April 2017 - Microsoft Releases Security Patches
Publish date: May 02, 2017
Advisory Date: APR 12, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its April batch of patches:
- CVE-2017-0160 | .NET Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in several .NET Framework versions. It happens when the .NET Framework version fails to validate input upon loading of libraries. It is a remote code execution vulnerability. - CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory. - CVE-2017-0166 | LDAP Elevation of Privilege Vulnerability
Risk Rating: Important
This vulnerability in LDAP exists in the calculation of request lengths. An attacker successfully exploiting this vulnerability can have elevated privileges on the vulnerable machine. - CVE-2017-0058 | Win32k Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability in the win32k component in specific Windows operating systems exists in its inability to handle kernel information properly. - CVE-2017-0192 | ATMFD.dll Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the Adobe Type Manager Font Driver library. It exists in the way it handles objects loaded in memory. - CVE-2013-6629 | libjpeg Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the libjpeg library. When successfully exploited, it may bypass the Address Space Layout Randomization (ASLR). - CVE-2017-0195 | Microsoft Office XSS Elevation of Privilege Vulnerability
Risk Rating: Important
This vulnerability exists in the Office Web Apps server way of sanitizing specially crafted requests. Said vulnerability may be exploited a number of ways. - CVE-2017-0106 | Microsoft Outlook Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Microsoft Outlook parses specially crafted messages. - CVE-2017-0204 | Microsoft Office Security Feature Bypass Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office parses file formats. - CVE-2017-0199 | Microsoft Office Remote Code Execution Vulnerability
Risk Rating: Important
This vulnerability could allow remote code execution when successfully exploited. There are exploits in the wild found to be using this vulnerability. - CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office handles objects in the memory. - CVE-2017-0197 | Office DLL Loading Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office validates dynamic link libraries loading. - CVE-2017-0163 | Hyper-V Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system. - CVE-2017-0168 | Hyper-V Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the way Windows Hyper-V Network Switch validates input of a guest operating system. - CVE-2017-0180 | Hyper-V Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.
TREND MICRO PROTECTION INFORMATION
The following Trend Micro products have released specific rules for CVE-2017-0199:
| Product | Rule Name |
| Deep Discovery Inspector | DDI Rule 18: DNS response of a queried malware Command and Control domain |
| TippingPoint | 27726: HTTP: Microsoft Word RTF objautlink Memory Corruption Vulnerability |
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers |
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers |
| Smart Home Network Security | 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199) |
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| CVE-2017-0199 | 1008285 | Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199) | 11-Apr-17 | YES |
| CVE-2017-0158 | 1008275 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) | 11-Apr-17 | YES |
| CVE-2017-0208 | 1008291 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) | 11-Apr-17 | YES |
| CVE-2017-0202 | 1008288 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) | 11-Apr-17 | YES |
| CVE-2017-0205 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES |
| CVE-2017-0192 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES |
| CVE-2017-0200 | 1008286 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200) | 11-Apr-17 | YES |
| CVE-2017-0166 | 1008278 | Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166) | 11-Apr-17 | YES |
| CVE-2017-0197 | 1008284 | Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197) | 11-Apr-17 | YES |
| CVE-2017-0197 | 1008292 | Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197) | 11-Apr-17 | YES |
| CVE-2017-0201 | 1008287 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) | 11-Apr-17 | YES |
| CVE-2017-0155 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0160 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0165 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0167 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0188 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0189 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0211 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0156 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0210 | 1008294 | Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210) | 11-Apr-17 | YES |
| CVE-2017-0194 | 1008283 | Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) | 11-Apr-17 | YES |
SOLUTION
Featured Stories
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more
Trends and Shifts in the Underground N-Day Exploit MarketOur two-year research provides insights into the life cycle of exploits, the types of exploit buyers and sellers, and the business models that are reshaping the underground exploit market.Read more
The Nightmares of Patch Management: The Status Quo and BeyondWe discuss the challenges that organizations face in managing endpoint and server patches.Read more
Identifying Weak Parts of a Supply ChainMalicious attacks have consistently been launched on weak points in the supply chain. Like all attacks, these will evolve into more advanced forms. Software development, with multiple phases that could be placed at risk, is particularly vulnerable.Read more