January 2017 - Microsoft Releases 4 Security Advisories
Publish date: 02 de mayo de 2017
Fecha recomendada: 10 de enero de 2017
Descripción
Microsoft addresses the following vulnerabilities in its January batch of patches:
- (MS17-003) Security Update for Adobe Flash Player (3214628)
Risk Rating: Critical
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. - (MS17-001) Security Update for Microsoft Edge (3214288)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges. - (MS17-002) Security Update for Microsoft Office (3214291)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. - (MS17-004) Security Update for Local Security Authority Subsystem Service (3216771)
Risk Rating: Important
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system..
Revelación de la información
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
MS17-004 | CVE-2017-0004 | 1008119 | Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004) | 10-Jan-17 | YES |
MS17-002 | CVE-2017-0003 | 1008116 | Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003) | 10-Jan-17 | YES |