Security Alert (A17-01-01): Multiple Vulnerabilities in Microsoft Products (January 2017)


 

Published on: 11 January 2017

  
  

Description:

Microsoft has released 4 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS17-001    Security Update for Microsoft Edge
MS17-002    Security Update for Microsoft Office
MS17-003    Security Update for Adobe Flash Player
MS17-004    Security Update for Local Security Authority Subsystem Service

Reports indicate that there are scattered exploits observed against the vulnerabilities mentioned in MS17-001 and MS17-004.

Affected Systems:

  • Microsoft Edge
  • Microsoft Office 2016
  • Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Office Services and Web Apps
  • Microsoft SharePoint Enterprise Server 2016

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:
https://technet.microsoft.com/library/security/ms17-jan

 
 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege, denial of service and remote code execution.

 

Recommendation:

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate

 

If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected Software" section of the corresponding Microsoft Security Advisory and Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.

 

More Information:

https://technet.microsoft.com/en-us/library/security/ms17-jan
https://technet.microsoft.com/en-us/library/security/ms17-001
https://technet.microsoft.com/en-us/library/security/MS17-002
https://technet.microsoft.com/en-us/library/security/MS17-003
https://technet.microsoft.com/en-us/library/security/MS17-004
https://www.hkcert.org/my_url/en/alert/17011101
https://www.us-cert.gov/ncas/current-activity/2017/01/10/Microsoft-Releases-January-2017-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0004
http://helpx.adobe.com/security/products/flash-player/apsb17-02.html



Tag: Microsoft Office , Windows Server , Windows , SharePoint , Microsoft , Edge
Tags