SonicWall has analyzed and addressed Microsoft’s security advisories for the month of March, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

MS17-006 Cumulative Security Update for Internet Explorer (4013073)

• CVE-2017-0008 Internet Explorer Information Disclosure Vulnerability
  IPS:12615 “Internet Explorer Information Disclosure Vulnerability (MS17-006)”
• CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
  IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”
• CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0018 Internet Explorer Memory Corruption Vulnerability
  IPS:12617 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 2”
• CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
  IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”
• CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
  IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”
• CVE-2017-0040 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0049 Scripting Engine Information Disclosure Vulnerability
  IPS:12621 “Scripting Engine Information Disclosure Vulnerability (MS17-006)”
• CVE-2017-0059 Internet Explorer Information Disclosure Vulnerability
  IPS:12658 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 3”
• CVE-2017-0130 Scripting Engine Memory Corruption Vulnerability
  IPS:12664 “Scripting Engine Memory Corruption Vulnerability (MS17-006)”
• CVE-2017-0149 Microsoft Internet Explorer Memory Corruption Vulnerability
  IPS:12666 “Internet Explorer Memory Corruption Vulnerability (MS17-006)”
• CVE-2017-0154 Internet Explorer Elevation of Privilege Vulnerability
  IPS:12669 “Internet Explorer Elevation of Privilege Vulnerability (MS17-006)”

MS17-007 Security Update for Microsoft Edge (4013071)

• CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
  IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”
• CVE-2017-0010 Scripting Engine Memory Corruption Vulnerability
  IPS:12622 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 2”
• CVE-2017-0011 Microsoft Edge Information Disclosure Vulnerability
  IPS:12623 “Microsoft Edge Information Disclosure Vulnerability (MS17-007)”
• CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
  There are no known exploits in the wild.”
• CVE-2017-0015 Scripting Engine Memory Corruption Vulnerability
  IPS:12624 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 3”
• CVE-2017-0017 Microsoft Edge Information Disclosure Vulnerability
  IPS:12626 “Microsoft Edge Information Disclosure Vulnerability (MS17-007) 2”
• CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
  ASPY:2063 “Malformed-File pdf.MP.217”
• CVE-2017-0032 Scripting Engine Memory Corruption Vulnerability
  IPS:4604 “HTTP Client Shellcode Exploit 1”
• CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
  IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”
• CVE-2017-0034 Microsoft Edge Memory Corruption Vulnerability
  IPS:12672 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 2”
• CVE-2017-0035 Scripting Engine Memory Corruption Vulnerability
  IPS:12613 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 1”
• CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
  IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”
• CVE-2017-0046 Scripting Engine Memory Corruption Vulnerability
  IPS:12614 “Microsoft Edge Memory Corruption Vulnerability (MS17-006) 1”
• CVE-2017-0065 Microsoft Browser Information Disclosure Vulnerability
  IPS:12673 “Microsoft Browser Information Disclosure Vulnerability (MS17-007)”
• CVE-2017-0066 Microsoft Browser Security Feature Bypass Vulnerability
  IPS:12674 “Microsoft Browser Same Origin Policy Bypass (MS17-007)”
• CVE-2017-0067 Scripting Engine Memory Corruption Vulnerability
  IPS:12675 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 9”
• CVE-2017-0068 Microsoft Browser Information Disclosure Vulnerability
  IPS:6753 “Cross-Site Scripting (XSS) Attack 8”
• CVE-2017-0069 Microsoft Edge Spoofing Vulnerability
  IPS:12678 “Microsoft Edge Spoofing Vulnerability (MS17-007)”
• CVE-2017-0070 Scripting Engine Memory Corruption Vulnerability
  IPS:12662 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 4”
• CVE-2017-0071 Scripting Engine Memory Corruption Vulnerability
  IPS:12663 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 5”
• CVE-2017-0094 Scripting Engine Memory Corruption Vulnerability
  IPS:12665 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 6”
• CVE-2017-0131 Microsoft Edge Memory Corruption Vulnerability
  IPS:12667 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 1”
• CVE-2017-0132 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0133 Scripting Engine Memory Corruption Vulnerabilty
  IPS:12668 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 7”
• CVE-2017-0134 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0135 Microsoft Edge Security Feature Bypass
  There are no known exploits in the wild.
• CVE-2017-0136 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0137 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0138 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0140 Microsoft Edge Security Feature Bypass
  IPS:12670 “Microsoft Edge Same Origin Policy Bypass (MS17-007)”
• CVE-2017-0141 Scripting Engine Memory Corruption Vulnerability
  IPS:12671 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 8”
• CVE-2017-0150 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0151 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0152 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

MS17-008 Security Update for Windows Hyper-V (4013082)

• CVE-2017-0021 Hyper-V vSMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0051 Microsoft Hyper-V Network Switch Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0074 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0076 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0095 Hyper-V vSMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0096 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0097 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0098 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0099 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability
  There are no known exploits in the wild.

MS17-009 Security Update for Microsoft Windows PDF Library (4010319)

• CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
  ASPY:2063 “Malformed-File pdf.MP.217”

MS17-010 Security Update for Microsoft Windows SMB Server (4013389)

• CVE-2017-0143 Windows SMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0144 Windows SMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0145 Windows SMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0146 Windows SMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0147 Windows SMB Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0148 Windows SMB Remote Code Execution Vulnerability
  There are no known exploits in the wild.

MS17-011 Security Update for Microsoft Uniscribe (4013076)

• CVE-2017-0072 Uniscribe Remote Code Execution Vulnerability
  ASPY:2094 “Malformed-File otf.MP.22”
• CVE-2017-0083 Uniscribe Remote Code Execution Vulnerability
  ASPY:2095 “Malformed-File ttf.MP.10”
• CVE-2017-0084 Uniscribe Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0085 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0086 Uniscribe Remote Code Execution Vulnerability
  ASPY:2096 “Malformed-File ttf.MP.11”
• CVE-2017-0087 Uniscribe Remote Code Execution Vulnerability
  ASPY:2097 “Malformed-File ttf.MP.12”
• CVE-2017-0088 Uniscribe Remote Code Execution Vulnerability
  ASPY:2098 “Malformed-File ttf.MP.13”
• CVE-2017-0089 Uniscribe Remote Code Execution Vulnerability
  ASPY:3447 “Malformed-File ttf.MP.14”
• CVE-2017-0090 Uniscribe Remote Code Execution Vulnerability
  ASPY:4784 “Malformed-File ttf.MP.15”
• CVE-2017-0091 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0092 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0111 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0112 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0113 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0114 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0115 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0116 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0117 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0118 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0119 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0120 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0121 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0122 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0123 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0124 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0125 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0126 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0127 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0128 Uniscribe Information Disclosure Vulnerability
  There are no known exploits in the wild.

MS17-012 Security Update for Microsoft Windows (4013078)

• CVE-2017-0007 Device Guard Security Feature Bypass Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0016 SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
  IPS:12599 “Windows SMB Tree Connect Response DoS 2”
• CVE-2017-0039 Windows DLL Loading Remote Code Execution Vulnerability
  IPS:12612 “Windows DLL Loading Remote Code Execution Vulnerability (MS17-012) 1”
• CVE-2017-0057 Windows DNS Query Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0100 Windows COM Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0104 iSNS Server Memory Corruption Vulnerability
  There are no known exploits in the wild.

MS17-013 Security Update for Microsoft Grap
hics Component (4013075)

• CVE-2017-0001 Windows GDI Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0005 Windows GDI Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0014 Windows Graphics Component Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0025 Windows GDI Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0038 Windows Graphics Component Information Disclosure Vulnerability
  ASPY:1383 “Malformed-File emf.MP.12”
• CVE-2017-0047 Windows GDI Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0060 GDI+ Information Disclosure vulnerability
  ASPY:4990 “Malformed-File emf.MP.10”
• CVE-2017-0061 Microsoft Color Management Information Disclosure vulnerability
  There are no known exploits in the wild.
• CVE-2017-0062 GDI+ Information Disclosure Vulnerability
  ASPY:4991 “Malformed-File emf.MP.11”
• CVE-2017-0063 Microsoft Color Management Information Disclosure vulnerability
  There are no known exploits in the wild.
• CVE-2017-0073 Windows GDI+ Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0108 Graphics Component Remote Code Execution Vulnerability
  ASPY:4992 “Malformed-File ttf.MP.9”

MS17-014 Security Update for Microsoft Office (4013241)

• CVE-2017-0006 Microsoft Office Memory Corruption Vulnerability
  ASPY:4493 “Malformed-File psd.TL.1”
• CVE-2017-0019 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0020 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0027 Microsoft Office Information Disclosure Vulnerability
  ASPY:1360 “Malformed-File xls.MP.55”
• CVE-2017-0029 Microsoft Office Denial of Service Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0030 Microsoft Office Memory Corruption Vulnerability
  ASPY:1368 “Malformed-File doc.MP.43”
• CVE-2017-0031 Microsoft Office Memory Corruption Vulnerability
  ASPY:1368 “Malformed-File doc.MP.43”
• CVE-2017-0052 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0053 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0105 Microsoft Office Information Disclosure Vulnerability
  ASPY:4996 “Malformed-File rtf.MP.16”
• CVE-2017-0107 Microsoft SharePoint XSS Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0129 Microsoft Lync for Mac Certificate Validation Vulnerability
  There are no known exploits in the wild.

MS17-015 Security Update for Microsoft Exchange Server (4013242)

• CVE-2017-0110 Microsoft Exchange Server Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS17-016 Security Update for Windows IIS (4013074)

• CVE-2017-0055 Microsoft IIS Server XSS Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS17-017 Security Update for Windows Kernel (4013081)

• CVE-2017-0050 Windows Kernel Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0101 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0102 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0103 Windows Registry Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)

• CVE-2017-0024 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0026 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0056 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0078 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0079 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0080 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0081 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2017-0082 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS17-019 Security Update for Active Directory Federation Services (4010320)

• CVE-2017-0043 Microsoft Active Directory Federation Services Information Disclosure Vulnerability
  There are no known exploits in the wild.

MS17-020 Security Update for Windows DVD Maker (3208223)

• CVE-2017-0045 Windows DVD Maker Cross-Site Request Forgery Vulnerability
  There are no known exploits in the wild.

MS17-021 Security Update for Windows DirectShow (4010318)

• CVE-2017-0042 Windows DirectShow Information Disclosure Vulnerabitliy
  GAV:12611 “Kovter.A_311”

MS17-022 Security Update for Microsoft XML Core Services (4010321)

• CVE-2017-0022 Microsoft XML Core Services Information Disclosure Vulnerability
  IPS:12610 “Microsoft XML Information Disclosure Vulnerability (MS17-022)”