Patch Tuesday: Microsoft Security Bulletin Summary for May 2017

Microsoft Patch Tuesday May 2017 addressing 56 security vulnerabilities in addition to 7 vulnerabilities for Adobe Flash Player.

The Microsoft Patch Tuesday May 2017 security release consists of security updates for the following software:

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• NET Framework
• Adobe Flash Player

Three Windows Zero-day vulnerabilities have been fixed in the Microsoft Patch Tuesday May 2017.

• Microsoft Office remote code execution (RCE) flaw (CVE-2017-0261).
• Internet Explorer (IE) memory corruption vulnerability (CVE-2017-0222).
• Win32k privilege-escalation bug (CVE-2017-0263).

The way Microsoft documents security updates has been changed from April 2017. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots KB Article ID numbers.

Microsoft security bulletin summary for May 2017 :

KB2596904 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3118310 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Critical
CVE’s: CVE-2017-0261, CVE-2017-0262
Impact: Remote Code Execution

KB3162040 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3172458 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Critical Important
CVE’s: CVE-2017-0261, CVE-2017-0262
Impact: Remote Code Execution

KB3178729 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3191835 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3191836 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3191839 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution

KB3191843 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3191858 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191863 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191865 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution

KB3191880 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution

KB3191881 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191885 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191888 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution

KB3191890 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191895 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191899 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191904 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution

KB3191909 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption

KB3191913 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution

KB3191914 : Microsoft SharePoint XSS Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0255
Impact: XSS Vulnerability

KB4018196 : Windows DNS Server Denial of Service Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0171
Impact: Denial of Service

KB4018466 : Windows SMB Information Disclosure Vulnerability
Severity Rating: Critical
CVE’s: CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
Impact: Information Disclosure Vulnerability

KB4018556 : Windows COM Elevation of Privilege Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0213, CVE-2017-0214, CVE-2017-0244, CVE-2017-0258
Impact: Elevation of Privilege

KB4018821 : Windows Kernel Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0220
Impact: Information Disclosure Vulnerability

KB4018885 : Windows Kernel Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0175
Impact: Information Disclosure Vulnerability

KB4018927 : Microsoft ActiveX Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0242
Impact: Information Disclosure

KB4019112 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass

KB4019113 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass

KB4019114 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass

KB4019115 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass

KB4019149 : Dxgkrnl.sys Elevation of Privilege Vulnerability
Severity Rating: Critical Important
CVE’s: CVE-2017-0077
Impact: Elevation of Privilege

KB4019204 : Win32k Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0245, CVE-2017-0246, CVE-2017-0263
Impact: Information Disclosure

KB4019206 : Windows GDI Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0190
Impact: Information Disclosure

KB4019473 : Security updates to Microsoft Edge, Microsoft Scripting Engine, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

KB4019474 : Security updates to the Microsoft Scripting Engine, Microsoft Edge, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

KB4020821 : Adobe Security Updates
Severity Rating: Critical Important
CVE’s: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017-3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074
Impact: Code Execution, denial of service.

KB4016871 : Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0224, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

KB4018271 : Cumulative security update for Internet Explorer
Severity Rating: Important
CVE’s: CVE-2017-0064, CVE-2017-0238
Impact: Security Feature Bypass Vulnerability

KB4019214 : Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel and Microsoft Windows DNS.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0226, CVE-2017-0238, CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

KB4019215 : Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server, Windows kernel, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238, CVE-2017-0246, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

KB4019472 : Security updates to Windows COM, Windows SMB Server, Windows server, Internet Explorer, and Microsoft Edge.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0221, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.