Security Alert (A17-05-02): Multiple Vulnerabilities in Microsoft Products (May 2017)


 

Published on: 10 May 2017

  
  

Description:

Microsoft has released 57 security updates addressing multiple vulnerabilities which affect several Microsoft products or components listed in Affected Systems section. 

Reports indicate that some vulnerabilities are being exploited.

 

Affected Systems:

  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Office 2007, 2010, 2013, 2013RT, 2016
  • Microsoft Office Compatibility Pack 3
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft Office Word Viewer
  • Microsoft Office Online Server 2016
  • Microsoft Project Server 2013 Service Pack 1
  • Microsoft Security Essentials
  • Microsoft SharePoint Server 2010
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Foundation Server 2013
  • Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft .NET Framework 2.0 Service Pack 2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.6, 4.6.1, 4.7
  • Windows Defender
  • Windows Intune Endpoint Protection
  • Word Automation Services
  • Skype for Business 2016 

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of service, elevation of privilege, information disclosure, remote code execution, security restriction bypass, or spoofing.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170006
https://www.hkcert.org/my_url/en/alert/17051002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0212 (to CVE-2017-0214)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0220 (to CVE-2017-0222)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0226 (to CVE-2017-0231)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0233 (to CVE-2017-0236)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0240 (to CVE-2017-0242)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0244 (to CVE-2017-0246)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0254 (to CVE-2017-0255)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0258 (to CVE-2017-0259)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0261 (to CVE-2017-0281)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , SharePoint , Forefront , Project , Security Essentials , Windows Defender , Skype , .NET Framework , Windows Intune
Tags