Patch Analysis for March 2017

Welcome to this March Patch Tuesday bulletin. This month marks the first month for the switch from the "security bulletins format" to the new "security update guide" format. Don't worry, this month we are still bringing you the same great content. March is a fairly hefty month for updates with 18 total and 9 critical. Two vulnerabilities are being attacked in the wild with the first being a GDI elevation of privilege attack, more info can be found at CVE-2017-0005 and MS17-013. The second is a Remote Code Execution vulnerability for Internet Explorer CVE-2017-0149 and more info is available at MS17-006. Only a single Microsoft patch has been released after January 10th and there are 2 attacks in the wild, so this is a great month to take a look at your plan for rolling out the new cumulitive patch update process and check out the Security Guide.

By the end of March no one will remember that Microsoft missed a Patch Tuesday. Join Ivanti as we talk Patch Tuesday, Vault 7, and more on our monthly Patch Tuesday Webinar:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis (previously known as Shavlik Patch Tuesday Analysis)

Register now for the Ivanti Patch Tuesday webinar.

Bulletin Exploit Types
/Technologies Affected
System Types Affected Exploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity rating Products Affected Notes Randy's recommendation
MS17-020

3208223
Information disclosure

/ Microsoft Windows
Workstations No/No No Important Vista
Windows 7
Requires restart Update after testing
MS17-021

4010318
Information disclosure

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Requires restart Update after testing
MS17-009

4010319
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Critical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Requires restart Update immediately
MS17-019

4010320
Information disclosure

/ Microsoft Windows
Servers No/No No Important Server 2008
Server 2008 R2
Server 2012
Server 2012 R2
Server 2016
Requires restart Update after testing
MS17-022

4010321
Information disclosure

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/Yes No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Requires restart Update after testing
MS17-007

4013071
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
Servers
No/No No Critical Edge Multiple vulnerabilities, requires restart Update immediately
MS17-006

4013073
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
Servers
No/Yes No Critical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restart Update immediately
MS17-016

4013074
Arbitrary code

/ Microsoft Windows
IIS Servers No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Requires restart Update after testing
MS17-013

4013075
Arbitrary code

/ Microsoft Office, Skype for Business, Lync, Silverlight
Workstations
Servers
No/Yes No Critical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately
MS17-011

4013076
Arbitrary code

/ Microsoft Windows
Workstations
Servers
No/No No Critical Vista
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately
MS17-012

4013078
Arbitrary code

/ Microsoft Windows
Workstations
Servers
No/No Yes Critical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately
MS17-017

4013081
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update after testing
MS17-008

4013082
Arbitrary code

/ Microsoft Windows
Workstations
Servers
No/No No Critical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately
MS17-018

4013083
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update after testing
MS17-014

4013241
Arbitrary code

/ Microsoft Office, Services, and Web Apps
Workstations
Servers
No/No Yes Important Office 2007
SharePoint Server 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2016 for Mac
Office 2016
Office Web Apps 2013
Multiple vulnerabilities, may require restart Update after testing
MS17-015

4013242
Arbitrary code

/ Microsoft Exchange
Exchange Servers No/No No Important Exchange 2013
Exchange 2016
Requires restart Update after testing
MS17-010

4013389
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No Yes Critical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately
MS17-023

4014329
Arbitrary code

/ Adobe Flash Player
Workstations
Terminal Servers
Servers
No/No Yes Critical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restart Update immediately

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources