April 2017 - Microsoft Releases Security Patches
Publish date: May 02, 2017
  
    
            
            
           Advisory Date: APR 12, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its April batch of patches:
- CVE-2017-0160 | .NET Remote Code Execution Vulnerability
 Risk Rating: Critical
 This vulnerability exists in several .NET Framework versions. It happens when the .NET Framework version fails to validate input upon loading of libraries. It is a remote code execution vulnerability.
- CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
 Risk Rating: Critical
 This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory.
- CVE-2017-0166 | LDAP Elevation of Privilege Vulnerability
 Risk Rating: Important
 This vulnerability in LDAP exists in the calculation of request lengths. An attacker successfully exploiting this vulnerability can have elevated privileges on the vulnerable machine.
- CVE-2017-0058 | Win32k Information Disclosure Vulnerability
 Risk Rating: Important
 This vulnerability in the win32k component in specific Windows operating systems exists in its inability to handle kernel information properly.
- CVE-2017-0192 | ATMFD.dll Information Disclosure Vulnerability
 Risk Rating: Important
 This vulnerability exists in the Adobe Type Manager Font Driver library. It exists in the way it handles objects loaded in memory.
- CVE-2013-6629 | libjpeg Information Disclosure Vulnerability
 Risk Rating: Important
 This vulnerability exists in the libjpeg library. When successfully exploited, it may bypass the Address Space Layout Randomization (ASLR).
- CVE-2017-0195 | Microsoft Office XSS Elevation of Privilege Vulnerability
 Risk Rating: Important
 This vulnerability exists in the Office Web Apps server way of sanitizing specially crafted requests. Said vulnerability may be exploited a number of ways.
- CVE-2017-0106 | Microsoft Outlook Remote Code Execution Vulnerability
 Risk Rating: Critical
 This vulnerability exists in the way Microsoft Outlook parses specially crafted messages.
- CVE-2017-0204 | Microsoft Office Security Feature Bypass Vulnerability
 Risk Rating: Important
 This vulnerability exists in the way Microsoft Office parses file formats.
- CVE-2017-0199 | Microsoft Office Remote Code Execution Vulnerability 
 Risk Rating: Important
 This vulnerability could allow remote code execution when successfully exploited. There are exploits in the wild found to be using this vulnerability.
- CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability 
 Risk Rating: Important
 This vulnerability exists in the way Microsoft Office handles objects in the memory.
- CVE-2017-0197 | Office DLL Loading Vulnerability 
 Risk Rating: Important
 This vulnerability exists in the way Microsoft Office validates dynamic link libraries loading.
- CVE-2017-0163 | Hyper-V Remote Code Execution Vulnerability
 Risk Rating: Critical
 This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.
- CVE-2017-0168 | Hyper-V Information Disclosure Vulnerability
 Risk Rating: Important
 This vulnerability exists in the way Windows Hyper-V Network Switch validates input of a guest operating system.
- CVE-2017-0180 | Hyper-V Remote Code Execution Vulnerability
 Risk Rating: Critical
 This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.
TREND MICRO PROTECTION INFORMATION
The following Trend Micro products have released specific rules for CVE-2017-0199:
| Product | Rule Name | 
| Deep Discovery Inspector | DDI Rule 18: DNS response of a queried malware Command and Control domain | 
| TippingPoint | 27726: HTTP: Microsoft Word RTF objautlink Memory Corruption Vulnerability | 
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers | 
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers | 
| Smart Home Network Security | 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199) | 
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility | 
| CVE-2017-0199 | 1008285 | Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199) | 11-Apr-17 | YES | 
| CVE-2017-0158 | 1008275 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) | 11-Apr-17 | YES | 
| CVE-2017-0208 | 1008291 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) | 11-Apr-17 | YES | 
| CVE-2017-0202 | 1008288 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) | 11-Apr-17 | YES | 
| CVE-2017-0205 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES | 
| CVE-2017-0192 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES | 
| CVE-2017-0200 | 1008286 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200) | 11-Apr-17 | YES | 
| CVE-2017-0166 | 1008278 | Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166) | 11-Apr-17 | YES | 
| CVE-2017-0197 | 1008284 | Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197) | 11-Apr-17 | YES | 
| CVE-2017-0197 | 1008292 | Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197) | 11-Apr-17 | YES | 
| CVE-2017-0201 | 1008287 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) | 11-Apr-17 | YES | 
| CVE-2017-0155 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0160 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0165 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0167 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0188 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0189 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0211 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0156 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES | 
| CVE-2017-0210 | 1008294 | Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210) | 11-Apr-17 | YES | 
| CVE-2017-0194 | 1008283 | Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) | 11-Apr-17 | YES | 
SOLUTION
Featured Stories
 Beware of MCP Hardcoded Credentials: A Perfect Target for Threat ActorsPoor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.Read more Beware of MCP Hardcoded Credentials: A Perfect Target for Threat ActorsPoor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.Read more
 Lessons in Resilience from the Race to Patch SharePoint VulnerabilitiesIn this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.Read more Lessons in Resilience from the Race to Patch SharePoint VulnerabilitiesIn this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.Read more
 Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
 Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more