• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important

Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important

  • Posted on:March 15, 2017 at 12:32 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Ronaldo Mangahas (Technical Communications)
0

Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving  Windows Server Message Block (SMB). This vulnerability potentially allows cyber criminals to render affected systems inaccessible via a Denial of Service (DOS) attack. A second update for Windows SMB, MS17-010– which addresses issues connected to the SMBv1 server, is also included.

Another high priority bulletin for this month is MS17-013, which addresses a Windows Graphic Device Interface (GDI) bug that was disclosed by Google on February 2017. In particular, it resolves issues surrounding gdi32.dll that allowed remote attackers access to sensitive information from heap memory using a crafted EMF file. The update also addresses the CVE-2017-0005 vulnerability, which is reportedly a zero day under active attack.

In addition, Microsoft also implemented its regular cumulative updates that address 12 vulnerabilities for Internet Explorer (MS17-006) and 32 vulnerabilities for Microsoft Edge (MS17-007). Both critical bulletins address issues concerning attackers gaining control of affected systems when users access and view malicious webpages using these two Microsoft web browsers.

Here are the other critical bulletins for March:

  • MS17-008: Addresses vulnerabilities with Windows Hyper-V, including one which allows remote code execution if an authenticated attacker using a guest operating system runs a customized application that causes the host operating system to execute arbitrary code.
  • MS17-009: Addresses a vulnerability involving Microsoft Windows PDF Library. This vulnerability allows an attacker remote access to a user’s system if the user views or opens malicious PDF documents.
  • MS17-011: Addresses vulnerabilities with Windows Uniscribe. Eight of these deal with remote code execution, while the rest are information disclosure vulnerabilities.

Adobe also released their own security bulletin for March in sync with Microsoft. The most important being APSB17-07, which deals with critical vulnerabilities in Adobe Flash Player that can allow attackers to take control of an affected system. These vulnerabilities are also tackled by the critical MS17-023 bulletin, covering the Internet Explorer and Edge version of Flash Player distributed by Microsoft. This update raises Adobe Flash Player to version 25.0.0.127.

Trend Micro researchers took part in the discovery of the following vulnerabilities and/or security improvements

  • CVE-2017-0023 (MS17-009)
  • CVE-2017-0022 (MS17-022)

The following vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI):

  • CVE-2017-0018 (MS17-006)
  • CVE-2017-0011 (MS17-007)
  • CVE-2017-0015 (MS17-007)
  • CVE-2017-0032 (MS17-007)
  • CVE-2017-0067 (MS17-007)
  • CVE-2017-0094 (MS17-007)
  • CVE-2017-0047 (MS17-013)
  • CVE-2017-3001 (APSB17-07)

Trend Micro Solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:

  • 1008149-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
  • 1008150-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0009)
  • 1008151-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018)
  • 1008152-Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
  • 1008154-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0040)
  • 1008155-Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049)
  • 1008156-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
  • 1008157-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011)
  • 1008158-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015)
  • 1008159-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017)
  • 1008160-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032)
  • 1008161-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035)
  • 1008163-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019)
  • 1008164-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020)
  • 1008165-Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027)
  • 1008167-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030 , CVE-2016-0031)
  • 1008168-Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
  • 1008169-Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
  • 1008170-Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2017-0039)
  • 1008172-Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
  • 1008173-Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)
  • 1008174-Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
  • 1008176-Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2017-0047)
  • 1008177-Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
  • 1008187-Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
  • 1008208-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
  • 1008209-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
  • 1008210-Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034)
  • 1008211-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
  • 1008212-Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
  • 1008213-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067)
  • 1008215-Microsoft Edge Spoofing Vulnerability (CVE-2017-0069)
  • 1008216-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
  • 1008217-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
  • 1008218-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
  • 1008219-Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2017-0131)
  • 1008220-Microsoft Edge Scripting Engine Memory Corruption Vulnerabilty (CVE-2017-0133)
  • 1008221-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0140)
  • 1008222-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
  • 1008224-Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
  • 1008225-Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
  • 1008228-Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
  • 1008234-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0088, CVE-2017-0089)
  • 1008235-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0090)
  • 1008236-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0072, CVE-2017-0121)
  • 1008237-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2017-0100)
  • 1008238-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
  • 1008239-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0062)
  • 1008240-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0073)
  • 1008241-Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
  • 1008242-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006)
  • 1008243-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052)
  • 1008244-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053)
  • 1008245-Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105)
  • 1008247-Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
  • 1008248-Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082)
  • 1008249-Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0154)
  • 1008250-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0149)

TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:

  • 26887: HTTP: Microsoft Internet Explorer Float64Array Memory Corruption Vulnerability
  • 26897: HTTP: Microsoft Edge ASM Memory Corruption Vulnerability
  • 26902: HTTP: Microsoft Edge Array Symbol Memory Corruption Vulnerability
  • 26904: HTTP: Microsoft Windows EMF Parsing Information Disclosure Vulnerability
  • 27035: HTTP: Microsoft Edge CSS Animation Information Disclosure Vulnerability
  • 27038: HTTP: Microsoft Edge Array Object Type Confusion Vulnerability
  • 27039: HTTP: Microsoft Internet Explorer mhtml Resource Usage
  • 27040: HTTP: Microsoft Edge InsertOrderedList Memory Corruption Vulnerability
  • 27041: HTTP: Data URI with JavaScript in iframe
  • 27042: HTTP: Microsoft Internet Explorer and Edge Area target Use-After-Free Vulnerability
  • 27043: HTTP: Microsoft Windows DrawIconEx Buffer Overflow Vulnerability
  • 27044: HTTP: Microsoft Edge Data URI Same-Origin Policy Bypass Vulnerability
  • 27047: HTTP: Microsoft Internet Explorer parseError Information Disclosure Vulnerability
  • 27048: HTTP: Microsoft Word RTF DLL Sideloading Vulnerability
  • 27049: HTTP: Microsoft Windows NtCreateProfile Denial-of-Service Vulnerability
  • 27050: HTTP: Windows Media Player ActiveX errorDescription Usage
  • 27051: HTTP: Microsoft Edge JavascriptArray Out-of-Bounds Write Vulnerability
  • 27052: HTTP: Microsoft Internet Explorer JavaScript sort Information Disclosure Vulnerability
  • 27053: HTTP: Microsoft Windows TTF LoadUvsTable Buffer Overflow Vulnerability
  • 27054: HTTP: Microsoft Word Memory Corruption Vulnerability
  • 27055: HTTP: Microsoft Word Font Use-After-Free Vulnerability
  • 27058: HTTP: Microsoft Internet Explorer and Edge ms-appx-web Spoofing Vulnerability
  • 27059: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability
  • 27061: HTTP: Microsoft Internet Explorer ActiveX parseError.errorCode Invocation
  • 27115: HTTP: Microsoft Internet Explorer mhtml Information Disclosure Vulnerability
  • 27116: HTTP: Microsoft Excel File Recovery Use-After-Free Vulnerability
  • 27117: HTTP: Microsoft Excel Memory Corruption Vulnerability
  • 27118: HTTP: Microsoft Word Use-After-Free Vulnerability
  • 27375: HTTP: Microsoft Edge Reading View Information Disclosure Vulnerability
  • 27376: HTTP: Microsoft Edge Frames Security Bypass Vulnerability
  • 27378: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability
  • 27380: HTTP: Microsoft Windows OTF Memory Corruption Vulnerability
  • 27381: HTTP: Microsoft Internet Explorer textarea Use-After-Free Vulnerability
  • 27382: HTTP: Microsoft Edge Address Bar Forgery Vulnerability
  • 27391: HTTP: Microsoft Windows win32k Use-After-Free Vulnerability
  • 27392: HTTP: Microsoft Windows Win86GDI Access Violation Vulnerability
  • 27393: HTTP: Microsoft Windows usp10.dll Buffer Overflow Vulnerability
  • 27394: HTTP: Microsoft Windows GDI Type Confusion Vulnerability
  • 27395: HTTP: Microsoft Windows Win32k Device Driver Interface Privilege Escalation Vulnerability
  • 27396: HTTP: Microsoft Windows Win32k Device Driver Interface ResizePool Denial-of-Service Vulnerability
  • 27397: HTTP: Microsoft Windows win32k Out-of-Bounds Read Vulnerability
  • 27398: HTTP: Microsoft Windows releaseResource Type Confusion Vulnerability
  • 27399: HTTP: Microsoft Windows Registry Hive Use-After-Free Vulnerability
  • 27400: HTTP: Microsoft Windows TTF User-Mode Library Privilege Escalation Vulnerability
  • 27403: HTTP: Microsoft Internet Explorer Array Type Confusion Vulnerability
  • 27404: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27405: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27406: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27407: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27408: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27409: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
  • 27412: HTTP: Microsoft Edge valueOf Type Confusion Vulnerability
  • 27413: HTTP: Microsoft Edge Proxy Type Confusion Vulnerability
  • 27414: HTTP: Microsoft Edge Chakra Memory Corruption Vulnerability
  • 27415: HTTP: Microsoft Edge ArrayBuffer Type Confusion Vulnerability
  • 27416: HTTP: Microsoft Edge lookupGetter Use-After-Free Vulnerability
  • 27418: HTTP: Fetch API Usage
  • 27419: HTTP: Microsoft Edge Array Memory Corruption Vulnerability
  • 27420: HTTP: Microsoft Excel Printer Settings Memory Corruption Vulnerability
  • 27426: HTTP: Microsoft Edge Fetch API Same-Origin Policy Bypass Vulnerability
  • 27427: HTTP: Microsoft Windows Session Moniker Privilege Escalation Vulnerability
  • 27430: HTTP: Microsoft Excel sharedStrings Access Violation Vulnerability
  • 27433: SMB: Microsoft Windows SMB Server MID Type Confusion Vulnerability
  • 27483: HTTP: Microsoft Word wwlib Use-After-Free Vulnerability
  • 27484: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
  • 27486: HTTP: Microsoft Internet Explorer VBScript Array Memory Corruption Vulnerability
  • 27487: HTTP: Microsoft Internet Explorer ActiveX Cross-Site Scripting Vulnerability
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: Patch Tuesday

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection
  • Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
  • Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
  • April’s Patch Tuesday Fixes Two Vulnerabilities Being Exploited in the Wild
  • Patch With March macOS Updates: Vulnerabilities May Expose Restricted Information, Enable Arbitrary Code Execution

Popular Posts

  • Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
  • The Reigning King of IP Camera Botnets and its Challengers
  • Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices
  • Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
  • Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.