April 2017 - Microsoft Releases Security Patches

  Advisory Date: APR 12, 2017

  DESCRIPTION

Microsoft addresses several vulnerabilities in its April batch of patches:

  • CVE-2017-0160 | .NET Remote Code Execution Vulnerability
    Risk Rating: Critical

    This vulnerability exists in several .NET Framework versions. It happens when the .NET Framework version fails to validate input upon loading of libraries. It is a remote code execution vulnerability.


  • CVE-2017-0158 | Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This vulnerability in the VBScript engine of specific Windows operating systems exists in the way it handles objects in Internet Explorer memory.


  • CVE-2017-0166 | LDAP Elevation of Privilege Vulnerability
    Risk Rating: Important

    This vulnerability in LDAP exists in the calculation of request lengths. An attacker successfully exploiting this vulnerability can have elevated privileges on the vulnerable machine.


  • CVE-2017-0058 | Win32k Information Disclosure Vulnerability
    Risk Rating: Important

    This vulnerability in the win32k component in specific Windows operating systems exists in its inability to handle kernel information properly.


  • CVE-2017-0192 | ATMFD.dll Information Disclosure Vulnerability
    Risk Rating: Important

    This vulnerability exists in the Adobe Type Manager Font Driver library. It exists in the way it handles objects loaded in memory.


  • CVE-2013-6629 | libjpeg Information Disclosure Vulnerability
    Risk Rating: Important

    This vulnerability exists in the libjpeg library. When successfully exploited, it may bypass the Address Space Layout Randomization (ASLR).


  • CVE-2017-0195 | Microsoft Office XSS Elevation of Privilege Vulnerability
    Risk Rating: Important

    This vulnerability exists in the Office Web Apps server way of sanitizing specially crafted requests. Said vulnerability may be exploited a number of ways.


  • CVE-2017-0106 | Microsoft Outlook Remote Code Execution Vulnerability
    Risk Rating: Critical

    This vulnerability exists in the way Microsoft Outlook parses specially crafted messages.


  • CVE-2017-0204 | Microsoft Office Security Feature Bypass Vulnerability
    Risk Rating: Important

    This vulnerability exists in the way Microsoft Office parses file formats.


  • CVE-2017-0199 | Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This vulnerability could allow remote code execution when successfully exploited. There are exploits in the wild found to be using this vulnerability.


  • CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    This vulnerability exists in the way Microsoft Office handles objects in the memory.


  • CVE-2017-0197 | Office DLL Loading Vulnerability
    Risk Rating: Important

    This vulnerability exists in the way Microsoft Office validates dynamic link libraries loading.


  • CVE-2017-0163 | Hyper-V Remote Code Execution Vulnerability
    Risk Rating: Critical

    This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.


  • CVE-2017-0168 | Hyper-V Information Disclosure Vulnerability
    Risk Rating: Important

    This vulnerability exists in the way Windows Hyper-V Network Switch validates input of a guest operating system.


  • CVE-2017-0180 | Hyper-V Remote Code Execution Vulnerability
    Risk Rating: Critical

    This vulnerability exists in the way Windows Hyper-V Network Switch validates network traffic of a guest operating system.


  TREND MICRO PROTECTION INFORMATION

The following Trend Micro products have released specific rules for CVE-2017-0199:

Product Rule Name
Deep Discovery Inspector DDI Rule 18: DNS response of a queried malware Command and Control domain
TippingPoint 27726: HTTP: Microsoft Word RTF objautlink Memory Corruption Vulnerability
TippingPoint 27841: HTTP: RTF File Implementing objautlink and URL Monikers
TippingPoint 27841: HTTP: RTF File Implementing objautlink and URL Monikers
Smart Home Network Security 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199)

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
CVE-2017-0199 1008285 Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199) 11-Apr-17 YES
CVE-2017-0158 1008275 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) 11-Apr-17 YES
CVE-2017-0208 1008291 Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) 11-Apr-17 YES
CVE-2017-0202 1008288 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) 11-Apr-17 YES
CVE-2017-0205 1008290 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) 11-Apr-17 YES
CVE-2017-0192 1008290 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) 11-Apr-17 YES
CVE-2017-0200 1008286 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200) 11-Apr-17 YES
CVE-2017-0166 1008278 Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166) 11-Apr-17 YES
CVE-2017-0197 1008284 Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197) 11-Apr-17 YES
CVE-2017-0197 1008292 Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197) 11-Apr-17 YES
CVE-2017-0201 1008287 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) 11-Apr-17 YES
CVE-2017-0155 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0160 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0165 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0167 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0188 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0189 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0211 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0156 1008274 Microsoft Windows Multiple Security Vulnerabilities (April-2017) 11-Apr-17 YES
CVE-2017-0210 1008294 Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210) 11-Apr-17 YES
CVE-2017-0194 1008283 Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) 11-Apr-17 YES

  SOLUTION