Happy New Year to our readers! Today marks the first Patch Tuesday of 2017 with Microsoft releasing their monthly set of bulletins designed to address security vulnerabilities. This month's release is relatively light with 4 bulletins addressing 3 vulnerabilities. Two bulletins are rated critical and address vulnerabilities in Office and Adobe Flash Player while the other two are rated important and address vulnerabilities Edge and the Local Security Authority Subsystem Service.
Bulletins Rated Critical Microsoft bulletins MS17-002 and MS17-003 are rated critical.
MS17-002 addresses CVE-2017-0003, an arbitrary code execution vulnerability in Microsoft Office 2016. Specifically, Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016 are affected. This vulnerability manifests in the way Office handles objects in memory. Exploitation of this flaw is achievable if, for example, a user opens a specifically crafted Word document received via email or downloaded from a site hosting a specifically crafted document.
MS17-003 addresses vulnerabilities in Adobe Flash Player that were patched in APSB17-02. This bulletin is targeted at the embedded Flash Player for Internet Explorer and Edge. For more details on what is contained in the Adobe Flash Player bulletin, please refer to the bulletin posted on Adobe's Security Bulletin and Advisory portal.
Bulletins Rated Important Microsoft bulletins MS17-001 and and MS17-004 are rated important.
MS17-001 addresses CVE-2017-0002, a privilege escalation vulnerability in Microsoft Edge. This vulnerability manifests in how Edge enforces cross-domain policies with '' and could result in an adversary accessing and injecting information from one domain to another. Exploitation is achievable if a user visits a specifically crafted website that is designed to exploit this vulnerability.
MS17-004 addresses CVE-2017-0004, a denial of service vulnerability in the Local Security Authority Subsystem Service (LSASS). This vulnerability manifests in the way LSASS handles authentication requests where unauthenticated adversaries who send a specifically crafted authentication request to LSASS could forcibly cause the system to reboot. Note that this vulnerability only affects Windows Vista, 7, and Windows Server 2008 (vanilla and R2) systems.
Coverage In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Defense Center, FireSIGHT Management Center or Snort.org.
Snort SIDs: 40759, 41140-41141