Microsoft Patch Tuesday delivers 18 updates

Posted on Wednesday, Mar 15 2017 @ 14:05 CET by Thomas De Maesschalck
MSFT logo
Last month's Patch Tuesday got cancelled at the last minute due to an unforeseen issue so this month's security update rollout is a bit bigger than usual. Microsoft is pushing out 18 security bulletins, which fix a total of 140 security vulnerabilities in Windows, Internet Explorer, Edge, Office, Exchange and other Microsoft software.

Neowin provides a nice writeup of the nine updates that are market as critical, the other nine are marked as important.
  • MS17-006 and MS17-007 address critical vulnerabilities in Windows, Internet Explorer and Microsoft Edge. These could allow a remote attacker to gain user privileges on the targeted machine if the victim was tricked into viewing a maliciously-crafted website. If the victim was using an admin account, the attacker could take full control over the targeted machine.

  • MS17-008 fixes security problems identified in Windows and its Hyper-V component. If a user or a guest operating system deployed specially created code, it could allow for full code execution inside of the Hyper-V host operating system. If Hyper-V is disabled you’re not vulnerable to such attacks.

  • MS17-009 relates to the way Windows handles PDF documents. A security vulnerability could allow an attacker to take full control over a targeted machine if the victim views a specially-crafted PDF file online or in an offline viewer.

  • MS17-010 has to do with the Microsoft Server Message Block 1.0 (SMBv1) and a bug that might allow an attacker to execute remote code on a machine or server using the protocol.

  • MS17-011 addresses problems inside of Windows Uniscribe. An attacker could gain user rights inside of a system if the victim is tricked into viewing a specially crafted website or document. Those running without admin rights would be less impacted by this flaw.

  • MS17-012 patches a bug in Windows and the way the operating system handles the iSNS protocol. An attacker could execute remote code if he deployed a specially-crafted application that connected to an Internet Storage Name Service server and then issued malicious requests to the server.

  • MS17-013 has to do with the Microsoft Graphics Component, a bit of software that comes up again and again in these regular security bulletins. The issue spans multiple products, including Windows, Office, Skype for Business, Lync, and Silverlight, and could allow for remote code execution and elevation of privileges if a user opens a malicious website or document.

  • MS17-023 is the last Critical patch for this month and it contains all the fixes from Adobe for its Flash add-on.
  • A full overview of the bulletins can be found at TechNet.

    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

    Loading Comments