SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


Microsoft Security Bulletin Coverage (March 14, 2017)



Description


SonicWall has analyzed and addressed Microsoft's security advisories for the month of March, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

MS17-006 Cumulative Security Update for Internet Explorer (4013073)
  • CVE-2017-0008 Internet Explorer Information Disclosure Vulnerability
    IPS:12615 "Internet Explorer Information Disclosure Vulnerability (MS17-006)"

  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 "Microsoft Browser Memory Corruption Vulnerability (MS17-006)"

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0018 Internet Explorer Memory Corruption Vulnerability
    IPS:12617 "Internet Explorer Information Disclosure Vulnerability (MS17-006) 2"

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 "Microsoft Browser Spoofing Vulnerability (MS17-006)"

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 "Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2"

  • CVE-2017-0040 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0049 Scripting Engine Information Disclosure Vulnerability
    IPS:12621 "Scripting Engine Information Disclosure Vulnerability (MS17-006)"

  • CVE-2017-0059 Internet Explorer Information Disclosure Vulnerability
    IPS:12658 "Internet Explorer Information Disclosure Vulnerability (MS17-006) 3"

  • CVE-2017-0130 Scripting Engine Memory Corruption Vulnerability
    IPS:12664 "Scripting Engine Memory Corruption Vulnerability (MS17-006)"

  • CVE-2017-0149 Microsoft Internet Explorer Memory Corruption Vulnerability
    IPS:12666 "Internet Explorer Memory Corruption Vulnerability (MS17-006)"

  • CVE-2017-0154 Internet Explorer Elevation of Privilege Vulnerability
    IPS:12669 "Internet Explorer Elevation of Privilege Vulnerability (MS17-006)"

MS17-007 Security Update for Microsoft Edge (4013071)
  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 "Microsoft Browser Memory Corruption Vulnerability (MS17-006)"

  • CVE-2017-0010 Scripting Engine Memory Corruption Vulnerability
    IPS:12622 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 2"

  • CVE-2017-0011 Microsoft Edge Information Disclosure Vulnerability
    IPS:12623 "Microsoft Edge Information Disclosure Vulnerability (MS17-007)"

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild."

  • CVE-2017-0015 Scripting Engine Memory Corruption Vulnerability
    IPS:12624 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 3"

  • CVE-2017-0017 Microsoft Edge Information Disclosure Vulnerability
    IPS:12626 "Microsoft Edge Information Disclosure Vulnerability (MS17-007) 2"

  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 "Malformed-File pdf.MP.217"

  • CVE-2017-0032 Scripting Engine Memory Corruption Vulnerability
    IPS:4604 "HTTP Client Shellcode Exploit 1"

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 "Microsoft Browser Spoofing Vulnerability (MS17-006)"

  • CVE-2017-0034 Microsoft Edge Memory Corruption Vulnerability
    IPS:12672 "Microsoft Edge Memory Corruption Vulnerability (MS17-007) 2"

  • CVE-2017-0035 Scripting Engine Memory Corruption Vulnerability
    IPS:12613 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 1"

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 "Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2"

  • CVE-2017-0046 Scripting Engine Memory Corruption Vulnerability
    IPS:12614 "Microsoft Edge Memory Corruption Vulnerability (MS17-006) 1"

  • CVE-2017-0065 Microsoft Browser Information Disclosure Vulnerability
    IPS:12673 "Microsoft Browser Information Disclosure Vulnerability (MS17-007)"

  • CVE-2017-0066 Microsoft Browser Security Feature Bypass Vulnerability
    IPS:12674 "Microsoft Browser Same Origin Policy Bypass (MS17-007)"

  • CVE-2017-0067 Scripting Engine Memory Corruption Vulnerability
    IPS:12675 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 9"

  • CVE-2017-0068 Microsoft Browser Information Disclosure Vulnerability
    IPS:6753 "Cross-Site Scripting (XSS) Attack 8"

  • CVE-2017-0069 Microsoft Edge Spoofing Vulnerability
    IPS:12678 "Microsoft Edge Spoofing Vulnerability (MS17-007)"

  • CVE-2017-0070 Scripting Engine Memory Corruption Vulnerability
    IPS:12662 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 4"

  • CVE-2017-0071 Scripting Engine Memory Corruption Vulnerability
    IPS:12663 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 5"

  • CVE-2017-0094 Scripting Engine Memory Corruption Vulnerability
    IPS:12665 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 6"

  • CVE-2017-0131 Microsoft Edge Memory Corruption Vulnerability
    IPS:12667 "Microsoft Edge Memory Corruption Vulnerability (MS17-007) 1"

  • CVE-2017-0132 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0133 Scripting Engine Memory Corruption Vulnerabilty
    IPS:12668 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 7"

  • CVE-2017-0134 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0135 Microsoft Edge Security Feature Bypass
    There are no known exploits in the wild.

  • CVE-2017-0136 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0137 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0138 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0140 Microsoft Edge Security Feature Bypass
    IPS:12670 "Microsoft Edge Same Origin Policy Bypass (MS17-007)"

  • CVE-2017-0141 Scripting Engine Memory Corruption Vulnerability
    IPS:12671 "Scripting Engine Memory Corruption Vulnerability (MS17-007) 8"

  • CVE-2017-0150 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0151 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0152 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-008 Security Update for Windows Hyper-V (4013082)
  • CVE-2017-0021 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0051 Microsoft Hyper-V Network Switch Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0074 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0076 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0095 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0096 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0097 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0098 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0099 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-009 Security Update for Microsoft Windows PDF Library (4010319)
  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 "Malformed-File pdf.MP.217"

MS17-010 Security Update for Microsoft Windows SMB Server (4013389)
  • CVE-2017-0143 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0144 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0145 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0146 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0147 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0148 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-011 Security Update for Microsoft Uniscribe (4013076)
  • CVE-2017-0072 Uniscribe Remote Code Execution Vulnerability
    ASPY:2094 "Malformed-File otf.MP.22"

  • CVE-2017-0083 Uniscribe Remote Code Execution Vulnerability
    ASPY:2095 "Malformed-File ttf.MP.10"

  • CVE-2017-0084 Uniscribe Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0085 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0086 Uniscribe Remote Code Execution Vulnerability
    ASPY:2096 "Malformed-File ttf.MP.11"

  • CVE-2017-0087 Uniscribe Remote Code Execution Vulnerability
    ASPY:2097 "Malformed-File ttf.MP.12"

  • CVE-2017-0088 Uniscribe Remote Code Execution Vulnerability
    ASPY:2098 "Malformed-File ttf.MP.13"

  • CVE-2017-0089 Uniscribe Remote Code Execution Vulnerability
    ASPY:3447 "Malformed-File ttf.MP.14"

  • CVE-2017-0090 Uniscribe Remote Code Execution Vulnerability
    ASPY:4784 "Malformed-File ttf.MP.15"

  • CVE-2017-0091 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0092 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0111 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0112 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0113 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0114 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0115 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0116 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0117 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0118 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0119 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0120 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0121 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0122 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0123 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0124 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0125 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0126 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0127 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0128 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-012 Security Update for Microsoft Windows (4013078)
  • CVE-2017-0007 Device Guard Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0016 SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
    IPS:12599 "Windows SMB Tree Connect Response DoS 2"

  • CVE-2017-0039 Windows DLL Loading Remote Code Execution Vulnerability
    IPS:12612 "Windows DLL Loading Remote Code Execution Vulnerability (MS17-012) 1"

  • CVE-2017-0057 Windows DNS Query Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0100 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0104 iSNS Server Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-013 Security Update for Microsoft Graphics Component (4013075)
  • CVE-2017-0001 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0005 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0014 Windows Graphics Component Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0025 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0038 Windows Graphics Component Information Disclosure Vulnerability
    ASPY:1383 "Malformed-File emf.MP.12"

  • CVE-2017-0047 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0060 GDI+ Information Disclosure vulnerability
    ASPY:4990 "Malformed-File emf.MP.10"

  • CVE-2017-0061 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0062 GDI+ Information Disclosure Vulnerability
    ASPY:4991 "Malformed-File emf.MP.11"

  • CVE-2017-0063 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0073 Windows GDI+ Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0108 Graphics Component Remote Code Execution Vulnerability
    ASPY:4992 "Malformed-File ttf.MP.9"

MS17-014 Security Update for Microsoft Office (4013241)
  • CVE-2017-0006 Microsoft Office Memory Corruption Vulnerability
    ASPY:4493 "Malformed-File psd.TL.1"

  • CVE-2017-0019 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0020 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0027 Microsoft Office Information Disclosure Vulnerability
    ASPY:1360 "Malformed-File xls.MP.55"

  • CVE-2017-0029 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0030 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 "Malformed-File doc.MP.43"

  • CVE-2017-0031 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 "Malformed-File doc.MP.43"

  • CVE-2017-0052 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0053 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0105 Microsoft Office Information Disclosure Vulnerability
    ASPY:4996 "Malformed-File rtf.MP.16"

  • CVE-2017-0107 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0129 Microsoft Lync for Mac Certificate Validation Vulnerability
    There are no known exploits in the wild.

MS17-015 Security Update for Microsoft Exchange Server (4013242)
  • CVE-2017-0110 Microsoft Exchange Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-016 Security Update for Windows IIS (4013074)
  • CVE-2017-0055 Microsoft IIS Server XSS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-017 Security Update for Windows Kernel (4013081)
  • CVE-2017-0050 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0101 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0102 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0103 Windows Registry Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)
  • CVE-2017-0024 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0026 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0056 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0078 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0079 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0080 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0081 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0082 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-019 Security Update for Active Directory Federation Services (4010320)
  • CVE-2017-0043 Microsoft Active Directory Federation Services Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-020 Security Update for Windows DVD Maker (3208223)
  • CVE-2017-0045 Windows DVD Maker Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.

MS17-021 Security Update for Windows DirectShow (4010318)
  • CVE-2017-0042 Windows DirectShow Information Disclosure Vulnerabitliy
    GAV:12611 "Kovter.A_311"

MS17-022 Security Update for Microsoft XML Core Services (4010321)
  • CVE-2017-0022 Microsoft XML Core Services Information Disclosure Vulnerability
    IPS:12610 "Microsoft XML Information Disclosure Vulnerability (MS17-022)"





Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2017 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.7 | S2MSW01