Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th.

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
 MS17-001
Moderate
Difficult
Extremely Difficult
 MS17-004
No Known Exploit
 
 MS17-002
 MS17-003
 
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged

 

MS17-001 Security Update for Microsoft Edge KB3214288
MS17-002 Security Update for Microsoft Office KB3214291
MS17-003 Security Update for Adobe Flash Player KB3214628
MS17-004 Security Update for Local Security Authority Subsystem Service KB3216771

MS17-001

Microsoft is starting off 2017 with a minimal set of patches – 4 bulletins and 15 CVEs, 12 of which are Flash related. The first bulletin this month resolves a single vulnerability in Microsoft Edge and, since this vulnerability is Edge specific, it means we don’t have an IE bulletin this month. The vulnerability is an elevation of privilege created by a lack of cross-domain policy enforcement with the about:blank page.

CVE-2017-0002 was publicly disclosed.

MS17-002

The second bulletin this month addresses a single vulnerability in Microsoft Word and SharePoint Enterprise Server 2016 that could allow code execution when opening malicious files.

MS17-003

The penultimate update this month is the companion update to APSB17-02. This update resolves a dozen vulnerabilities affecting Adobe Flash.

MS17-004

The final bulletin this month is an unauthenticated denial of service vulnerability in the Local Security Authority Subsystem Service better known as LSASS. A malicious authentication request could result in the targeted system crashing.

CVE-2017-0004 was publicly disclosed.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

SANS White Paper: Security Basics