Happy New Year Everyone,

This is Kelly Housman with the Microsoft Patch Tuesday newsletter for January 10, 2017.

 

Welcome to the January Patch Tuesday update. This month was light month where Microsoft released only Four (4) new security bulletins, including one for Adobe Flash . For this month, Two(2) of these are rated Critical. These are the types of vulnerabilities that system administrators are usually the most concerned about and attempt to patch as quickly as possible. The remaining two(2) are rated Important.

 

Clarification of the Intel Security Coverage column in the table below

Some Microsoft bulletins include multiple vulnerabilities. The Covered Products and Under Analysis sections will list Intel Security products for *any* of the vulnerabilities included in the Microsoft bulletin. You may see an Intel Security product listed in both sections, which would indicate that it is Covered for one of the vulnerabilities in the bulletin and Under Analysis for one of the other vulnerabilities. The details for each individual vulnerability are provided in the McAfee Labs Security Advisory Number.

 

  This month’s patches include the following:

Bulletin Number

KB Number

Title

Bulletin Rating (highest )

Vulnerability Impact

McAfee Labs Security Advisory Number

Intel Security Coverage

MS17-001

3214288

Security Update for Microsoft Edge

Important

-Elevation of Privileges

MTIS17-001

Covered Products:

  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise

MS17-002

3214291

Security Update for Microsoft Office

Critical

-Memory Corruption

MTIS17-001

Covered Products:

  • BOP
  • Application Control
  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise

MS17-003

3214628

Security Update for Adobe Flash Player

Critical

N/A

MTIS17-001

N/A

MS17-004

3216771

Security Update for Local Security Authority Subsystem Service

Important

-Denial of Service

MTIS17-001

Covered Products:

  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise

 

Let’s take a closer look at each of the Microsoft Security Bulletins:

 

MS17-001 (CVE-2017-0002 )

This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerability could elevate privileges in affected versions of Microsoft Edge.

The update addresses the vulnerability by assigning a unique origin to top-level windows that contain Data URLs.

MS17-002 (CVE-2017-0003 )

The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The security update addresses the vulnerability by correcting how affected versions of Office and Office components handle objects in memory.

MS17-003 (N/A )
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

MS17-004 (CVE-2017-0004 )

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests.  An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

 

 

NOTE: A bit of clarification might be in order here. Readers may wonder why we don’t often mention McAfee VirusScan or other technologies as mitigations for these vulnerabilities. The industry generally describes a security vulnerability as an unintentional coding or design flaw in software that may leave it potentially open to exploitation. While there may be some forms of defense against any given vulnerability being exploited, in some cases the only way to truly mitigate the issue is to patch the vulnerable software. Since our focus here is on Microsoft Security Bulletins, it might be useful to read the Microsoft Security Response Center’s definition of a security vulnerability.

 

Memory Corruption Vulnerabilities:

Intel Security is seeing many Memory Corruption Remote Code Execution vulnerabilities that affect a large number of products…not just those from Microsoft. This is an area where customers can see immediate value when using McAfee Host Intrusion Prevention. For example, by enabling protection and applying the Default IPS (Intrusion Prevention System) Rules policy, we have demonstrated that 90 percent or more of the Microsoft vulnerabilities listed in Patch Tuesday updates were shielded using this out-of-the-box basic protection level.

 

 

Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.

 

The McAfee Labs Security Advisories can be found on the McAfee Labs Security Advisories Community site.

 

Finally, these briefings are archived on the McAfee Community site.

 

For additional useful security information, please make note of the following links:

You can also review the Microsoft Summary for January 2017 at the Microsoft site.

 

Safe Computing!

Thank you,

Kelly Housman