April 2017 - Microsoft Releases Security Patches
Advisory Date: APR 12, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its April batch of patches:
- CVE-2017-0160 | .NET Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in several .NET Framework versions. It happens when the .NET Framework version fails to validate input upon loading of libraries. It is a remote code execution vulnerability. - CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory. - CVE-2017-0166 | LDAP Elevation of Privilege Vulnerability
Risk Rating: Important
This vulnerability in LDAP exists in the calculation of request lengths. An attacker successfully exploiting this vulnerability can have elevated privileges on the vulnerable machine. - CVE-2017-0058 | Win32k Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability in the win32k component in specific Windows operating systems exists in its inability to handle kernel information properly. - CVE-2017-0192 | ATMFD.dll Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the Adobe Type Manager Font Driver library. It exists in the way it handles objects loaded in memory. - CVE-2013-6629 | libjpeg Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the libjpeg library. When successfully exploited, it may bypass the Address Space Layout Randomization (ASLR). - CVE-2017-0195 | Microsoft Office XSS Elevation of Privilege Vulnerability
Risk Rating: Important
This vulnerability exists in the Office Web Apps server way of sanitizing specially crafted requests. Said vulnerability may be exploited a number of ways. - CVE-2017-0106 | Microsoft Outlook Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Microsoft Outlook parses specially crafted messages. - CVE-2017-0204 | Microsoft Office Security Feature Bypass Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office parses file formats. - CVE-2017-0199 | Microsoft Office Remote Code Execution Vulnerability
Risk Rating: Important
This vulnerability could allow remote code execution when successfully exploited. There are exploits in the wild found to be using this vulnerability. - CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office handles objects in the memory. - CVE-2017-0197 | Office DLL Loading Vulnerability
Risk Rating: Important
This vulnerability exists in the way Microsoft Office validates dynamic link libraries loading. - CVE-2017-0163 | Hyper-V Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system. - CVE-2017-0168 | Hyper-V Information Disclosure Vulnerability
Risk Rating: Important
This vulnerability exists in the way Windows Hyper-V Network Switch validates input of a guest operating system. - CVE-2017-0180 | Hyper-V Remote Code Execution Vulnerability
Risk Rating: Critical
This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.
TREND MICRO PROTECTION INFORMATION
The following Trend Micro products have released specific rules for CVE-2017-0199:
| Product | Rule Name |
| Deep Discovery Inspector | DDI Rule 18: DNS response of a queried malware Command and Control domain |
| TippingPoint | 27726: HTTP: Microsoft Word RTF objautlink Memory Corruption Vulnerability |
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers |
| TippingPoint | 27841: HTTP: RTF File Implementing objautlink and URL Monikers |
| Smart Home Network Security | 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199) |
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| CVE-2017-0199 | 1008285 | Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199) | 11-Apr-17 | YES |
| CVE-2017-0158 | 1008275 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) | 11-Apr-17 | YES |
| CVE-2017-0208 | 1008291 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) | 11-Apr-17 | YES |
| CVE-2017-0202 | 1008288 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) | 11-Apr-17 | YES |
| CVE-2017-0205 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES |
| CVE-2017-0192 | 1008290 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) | 11-Apr-17 | YES |
| CVE-2017-0200 | 1008286 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200) | 11-Apr-17 | YES |
| CVE-2017-0166 | 1008278 | Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166) | 11-Apr-17 | YES |
| CVE-2017-0197 | 1008284 | Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197) | 11-Apr-17 | YES |
| CVE-2017-0197 | 1008292 | Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197) | 11-Apr-17 | YES |
| CVE-2017-0201 | 1008287 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) | 11-Apr-17 | YES |
| CVE-2017-0155 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0160 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0165 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0167 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0188 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0189 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0211 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0156 | 1008274 | Microsoft Windows Multiple Security Vulnerabilities (April-2017) | 11-Apr-17 | YES |
| CVE-2017-0210 | 1008294 | Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210) | 11-Apr-17 | YES |
| CVE-2017-0194 | 1008283 | Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) | 11-Apr-17 | YES |