Security News

Microsoft Security Bulletin Coverage (March 14, 2017)

By

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of March, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

MS17-006 Cumulative Security Update for Internet Explorer (4013073)

  • CVE-2017-0008 Internet Explorer Information Disclosure Vulnerability
    IPS:12615 “Internet Explorer Information Disclosure Vulnerability (MS17-006)”

  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0018 Internet Explorer Memory Corruption Vulnerability
    IPS:12617 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 2”

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”

  • CVE-2017-0040 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0049 Scripting Engine Information Disclosure Vulnerability
    IPS:12621 “Scripting Engine Information Disclosure Vulnerability (MS17-006)”

  • CVE-2017-0059 Internet Explorer Information Disclosure Vulnerability
    IPS:12658 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 3”

  • CVE-2017-0130 Scripting Engine Memory Corruption Vulnerability
    IPS:12664 “Scripting Engine Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0149 Microsoft Internet Explorer Memory Corruption Vulnerability
    IPS:12666 “Internet Explorer Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0154 Internet Explorer Elevation of Privilege Vulnerability
    IPS:12669 “Internet Explorer Elevation of Privilege Vulnerability (MS17-006)”

MS17-007 Security Update for Microsoft Edge (4013071)

  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0010 Scripting Engine Memory Corruption Vulnerability
    IPS:12622 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 2”

  • CVE-2017-0011 Microsoft Edge Information Disclosure Vulnerability
    IPS:12623 “Microsoft Edge Information Disclosure Vulnerability (MS17-007)”

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.”

  • CVE-2017-0015 Scripting Engine Memory Corruption Vulnerability
    IPS:12624 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 3”

  • CVE-2017-0017 Microsoft Edge Information Disclosure Vulnerability
    IPS:12626 “Microsoft Edge Information Disclosure Vulnerability (MS17-007) 2”

  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 “Malformed-File pdf.MP.217”

  • CVE-2017-0032 Scripting Engine Memory Corruption Vulnerability
    IPS:4604 “HTTP Client Shellcode Exploit 1”

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”

  • CVE-2017-0034 Microsoft Edge Memory Corruption Vulnerability
    IPS:12672 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 2”

  • CVE-2017-0035 Scripting Engine Memory Corruption Vulnerability
    IPS:12613 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 1”

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”

  • CVE-2017-0046 Scripting Engine Memory Corruption Vulnerability
    IPS:12614 “Microsoft Edge Memory Corruption Vulnerability (MS17-006) 1”

  • CVE-2017-0065 Microsoft Browser Information Disclosure Vulnerability
    IPS:12673 “Microsoft Browser Information Disclosure Vulnerability (MS17-007)”

  • CVE-2017-0066 Microsoft Browser Security Feature Bypass Vulnerability
    IPS:12674 “Microsoft Browser Same Origin Policy Bypass (MS17-007)”

  • CVE-2017-0067 Scripting Engine Memory Corruption Vulnerability
    IPS:12675 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 9”

  • CVE-2017-0068 Microsoft Browser Information Disclosure Vulnerability
    IPS:6753 “Cross-Site Scripting (XSS) Attack 8”

  • CVE-2017-0069 Microsoft Edge Spoofing Vulnerability
    IPS:12678 “Microsoft Edge Spoofing Vulnerability (MS17-007)”

  • CVE-2017-0070 Scripting Engine Memory Corruption Vulnerability
    IPS:12662 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 4”

  • CVE-2017-0071 Scripting Engine Memory Corruption Vulnerability
    IPS:12663 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 5”

  • CVE-2017-0094 Scripting Engine Memory Corruption Vulnerability
    IPS:12665 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 6”

  • CVE-2017-0131 Microsoft Edge Memory Corruption Vulnerability
    IPS:12667 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 1”

  • CVE-2017-0132 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0133 Scripting Engine Memory Corruption Vulnerabilty
    IPS:12668 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 7”

  • CVE-2017-0134 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0135 Microsoft Edge Security Feature Bypass
    There are no known exploits in the wild.

  • CVE-2017-0136 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0137 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0138 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0140 Microsoft Edge Security Feature Bypass
    IPS:12670 “Microsoft Edge Same Origin Policy Bypass (MS17-007)”

  • CVE-2017-0141 Scripting Engine Memory Corruption Vulnerability
    IPS:12671 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 8”

  • CVE-2017-0150 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0151 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0152 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-008 Security Update for Windows Hyper-V (4013082)

  • CVE-2017-0021 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0051 Microsoft Hyper-V Network Switch Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0074 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0076 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0095 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0096 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0097 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0098 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0099 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-009 Security Update for Microsoft Windows PDF Library (4010319)

  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 “Malformed-File pdf.MP.217”

MS17-010 Security Update for Microsoft Windows SMB Server (4013389)

  • CVE-2017-0143 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0144 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0145 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0146 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0147 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0148 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-011 Security Update for Microsoft Uniscribe (4013076)

  • CVE-2017-0072 Uniscribe Remote Code Execution Vulnerability
    ASPY:2094 “Malformed-File otf.MP.22”

  • CVE-2017-0083 Uniscribe Remote Code Execution Vulnerability
    ASPY:2095 “Malformed-File ttf.MP.10”

  • CVE-2017-0084 Uniscribe Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0085 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0086 Uniscribe Remote Code Execution Vulnerability
    ASPY:2096 “Malformed-File ttf.MP.11”

  • CVE-2017-0087 Uniscribe Remote Code Execution Vulnerability
    ASPY:2097 “Malformed-File ttf.MP.12”

  • CVE-2017-0088 Uniscribe Remote Code Execution Vulnerability
    ASPY:2098 “Malformed-File ttf.MP.13”

  • CVE-2017-0089 Uniscribe Remote Code Execution Vulnerability
    ASPY:3447 “Malformed-File ttf.MP.14”

  • CVE-2017-0090 Uniscribe Remote Code Execution Vulnerability
    ASPY:4784 “Malformed-File ttf.MP.15”

  • CVE-2017-0091 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0092 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0111 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0112 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0113 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0114 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0115 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0116 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0117 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0118 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0119 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0120 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0121 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0122 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0123 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0124 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0125 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0126 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0127 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0128 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-012 Security Update for Microsoft Windows (4013078)

  • CVE-2017-0007 Device Guard Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0016 SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
    IPS:12599 “Windows SMB Tree Connect Response DoS 2”

  • CVE-2017-0039 Windows DLL Loading Remote Code Execution Vulnerability
    IPS:12612 “Windows DLL Loading Remote Code Execution Vulnerability (MS17-012) 1”

  • CVE-2017-0057 Windows DNS Query Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0100 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0104 iSNS Server Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-013 Security Update for Microsoft Grap
hics Component (4013075)

  • CVE-2017-0001 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0005 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0014 Windows Graphics Component Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0025 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0038 Windows Graphics Component Information Disclosure Vulnerability
    ASPY:1383 “Malformed-File emf.MP.12”

  • CVE-2017-0047 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0060 GDI+ Information Disclosure vulnerability
    ASPY:4990 “Malformed-File emf.MP.10”

  • CVE-2017-0061 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0062 GDI+ Information Disclosure Vulnerability
    ASPY:4991 “Malformed-File emf.MP.11”

  • CVE-2017-0063 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0073 Windows GDI+ Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0108 Graphics Component Remote Code Execution Vulnerability
    ASPY:4992 “Malformed-File ttf.MP.9”

MS17-014 Security Update for Microsoft Office (4013241)

  • CVE-2017-0006 Microsoft Office Memory Corruption Vulnerability
    ASPY:4493 “Malformed-File psd.TL.1”

  • CVE-2017-0019 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0020 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0027 Microsoft Office Information Disclosure Vulnerability
    ASPY:1360 “Malformed-File xls.MP.55”

  • CVE-2017-0029 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0030 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 “Malformed-File doc.MP.43”

  • CVE-2017-0031 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 “Malformed-File doc.MP.43”

  • CVE-2017-0052 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0053 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0105 Microsoft Office Information Disclosure Vulnerability
    ASPY:4996 “Malformed-File rtf.MP.16”

  • CVE-2017-0107 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0129 Microsoft Lync for Mac Certificate Validation Vulnerability
    There are no known exploits in the wild.

MS17-015 Security Update for Microsoft Exchange Server (4013242)

  • CVE-2017-0110 Microsoft Exchange Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-016 Security Update for Windows IIS (4013074)

  • CVE-2017-0055 Microsoft IIS Server XSS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-017 Security Update for Windows Kernel (4013081)

  • CVE-2017-0050 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0101 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0102 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0103 Windows Registry Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)

  • CVE-2017-0024 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0026 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0056 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0078 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0079 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0080 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0081 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0082 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-019 Security Update for Active Directory Federation Services (4010320)

  • CVE-2017-0043 Microsoft Active Directory Federation Services Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-020 Security Update for Windows DVD Maker (3208223)

  • CVE-2017-0045 Windows DVD Maker Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.

MS17-021 Security Update for Windows DirectShow (4010318)

  • CVE-2017-0042 Windows DirectShow Information Disclosure Vulnerabitliy
    GAV:12611 “Kovter.A_311”

MS17-022 Security Update for Microsoft XML Core Services (4010321)

  • CVE-2017-0022 Microsoft XML Core Services Information Disclosure Vulnerability
    IPS:12610 “Microsoft XML Information Disclosure Vulnerability (MS17-022)”

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
RecJS: a Multi-Component Malware hides behind JavaScript.
Zeus Trojan Family (May 26, 2009)
Attackers actively targeting vulnerable Netgear DGN devices
3S Smart Software Solutions CoDeSys Vulnerability
BadBoy ransomware, variant of Spartacus charges $1000 for decryption
NetWire RAT bypassing AMSI scanning for PowerShell script by patching bytes in memory
Microsoft Security Bulletins Coverage (April 12, 2011)
Cybersecurity News & Trends - 04-10-20