Version 1607 for x64-based Systems
MS17-010 Windows 10 for 32-bit Systems
MS17-010 Windows 10 for x64-based Systems
MS17-010 Windows 7 for 32-bit Systems Service Pack 1
MS17-010 Windows 7 for 32-bit Systems Service Pack 1
MS17-010 Windows 7 for x64-based Systems Service Pack 1
MS17-010 Windows 7 for x64-based Systems Service Pack 1
MS17-010 Windows 8
MS17-010 Windows 8.1 for 32-bit Systems
MS17-010 Windows 8.1 for 32-bit Systems
MS17-010 Windows 8.1 for x64-based Systems
MS17-010 Windows 8.1 for x64-based Systems
MS17-010 Windows RT 8.1
MS17-010 Windows Server 2003 Systems
MS17-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-010 Windows Server 2012
MS17-010 Windows Server 2012
MS17-010 Windows Server 2012 R2
MS17-010 Windows Server 2012 R2
MS17-010 Windows Server 2016 for x64-based Systems
MS17-010 Windows Vista Service Pack 2
MS17-010 Windows Vista x64 Edition Service Pack 2
MS17-010 Windows XP Service Pack 3
-
Microsoft Uniscribe Multiple Remote Code Execution and Information Disclosure Vulnerabilities (MS17-011)
- Severity
- Critical 4
- Qualys ID
- 91338
- Vendor Reference
- MS17-011
- CVE Reference
- CVE-2017-0038, CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Multiple remote code execution and information disclosure vulnerabilities exist in Windows due to the way Windows Uniscribe handles objects in memory and improperly discloses the contents of its memory.
The security update addresses these vulnerabilities by correcting how Windows Uniscribe handles objects in memory.
This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, and Windows Server 2016.
- Consequence
-
An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the users system or take control of the affected system.
- Solution
-
Customers are advised to refer the official advisory from Microsoft (MS17-011) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-011 Windows 10 Version 1511 for 32-bit Systems
MS17-011 Windows 10 Version 1511 for x64-based Systems
MS17-011 Windows 10 Version 1607 for 32-bit Systems
MS17-011 Windows 10 Version 1607 for x64-based Systems
MS17-011 Windows 10 for 32-bit Systems
MS17-011 Windows 10 for x64-based Systems
MS17-011 Windows 7 for 32-bit Systems Service Pack 1
MS17-011 Windows 7 for 32-bit Systems Service Pack 1
MS17-011 Windows 7 for x64-based Systems Service Pack 1
MS17-011 Windows 7 for x64-based Systems Service Pack 1
MS17-011 Windows 8.1 for 32-bit Systems
MS17-011 Windows 8.1 for 32-bit Systems
MS17-011 Windows 8.1 for x64-based Systems
MS17-011 Windows 8.1 for x64-based Systems
MS17-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-011 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-011 Windows Server 2012
MS17-011 Windows Server 2012
MS17-011 Windows Server 2012 R2
MS17-011 Windows Server 2012 R2
MS17-011 Windows Server 2016 for x64-based Systems
MS17-011 Windows Vista Service Pack 2
MS17-011 Windows Vista x64 Edition Service Pack 2
-
Microsoft Cumulative Security Update for Windows (MS17-012)
- Severity
- Urgent 5
- Qualys ID
- 370297
- Vendor Reference
- MS17-012
- CVE Reference
- CVE-2017-0007, CVE-2017-0016, CVE-2017-0039, CVE-2017-0057, CVE-2017-0100, CVE-2017-0104
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft has released a cumulative security update for Windows. The security update is rated Important for all affected Operating Systems.
Microsoft has addressed the vulnerabilities by fixing: 1) Certain elements Device of how Guard validates of signed PowerShell scripts.
2) Microsoft SMBv2/SMBv3 Client handles specially crafted requests.
3) Windows validates input before loading DLL files.
4) Windows dnsclient handles requests.
5) Helppane.exe authenticates the client.
6) iSNS Server service parses requests.
- Consequence
-
Successful exploitation of the vulnerabilities may allow an attacker to perform remote code execution by running a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.
- Solution
-
Customers are advised to view MS17-012 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-012 Monthly Quality Rollup for Windows 7
MS17-012 Monthly Quality Rollup for Windows 7 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows 8.1
MS17-012 Monthly Quality Rollup for Windows 8.1 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Embedded Standard 7
MS17-012 Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2008 R2 for Itanium-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
MS17-012 Monthly Quality Rollup for Windows Server 2012
MS17-012 Monthly Quality Rollup for Windows Server 2012 R2
MS17-012 Windows
MS17-012 Windows 10
MS17-012 Windows 10 (for x64-based Systems)
MS17-012 Windows 10 Version 1511
MS17-012 Windows 10 Version 1511 for x64-based Systems
MS17-012 Windows 10 Version 1607
MS17-012 Windows 10 Version 1607 for x64-based Systems
MS17-012 Windows 10 for x64-based Systems
MS17-012 Windows 7
MS17-012 Windows 7 for x64-based Systems
MS17-012 Windows 8.1
MS17-012 Windows 8.1 RT
MS17-012 Windows 8.1 for x64-based Systems
MS17-012 Windows Embedded Standard 7
MS17-012 Windows Embedded Standard 7 for x64-based Systems
MS17-012 Windows Server 2008
MS17-012 Windows Server 2008
MS17-012 Windows Server 2008 R2 for Itanium-based Systems
MS17-012 Windows Server 2008 R2 for x64-based Systems
MS17-012 Windows Server 2008 for Itanium-based Systems
MS17-012 Windows Server 2008 x64
MS17-012 Windows Server 2008 x64
MS17-012 Windows Server 2012
MS17-012 Windows Server 2012 R2
MS17-012 Windows Server 2016 for x64-based Systems
MS17-012 Windows Vista
MS17-012 Windows Vista for x64-based Systems
-
Microsoft Windows Graphics Component Multiple Vulnerabilities (MS17-013)
- Severity
- Critical 4
- Qualys ID
- 91331
- Vendor Reference
- MS17-013
- CVE Reference
- CVE-2017-0001, CVE-2017-0005, CVE-2017-0014, CVE-2017-0025, CVE-2017-0038, CVE-2017-0047, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0073, CVE-2017-0108
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight.
The security update addresses the vulnerabilities by correcting how the software handles objects in memory.
This security update is rated Critical for: All supported releases of Microsoft Windows Affected editions of Microsoft Office 2007 and Microsoft Office 2010 Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010 Affected editions of Silverlight
- Consequence
- The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
- Solution
-
Refer to MS17-013 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-013 Microsoft Live Meeting 2007 Add-in
MS17-013 Microsoft Live Meeting 2007 Console
MS17-013 Microsoft Lync 2010
MS17-013 Microsoft Lync 2010
MS17-013 Microsoft Lync 2010 Attendee
MS17-013 Microsoft Lync 2010 Attendee
MS17-013 Microsoft Lync 2013 Service Pack 1
MS17-013 Microsoft Lync 2013 Service Pack 1
MS17-013 Microsoft Lync Basic 2013 Service Pack 1
MS17-013 Microsoft Lync Basic 2013 Service Pack 1
MS17-013 Microsoft Office 2007 Service Pack 3
MS17-013 Microsoft Office 2007 Service Pack 3
MS17-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-013 Microsoft Silverlight 5
MS17-013 Microsoft Silverlight 5 Developer Runtime
MS17-013 Microsoft Word Viewer
MS17-013 Microsoft Word Viewer
MS17-013 Skype for Business 2016
MS17-013 Skype for Business 2016
MS17-013 Skype for Business Basic 2016
MS17-013 Skype for Business Basic 2016
-
Microsoft Office Remote Code Execution Vulnerability (MS17-014)
- Severity
- Critical 4
- Qualys ID
- 110296
- Vendor Reference
- MS17-014
- CVE Reference
- CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0027, CVE-2017-0029, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053, CVE-2017-0105, CVE-2017-0107, CVE-2017-0129
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.
An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.The security update addresses the vulnerabilities by:
- Correcting how Office handles objects in memory
- Changing the way certain functions handle objects in memory
- Properly initializing the affected variable
- Helping to ensure that SharePoint Server properly sanitizes web requests
- Correcting how the Lync for Mac 2011 client validates certificatesAffected versions of Office and Office components handle objects in memory.
- Consequence
- Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities
- Solution
-
Refer to MS17-014 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-014 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit edition)
MS17-014 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit edition)
MS17-014 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
MS17-014 Excel Services on Microsoft SharePoint Server 2013 Service Pack 1
MS17-014 Microsoft Excel 2007 Service Pack 3
MS17-014 Microsoft Excel 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Excel 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Excel 2013 Service Pack 1 (32-bit editions)
MS17-014 Microsoft Excel 2013 Service Pack 1 (64-bit editions)
MS17-014 Microsoft Excel 2016 (32-bit edition)
MS17-014 Microsoft Excel 2016 (64-bit edition)
MS17-014 Microsoft Excel 2016 for Mac
MS17-014 Microsoft Excel Viewer
MS17-014 Microsoft Excel for Mac 2011
MS17-014 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Office 2016 for Mac
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Compatibility Pack Service Pack 3
MS17-014 Microsoft Office Web Apps 2010 Service Pack 2
MS17-014 Microsoft Office Web Apps Server 2013 Service Pack 1
MS17-014 Microsoft SharePoint Foundation 2013 Service Pack 1
MS17-014 Microsoft Word 2007 Service Pack 3
MS17-014 Microsoft Word 2007 Service Pack 3
MS17-014 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS17-014 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS17-014 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS17-014 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS17-014 Microsoft Word 2016 (32-bit edition)
MS17-014 Microsoft Word 2016 (64-bit edition)
MS17-014 Microsoft Word Viewer
MS17-014 Microsoft Word for Mac 2011
MS17-014 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
-
Microsoft Exchange Server Elevation of Privilege Vulnerability (MS17-015)
- Severity
- Urgent 5
- Qualys ID
- 53006
- Vendor Reference
- MS17-015
- CVE Reference
- CVE-2017-0110
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
An elevation of privilege vulnerability exists in the way that Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests.
The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.
This security update is rated Important for all supported editions of Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016
- Consequence
- The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.
- Solution
-
Please refer to MS17-015 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-015 Microsoft Exchange Server 2013 Cumulative Update 14
MS17-015 Microsoft Exchange Server 2013 Service Pack 1
MS17-015 Microsoft Exchange Server 2016 Cumulative Update 3
-
Microsoft IIS Server XSS Elevation of Privilege Vulnerability (MS17-016)
- Severity
- Serious 3
- Qualys ID
- 91339
- Vendor Reference
- MS17-016
- CVE Reference
- CVE-2017-0055
- CVSS Scores
- Base 4.3 / Temporal 3.4
- Description
-
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request.
An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, and inject malicious content in the victims browser.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests.
This security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
-
An attacker who successfully exploited this vulnerability could potentially execute scripts in the users browser to obtain information from web sessions.
- Solution
-
Customers are advised to refer the official advisory from Microsoft (MS17-016) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-016 Windows 10 Version 1511 for 32-bit Systems
MS17-016 Windows 10 Version 1511 for x64-based Systems
MS17-016 Windows 10 Version 1607 for 32-bit Systems
MS17-016 Windows 10 Version 1607 for x64-based Systems
MS17-016 Windows 10 for 32-bit Systems
MS17-016 Windows 10 for x64-based Systems
MS17-016 Windows 7 for 32-bit Systems Service Pack 1
MS17-016 Windows 7 for 32-bit Systems Service Pack 1
MS17-016 Windows 7 for x64-based Systems Service Pack 1
MS17-016 Windows 7 for x64-based Systems Service Pack 1
MS17-016 Windows 8.1 for 32-bit Systems
MS17-016 Windows 8.1 for 32-bit Systems
MS17-016 Windows 8.1 for x64-based Systems
MS17-016 Windows 8.1 for x64-based Systems
MS17-016 Windows Server 2008 R2 for 32-bit Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-016 Windows Server 2008 R2 for x64-based Systems Service Pack 2
MS17-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-016 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-016 Windows Server 2012
MS17-016 Windows Server 2012
MS17-016 Windows Server 2012 R2
MS17-016 Windows Server 2012 R2
MS17-016 Windows Server 2016 for x64-based Systems
MS17-016 Windows Vista Service Pack 2
MS17-016 Windows Vista x64 Edition Service Pack 2
-
Microsoft Windows Kernel Elevation of Privileges (MS17-017)
- Severity
- Critical 4
- Qualys ID
- 91346
- Vendor Reference
- MS17-017
- CVE Reference
- CVE-2017-0050, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Multiple elevation of privilege vulnerabilities exists in the Microsoft Windows Kernel.
The update addresses the vulnerabilities by correcting how Windows handles objects in memory, validates buffer lengths and inputs.
Microsoft has rated this vulnerability as Important for all supported releases of Windows.
- Consequence
-
A local attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.
- Solution
-
Customers are advised to refer to MS17-017 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-017 Windows 10
MS17-017 Windows 10 Version 1511
MS17-017 Windows 10 Version 1607
MS17-017 Windows 7 - Monthly rollup
MS17-017 Windows 7 - Security only
MS17-017 Windows 8.1 - Monthly rollup
MS17-017 Windows 8.1 - Security only
MS17-017 Windows RT 8.1
MS17-017 Windows Server 2008
MS17-017 Windows Server 2008 R2 - Monthly rollup
MS17-017 Windows Server 2008 R2 - Security only
MS17-017 Windows Server 2012 - Monthly rollup
MS17-017 Windows Server 2012 - Security only
MS17-017 Windows Server 2012 R2 - Monthly rollup
MS17-017 Windows Server 2012 R2 - Security only
MS17-017 Windows Server 2016
MS17-017 Windows Vista - 32 bit
MS17-017 Windows Vista - 64 bit
-
Microsoft Security Update for Windows Kernel-Mode Drivers (MS17-018)
- Severity
- Critical 4
- Qualys ID
- 91342
- Vendor Reference
- MS17-018
- CVE Reference
- CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Multiple elevation of privilege vulnerabilities exist in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
This security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
- The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system
- Solution
-
Customers are advised to refer to MS17-018 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-018 Windows 10 Version 1511 for 32-bit Systems
MS17-018 Windows 10 Version 1511 for x64-based Systems
MS17-018 Windows 10 Version 1607 for 32-bit Systems
MS17-018 Windows 10 Version 1607 for x64-based Systems
MS17-018 Windows 10 for 32-bit Systems
MS17-018 Windows 10 for x64-based Systems
MS17-018 Windows 7 for 32-bit Systems Service Pack 1
MS17-018 Windows 7 for 32-bit Systems Service Pack 1
MS17-018 Windows 7 for x64-based Systems Service Pack 1
MS17-018 Windows 7 for x64-based Systems Service Pack 1
MS17-018 Windows 8.1 for 32-bit Systems
MS17-018 Windows 8.1 for 32-bit Systems
MS17-018 Windows 8.1 for x64-based Systems
MS17-018 Windows 8.1 for x64-based Systems
MS17-018 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-018 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-018 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-018 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-018 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-018 Windows Server 2012
MS17-018 Windows Server 2012
MS17-018 Windows Server 2012 R2
MS17-018 Windows Server 2012 R2
MS17-018 Windows Server 2016 for x64-based Systems
MS17-018 Windows Vista Service Pack 2
MS17-018 Windows Vista x64 Edition Service Pack 2
-
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (MS17-019)
- Severity
- Critical 4
- Qualys ID
- 91341
- Vendor Reference
- MS17-019
- CVE Reference
- CVE-2017-0043
- CVSS Scores
- Base 2.9 / Temporal 2.1
- Description
-
An information disclosure vulnerability exists when Windows Active Directory Federation Services (ADFS) honors XML External Entities. The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.
This security update is rated Important for all supported releases of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
- Consequence
- An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.
- Solution
-
Customers are advised to refer the official advisory from Microsoft (MS17-019) for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-019 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-019 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-019 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-019 Windows Server 2012
MS17-019 Windows Server 2012
MS17-019 Windows Server 2012 R2
MS17-019 Windows Server 2012 R2
MS17-019 Windows Server 2016 for x64-based Systems
-
Microsoft Windows Update for Vulnerabilities in Windows DVD Maker (MS17-020)
- Severity
- Critical 4
- Qualys ID
- 91343
- Vendor Reference
- MS17-020
- CVE Reference
- CVE-2017-0045
- CVSS Scores
- Base 4.3 / Temporal 3.7
- Description
-
Windows DVD Maker is a DVD authoring utility developed by Microsoft for Windows Vista and included in Windows 7 which allows users to create DVD slideshows and videos.
An attacker can either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application which may leak information about the target system.
Affected OS:
1) Windows 7 Service Pack 1
2) Windows Vista Service Pack 2
- Consequence
-
Successul exploitation of the vulnerability may lead to information disclosure.
- Solution
-
Customers are advised to view MS17-020 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-020 Windows
MS17-020 Windows 7
MS17-020 Windows 7 - Monthly rollup
MS17-020 Windows 7 for x64-based Systems
MS17-020 Windows 7 for x64-based Systems Monthly Roll-Up
MS17-020 Windows Embedded Standard 7
MS17-020 Windows Embedded Standard 7 Monthly Roll-Up
MS17-020 Windows Embedded Standard 7 Monthly Roll-Up
MS17-020 Windows Embedded Standard 7 for x64-based Systems
MS17-020 Windows Vista
MS17-020 Windows Vista for x64-based Systems
-
Microsoft Windows DirectShow Information Disclosure Vulnerability (MS17-021)
- Severity
- Critical 4
- Qualys ID
- 91340
- Vendor Reference
- MS17-021
- CVE Reference
- CVE-2017-0042
- CVSS Scores
- Base 2.6 / Temporal 2
- Description
-
An information disclosure vulnerability exists when Windows DirectShow handles objects in memory.
This security update is rated Important for all affected versions of Windows.
Microsoft does have a patch available for Windows Server 2012.
- Consequence
- An attacker who successfully exploited the vulnerability can obtain information to further compromise a target system.
- Solution
-
Refer to Microsoft Security Bulletin MS17-021 for details.
Microsoft does have a patch available for Windows Server 2012.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-021 Windows 10 Version 1511 for 32-bit Systems
MS17-021 Windows 10 Version 1511 for x64-based Systems
MS17-021 Windows 10 Version 1607 for 32-bit Systems
MS17-021 Windows 10 Version 1607 for x64-based Systems
MS17-021 Windows 10 for 32-bit Systems
MS17-021 Windows 10 for x64-based Systems
MS17-021 Windows 7 for 32-bit Systems Service Pack 1
MS17-021 Windows 7 for x64-based Systems Service Pack 1
MS17-021 Windows 8.1 for 32-bit Systems
MS17-021 Windows 8.1 for x64-based Systems
MS17-021 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS17-021 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS17-021 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-021 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-021 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-021 Windows Server 2012
MS17-021 Windows Server 2012
MS17-021 Windows Server 2012 R2
MS17-021 Windows Server 2016 for x64-based Systems
MS17-021 Windows Vista Service Pack 2
MS17-021 Windows Vista x64 Edition Service Pack 2
-
Microsoft XML Core Services Information Disclosure Vulnerability (MS17-022)
- Severity
- Critical 4
- Qualys ID
- 91344
- Vendor Reference
- MS17-022
- CVE Reference
- CVE-2017-0022
- CVSS Scores
- Base 4.3 / Temporal 3.7
- Description
-
An information vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory.
This security update is rated Important for Microsoft XML Core Services 3.0 on all supported releases of Microsoft Windows.
- Consequence
- Successful exploitation of the vulnerability can allow the attacker to test for the presence of files on disk.
- Solution
-
Refer to Microsoft Security Bulletin MS17-022 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-022 Windows 10 Version 1511 for 32-bit Systems
MS17-022 Windows 10 Version 1511 for 32-bit Systems
MS17-022 Windows 10 Version 1607 for 32-bit Systems
MS17-022 Windows 10 Version 1607 for x64-based Systems
MS17-022 Windows 10 for 32-bit Systems
MS17-022 Windows 10 for x64-based Systems
MS17-022 Windows 7 for 32-bit Systems Service Pack 1 Security Only
MS17-022 Windows 7 for 32-bit Systems Service Pack 1 Monthly Rollup
MS17-022 Windows 7 for x64-based Systems Service Pack 1 Security Only
MS17-022 Windows 7 for x64-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows 8.1 for 32-bit Systems Monthly Rollup
MS17-022 Windows 8.1 for 32-bit Systems Security Only
MS17-022 Windows 8.1 for x64-based Systems Monthly Rollup
MS17-022 Windows 8.1 for x64-based Systems Security Only
MS17-022 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Security Only
MS17-022 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Monthly Rollup
MS17-022 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Security Only
MS17-022 Windows Server 2008 for 32-bit Systems Service Pack 2
MS17-022 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS17-022 Windows Server 2008 for x64-based Systems Service Pack 2
MS17-022 Windows Server 2012 R2 Monthly Rollup
MS17-022 Windows Server 2012 R2 Security Only
MS17-022 Windows Server 2016 for x64-based Systems
MS17-022 Windows Vista Service Pack 2
MS17-022 Windows Vista x64 Edition Service Pack 2
-
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Edge (MS17-023)
- Severity
- Urgent 5
- Qualys ID
- 100307
- Vendor Reference
- MS17-023
- CVE Reference
- CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB17-07, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
- Consequence
-
Successful exploitation of the vulnerabilites could lead to code execution and information discloure.
- Solution
-
Customers are advised to view MS17-023 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS17-023 Windows
MS17-023 Windows 10
MS17-023 Windows 10 (for x64-based Systems)
MS17-023 Windows 10 Version 1511
MS17-023 Windows 10 Version 1511 (for x64-based Systems)
MS17-023 Windows 10 Version 1607 (for x64-based Systems)
MS17-023 Windows 8 Embedded
MS17-023 Windows 8.1
MS17-023 Windows 8.1 x64
MS17-023 Windows Embedded 8 Standard for X64-based Systems
MS17-023 Windows Server 2012
MS17-023 Windows Server 2012 R2
MS17-023 Windows Server 2016 (for x64-based Systems)
These new vulnerability checks are included in Qualys vulnerability signature 2.3.562-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 91333
- 91332
- 91337
- 91334
- 91345
- 91338
- 370297
- 91331
- 110296
- 53006
- 91339
- 91346
- 91342
- 91341
- 91343
- 91340
- 91344
- 100307
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.