It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of
security features when document loading is done via Outlook attachments for
certain crafted emails. Successful exploitation of this issue may grant an
attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Management classes or the Powershell Get-WmiObject Cmdlet, which can lead to arbitrary .NET serialization remote code execution.
CVE-2017-0199 details a remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2017-0200 covers a remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.
CVE-2017-0202 outlines a type confusion vulnerability that exists in Internet Explorer which results in an Out-of-Bounds read.
CVE-2017-0205 details a render format type-confusion vulnerability in Edge 11 on Windows that causes an access violation. Successful exploitation of this vulnerability could lead to arbitrary code execution.
Bulletins Rated Important
CVE-2017-0155 outlines an out-of-bounds memory write vulnerability in Windows DDI (Device Driver Interface) that affects Windows and causes a kernel crash.
CVE-2017-0156 details a NULL-dereference vulnerability was discovered in Windows. The root cause of the vulnerability is in dxgkrnl.sys, which runs in kernel mode. Successful exploitation of this vulnerability can result in EOP (Escalation-of-Privilege) in older Windows versions.
CVE-2017-0165 covers an arbitrary directory / file deletion elevation of privilege vulnerability in IEETWCollector that affects Windows 10. Successful exploitation of the vulnerability could lead to arbitrary code execution.
CVE-2017-0166 details a buffer overrun vulnerability in Microsoft LDAP implementation.
CVE-2017-0167 outlines an uninitialized memory read vulnerability in Windows kernel. Successful exploitation of the vulnerability could result in potential information leakage.
CVE-2017-0188 outlines an Integer overflow in Windows Graphics Device Interface (GDI) which causes an out-of-bounds read resulting in a kernel crash.
CVE-2017-0189 details an out-of-bounds write vulnerability in Windows DDI (Device Driver Interface) that when successfully exploited causes a kernel crash.
CVE-2017-0192 outlines an out-of-bounds read that affects the ATMFD (Adobe Type Manager Font Driver) in Windows.
CVE-2017-0194 details an out-of-bounds memory read vulnerability which exists in Excel.
CVE-2017-0197 covers a vulnerability in Microsoft Office OneNote 2007 that is vulnerable to DLL sideloading, which an attacker could leverage to gain remote code execution.
CVE-2017-0204 outlines a vulnerability was discovered in Microsoft Word which permits the bypass of security features when document loading is done via Outlook attachments for certain crafted emails. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0210 details a vulnerability in Internet Explorer 11 htmlFile ActiveX control that results in a universal cross-site scripting (UXSS) condition.
CVE-2017-0211 highlights a privilege escalation vulnerability in Microsoft Windows OLE which could allow an application with limited privileges on an affected system to execute code.
In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Management Center or Snort.org.
Snort SIDs: 41962-41963, 41997-41998, 42148-42151, 42152-42168, 42173-42174, 42183-42190, 42199-42200, 42204-42205, and 42208-42211