Hi Everyone,

This is Kelly Housman with the Microsoft Patch Tuesday newsletter for April 11, 2017.

 

Welcome to the April Patch Tuesday update. This month begins the new format change. On my test machine (Windows 10 build1607) there was one roll-up patch, and one for Flash. This new format is difficult to organize the data and display it in an easy to digest manner. The easiest method I’ve come up with is by using the Common Vulnerabilities and Exposures (CVE’s). CVE’s will give you the best measure as  to the threat exposure of a non-patched system. It has taken me hours upon hours and 3 different iterations to land on this format.

 

This new format is extremely time consuming. Each CVE takes as much time as a previous MS bulletins. So I’d like to make sure this information is useful to the group. I’m happy to continue with the newsletter if folks are getting value from it. Please click this survey https://www.surveymonkey.com/r/PKNLJN5 to VOTE on whether we should continue sending out the Patch Tuesday Newsletter email and blog. For suggestions on format or data provided please send me an email directly Kelly_Housman@mcafee.com with your ideas.

 

Microsoft has create a NEW Security TechCenter site with much of the information you’ll find here, however it’s a complex site and pulling all data together can be a bit cumbersome. They do have a nice tool to export to Excel so you can select the security details you’re looking for and download those into Excel.

 

  CVE Information: NOTE: Some CVE’s were not listed in the MTIS reports and therefore only contain MS threat data.

CVE

CVE Title

Impact

Severity

Publicly Disclosed

Exploited

McAfee Labs Security Advisory Number

Intel Security Coverage

2017-2605

Defense-in-Depth Update for Microsoft Office

Remote Code Execution

Critical

No

Yes

Not listed

 

2017-3447

April Flash Security Update

Remote Code Execution

Critical

No

No

Not listed

 

CVE-2013-6629

libjpeg Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0058

Win32k Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-016

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0093

Scripting Engine Memory Corruption Vulnerability (Edge)

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

  • Web Gateway
  • Enterprise Firewall

CVE-2017-0106

Microsoft Outlook Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • Vulnerability Manager
  • Application Control
  • Policy Auditor

Under Analysis:

  • Web Gateway
  • DAT
  • Enterprise Firewall

CVE-2017-0155

Windows Graphics Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-016

Covered Products:

  • Vulnerability Manager
  • NSP
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0156

Windows Graphics Component Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-015

Covered Products:

  • NSP
  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0158

Scripting Engine Memory Corruption Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • VSE
  • HIPS
  • NSP
  • Vulnerability Manager
  • Application Control
  • Policy Auditor

Under Analysis:

  • Web Gateway
  • DAT
  • Enterprise Firewall

CVE-2017-0159

ADFS Security Feature Bypass Vulnerability

Security Feature Bypass

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0160

.NET Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-015

Covered Products:

  • NSP
  • Vulnerability Manager
  • Application Control
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0162

Hyper-V Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor
  • Application Control

Under Analysis:

  • Enterprise Firewall

CVE-2017-0163

Hyper-V Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-015

Covered Products:

  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

  • Enterprise Firewall

CVE-2017-0164

Active Directory Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0165

Windows Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

Not listed

 

CVE-2017-0166

LDAP Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-015

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

  • Web Gateway
  • DAT
  • Enterprise Firewall

CVE-2017-0167

Windows Kernel Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-016

Covered Products:

  • NSP
  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0168

Hyper-V Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0169

Hyper-V Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

  • Enterprise Firewall

CVE-2017-0178

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0179

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0180

Hyper-V Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

  • Enterprise Firewall

CVE-2017-0181

Hyper-V Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

No

Not listed

 

CVE-2017-0182

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0183

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0184

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0185

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0186

Hyper-V Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-015

Covered Products:

  • Vulnerability Manager
  • Policy Auditor

Under Analysis:

Enterprise Firewall

CVE-2017-0188

Win32k Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-016

Covered Products:

  • HIPS
  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0189

Win32k Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-016

Covered Products:

  • HIPS
  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0191

Windows Denial of Service Vulnerability

Denial of Service

Important

No

No

MTIS17-016

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0192

  1. ATMFD.dll Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0194

Microsoft Office Memory Corruption Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • VSE-BOP
  • HIPS
  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

Enterprise Firewall

CVE-2017-0195

Microsoft Office XSS Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-016

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0197

Office DLL Loading Vulnerability

Remote Code Execution

Important

No

No

MTIS17-016

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

Enterprise Firewall

CVE-2017-0199

Microsoft Outlook Remote Code Execution Vulnerability

Remote Code Execution

Critical

No

Yes

MTIS17-016

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

  • Web Gateway
  • DAT
  • Enterprise Firewall

CVE-2017-0200

Microsoft Edge Memory Corruption Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

Enterprise Firewall

CVE-2017-0201

Scripting Engine Memory Corruption Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-016

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

Enterprise Firewall

CVE-2017-0202

Internet Explorer Memory Corruption Vulnerability

Remote Code Execution

Critical

No

No

Not listed

 

CVE-2017-0203

Microsoft Edge Security Feature Bypass Vulnerability

Security Feature Bypass

Moderate

Yes

No

MTIS17-015

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0204

Microsoft Office Security Feature Bypass Vulnerability

Security Feature Bypass

Important

No

No

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0205

Microsoft Edge Memory Corruption Vulnerability

Remote Code Execution

Critical

No

No

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager
  • Application Control

Under Analysis:

Enterprise Firewall

CVE-2017-0207

Microsoft Office Spoofing Vulnerability

Spoofing

Moderate

No

No

MTIS17-015

Covered Products:

  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0208

Scripting Engine Information Disclosure Vulnerability

Information Disclosure

Important

No

No

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0210

Internet Explorer Elevation of Privilege Vulnerability

Elevation of Privilege

Important

Yes

Yes

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

CVE-2017-0211

Windows OLE Elevation of Privilege Vulnerability

Elevation of Privilege

Important

No

No

MTIS17-015

Covered Products:

  • NSP
  • Policy Auditor
  • Vulnerability Manager

Under Analysis:

Enterprise Firewall

 

More details on the Rollup updates:

 

KB4015546 (Security Only)

The security fixes that are listed in this Security Only Quality Update KB4015546 are also included in April 2017 Security Monthly Quality Rollup KB4015549. Installing either update KB4015546 or KB4015549 installs the security fixes.

This Security Only Quality Update does not include security fixes for Internet Explorer.

  • This Security-only Quality Update is not applicable for installation on a computer where the Security Monthly Quality Rollup or Preview of Monthly Quality Rollup from April 2017 (or a later month) is already installed, because those updates contain all of the security fixes that are included in this Security-only Quality Update.

KB4015547 (Security Only)

Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012213.

Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012213.

  • Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.

The security fixes that are listed in this Security Only Quality Update KB4015547 are also included in the April 2017 Security Monthly Quality Rollup, KB4015550. Installing either update KB4015547 or KB4015550 installs the security fixes.

This Security Only Quality Update does not include security fixes for Internet Explorer.

KB4015548 (Security Only)
The security fixes that are listed in this Security-only Quality Update (KB4015548) are also included in the April 2017 Security Monthly Quality Rollup, KB4015551. Installing either update KB4015548 or KB4015551 installs the security fixes.

This Security-only Quality Update does not include security fixes for Internet Explorer.

KB4015549   (Security Only)
The security fixes that are listed in the "Summary" section of Security Monthly Quality Rollup 4015549 are also included in April 2017 Security Only Quality Update 4015546, with the exception of security fixes for Internet Explorer, which are instead included in the Cumulative Security Update for Internet Explorer KB4014661. Installing either this March 2017 Security Monthly Quality Rollup or both the March 2017 Security-only Quality update and the Cumulative Security Update for Internet Explorer will install the security fixes.

 

KB4015550 (MAIN Patch Release)
Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012216.

Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012216.

Addressed issue where a server may fail with STOP 0x3B error leading to data loss when Input Method Editors (IME) like keyboards are installed.

 

The security fixes that are listed in this Security Monthly Quality Rollup KB4015550 are also included in the April 2017 Security Only Quality Update, KB4015547, except for the security fixes for Internet Explorer. Those are instead included in the Cumulative Security Update for Internet Explorer KB4014661. Installing either this April 2017 Security Monthly Quality Rollup, or both the April 2017 Security Only Quality update and the Cumulative Security Update for Internet Explorer, will install the security fixes that are listed here. This Security Monthly Quality Rollup also includes improvements and fixes from previous monthly rollups.

 

Prerequisites :

To apply this update, you must have Windows 8.1 and Windows Server 2012 R2 update: April 2014 (KB2919355) installed.

 

 

 

NOTE: A bit of clarification might be in order here. Readers may wonder why we don’t often mention McAfee VirusScan, ENS or other technologies as mitigations for these vulnerabilities. The industry generally describes a security vulnerability as an unintentional coding or design flaw in software that may leave it potentially open to exploitation. While there may be some forms of defense against any given vulnerability being exploited, in some cases the only way to truly mitigate the issue is to patch the vulnerable software. Since our focus here is on Microsoft Updates, it will be useful to research the Microsoft Security Guidance TechCenter.

 

UPDATED: Memory Corruption Vulnerabilities:

Intel Security is seeing many Memory Corruption Remote Code Execution vulnerabilities that affect a large number of products…not just those from Microsoft. This is an area where customers can see immediate value when using McAfee Host Intrusion Prevention. For example, by enabling protection and applying the Default IPS (Intrusion Prevention System) Rules policy, we have demonstrated that 90 percent or more of the Microsoft vulnerabilities listed in Patch Tuesday updates were shielded using this out-of-the-box basic protection level. HIPS is now part of McAfee Endpoint Security. Protection like exploit prevention is part of the Threat Prevention module, and host firewall is now a module within McAfee Endpoint Security.

 

 

Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.

 

The McAfee Labs Security Advisories can be found on the McAfee Labs Security Advisories Community site.

 

Finally, these briefings are archived on the McAfee Community site.

 

For additional useful security information, please make note of the following links:

You can also review historical past patch releases at the Microsoft site here.

 

Safe Computing!

Thank you,

  Kelly Housman