Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important

Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB). This vulnerability potentially allows cyber criminals to render affected systems inaccessible via a Denial of Service (DOS) attack. A second update for Windows SMB, MS17-010– which addresses issues connected to the SMBv1 server, is also included.

Another high priority bulletin for this month is MS17-013, which addresses a Windows Graphic Device Interface (GDI) bug that was disclosed by Google on February 2017. In particular, it resolves issues surrounding gdi32.dll that allowed remote attackers access to sensitive information from heap memory using a crafted EMF file. The update also addresses the CVE-2017-0005 vulnerability, which is reportedly a zero day under active attack.

In addition, Microsoft also implemented its regular cumulative updates that address 12 vulnerabilities for Internet Explorer (MS17-006) and 32 vulnerabilities for Microsoft Edge (MS17-007). Both critical bulletins address issues concerning attackers gaining control of affected systems when users access and view malicious webpages using these two Microsoft web browsers.

Here are the other critical bulletins for March:

MS17-008: Addresses vulnerabilities with Windows Hyper-V, including one which allows remote code execution if an authenticated attacker using a guest operating system runs a customized application that causes the host operating system to execute arbitrary code.
MS17-009: Addresses a vulnerability involving Microsoft Windows PDF Library. This vulnerability allows an attacker remote access to a user’s system if the user views or opens malicious PDF documents.
MS17-011: Addresses vulnerabilities with Windows Uniscribe. Eight of these deal with remote code execution, while the rest are information disclosure vulnerabilities.

Adobe also released their own security bulletin for March in sync with Microsoft. The most important being APSB17-07, which deals with critical vulnerabilities in Adobe Flash Player that can allow attackers to take control of an affected system. These vulnerabilities are also tackled by the critical MS17-023 bulletin, covering the Internet Explorer and Edge version of Flash Player distributed by Microsoft. This update raises Adobe Flash Player to version 25.0.0.127.

Trend Micro researchers took part in the discovery of the following vulnerabilities and/or security improvements

CVE-2017-0023 (MS17-009)
CVE-2017-0022 (MS17-022)

The following vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI):

CVE-2017-0018 (MS17-006)
CVE-2017-0011 (MS17-007)
CVE-2017-0015 (MS17-007)
CVE-2017-0032 (MS17-007)
CVE-2017-0067 (MS17-007)
CVE-2017-0094 (MS17-007)
CVE-2017-0047 (MS17-013)
CVE-2017-3001 (APSB17-07)

Trend Micro Solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:

1008149-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
1008150-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0009)
1008151-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018)
1008152-Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008154-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0040)
1008155-Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049)
1008156-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
1008157-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011)
1008158-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015)
1008159-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017)
1008160-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032)
1008161-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035)
1008163-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019)
1008164-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020)
1008165-Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027)
1008167-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030 , CVE-2016-0031)
1008168-Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008169-Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008170-Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2017-0039)
1008172-Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
1008173-Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)
1008174-Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
1008176-Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2017-0047)
1008177-Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1008187-Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1008208-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008209-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
1008210-Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034)
1008211-Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008212-Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
1008213-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067)
1008215-Microsoft Edge Spoofing Vulnerability (CVE-2017-0069)
1008216-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
1008217-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008219-Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2017-0131)
1008220-Microsoft Edge Scripting Engine Memory Corruption Vulnerabilty (CVE-2017-0133)
1008221-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0140)
1008222-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
1008224-Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225-Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228-Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008234-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0088, CVE-2017-0089)
1008235-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0090)
1008236-Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (CVE-2017-0072, CVE-2017-0121)
1008237-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2017-0100)
1008238-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008239-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0062)
1008240-Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0073)
1008241-Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008242-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006)
1008243-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052)
1008244-Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053)
1008245-Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105)
1008247-Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008248-Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082)
1008249-Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0154)
1008250-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0149)

TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:

26887: HTTP: Microsoft Internet Explorer Float64Array Memory Corruption Vulnerability
26897: HTTP: Microsoft Edge ASM Memory Corruption Vulnerability
26902: HTTP: Microsoft Edge Array Symbol Memory Corruption Vulnerability
26904: HTTP: Microsoft Windows EMF Parsing Information Disclosure Vulnerability
27035: HTTP: Microsoft Edge CSS Animation Information Disclosure Vulnerability
27038: HTTP: Microsoft Edge Array Object Type Confusion Vulnerability
27039: HTTP: Microsoft Internet Explorer mhtml Resource Usage
27040: HTTP: Microsoft Edge InsertOrderedList Memory Corruption Vulnerability
27041: HTTP: Data URI with JavaScript in iframe
27042: HTTP: Microsoft Internet Explorer and Edge Area target Use-After-Free Vulnerability
27043: HTTP: Microsoft Windows DrawIconEx Buffer Overflow Vulnerability
27044: HTTP: Microsoft Edge Data URI Same-Origin Policy Bypass Vulnerability
27047: HTTP: Microsoft Internet Explorer parseError Information Disclosure Vulnerability
27048: HTTP: Microsoft Word RTF DLL Sideloading Vulnerability
27049: HTTP: Microsoft Windows NtCreateProfile Denial-of-Service Vulnerability
27050: HTTP: Windows Media Player ActiveX errorDescription Usage
27051: HTTP: Microsoft Edge JavascriptArray Out-of-Bounds Write Vulnerability
27052: HTTP: Microsoft Internet Explorer JavaScript sort Information Disclosure Vulnerability
27053: HTTP: Microsoft Windows TTF LoadUvsTable Buffer Overflow Vulnerability
27054: HTTP: Microsoft Word Memory Corruption Vulnerability
27055: HTTP: Microsoft Word Font Use-After-Free Vulnerability
27058: HTTP: Microsoft Internet Explorer and Edge ms-appx-web Spoofing Vulnerability
27059: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability
27061: HTTP: Microsoft Internet Explorer ActiveX parseError.errorCode Invocation
27115: HTTP: Microsoft Internet Explorer mhtml Information Disclosure Vulnerability
27116: HTTP: Microsoft Excel File Recovery Use-After-Free Vulnerability
27117: HTTP: Microsoft Excel Memory Corruption Vulnerability
27118: HTTP: Microsoft Word Use-After-Free Vulnerability
27375: HTTP: Microsoft Edge Reading View Information Disclosure Vulnerability
27376: HTTP: Microsoft Edge Frames Security Bypass Vulnerability
27378: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability
27380: HTTP: Microsoft Windows OTF Memory Corruption Vulnerability
27381: HTTP: Microsoft Internet Explorer textarea Use-After-Free Vulnerability
27382: HTTP: Microsoft Edge Address Bar Forgery Vulnerability
27391: HTTP: Microsoft Windows win32k Use-After-Free Vulnerability
27392: HTTP: Microsoft Windows Win86GDI Access Violation Vulnerability
27393: HTTP: Microsoft Windows usp10.dll Buffer Overflow Vulnerability
27394: HTTP: Microsoft Windows GDI Type Confusion Vulnerability
27395: HTTP: Microsoft Windows Win32k Device Driver Interface Privilege Escalation Vulnerability
27396: HTTP: Microsoft Windows Win32k Device Driver Interface ResizePool Denial-of-Service Vulnerability
27397: HTTP: Microsoft Windows win32k Out-of-Bounds Read Vulnerability
27398: HTTP: Microsoft Windows releaseResource Type Confusion Vulnerability
27399: HTTP: Microsoft Windows Registry Hive Use-After-Free Vulnerability
27400: HTTP: Microsoft Windows TTF User-Mode Library Privilege Escalation Vulnerability
27403: HTTP: Microsoft Internet Explorer Array Type Confusion Vulnerability
27404: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27405: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27406: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27407: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27408: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27409: HTTP: Microsoft Windows TTF Memory Corruption Vulnerability
27412: HTTP: Microsoft Edge valueOf Type Confusion Vulnerability
27413: HTTP: Microsoft Edge Proxy Type Confusion Vulnerability
27414: HTTP: Microsoft Edge Chakra Memory Corruption Vulnerability
27415: HTTP: Microsoft Edge ArrayBuffer Type Confusion Vulnerability
27416: HTTP: Microsoft Edge lookupGetter Use-After-Free Vulnerability
27418: HTTP: Fetch API Usage
27419: HTTP: Microsoft Edge Array Memory Corruption Vulnerability
27420: HTTP: Microsoft Excel Printer Settings Memory Corruption Vulnerability
27426: HTTP: Microsoft Edge Fetch API Same-Origin Policy Bypass Vulnerability
27427: HTTP: Microsoft Windows Session Moniker Privilege Escalation Vulnerability
27430: HTTP: Microsoft Excel sharedStrings Access Violation Vulnerability
27433: SMB: Microsoft Windows SMB Server MID Type Confusion Vulnerability
27483: HTTP: Microsoft Word wwlib Use-After-Free Vulnerability
27484: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
27486: HTTP: Microsoft Internet Explorer VBScript Array Memory Corruption Vulnerability
27487: HTTP: Microsoft Internet Explorer ActiveX Cross-Site Scripting Vulnerability