Microsoft Patch Tuesday May 2017 addressing 56 security vulnerabilities in addition to 7 vulnerabilities for Adobe Flash Player.
The Microsoft Patch Tuesday May 2017 security release consists of security updates for the following software:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- NET Framework
- Adobe Flash Player
Three Windows Zero-day vulnerabilities have been fixed in the Microsoft Patch Tuesday May 2017.
- Microsoft Office remote code execution (RCE) flaw (CVE-2017-0261).
- Internet Explorer (IE) memory corruption vulnerability (CVE-2017-0222).
- Win32k privilege-escalation bug (CVE-2017-0263).
The way Microsoft documents security updates has been changed from April 2017. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots KB Article ID numbers.
Microsoft security bulletin summary for May 2017 :
KB2596904 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3118310 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Critical
CVE’s: CVE-2017-0261, CVE-2017-0262
Impact: Remote Code Execution
KB3162040 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3172458 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Critical Important
CVE’s: CVE-2017-0261, CVE-2017-0262
Impact: Remote Code Execution
KB3178729 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3191835 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3191836 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3191839 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution
KB3191843 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3191858 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191863 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191865 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution
KB3191880 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution
KB3191881 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191885 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191888 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution
KB3191890 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191895 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191899 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191904 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254, CVE-2017-0281
Impact: Memory Corruption, Remote Code Execution
KB3191909 : Microsoft Office Memory Corruption Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0254
Impact: Memory Corruption
KB3191913 : Microsoft Office Remote Code Execution Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0281
Impact: Remote Code Execution
KB3191914 : Microsoft SharePoint XSS Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0255
Impact: XSS Vulnerability
KB4018196 : Windows DNS Server Denial of Service Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0171
Impact: Denial of Service
KB4018466 : Windows SMB Information Disclosure Vulnerability
Severity Rating: Critical
CVE’s: CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
Impact: Information Disclosure Vulnerability
KB4018556 : Windows COM Elevation of Privilege Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0213, CVE-2017-0214, CVE-2017-0244, CVE-2017-0258
Impact: Elevation of Privilege
KB4018821 : Windows Kernel Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0220
Impact: Information Disclosure Vulnerability
KB4018885 : Windows Kernel Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0175
Impact: Information Disclosure Vulnerability
KB4018927 : Microsoft ActiveX Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0242
Impact: Information Disclosure
KB4019112 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass
KB4019113 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass
KB4019114 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass
KB4019115 : .Net Security Feature Bypass Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0248
Impact: Security Feature Bypass
KB4019149 : Dxgkrnl.sys Elevation of Privilege Vulnerability
Severity Rating: Critical Important
CVE’s: CVE-2017-0077
Impact: Elevation of Privilege
KB4019204 : Win32k Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0245, CVE-2017-0246, CVE-2017-0263
Impact: Information Disclosure
KB4019206 : Windows GDI Information Disclosure Vulnerability
Severity Rating: Important
CVE’s: CVE-2017-0190
Impact: Information Disclosure
KB4019473 : Security updates to Microsoft Edge, Microsoft Scripting Engine, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
KB4019474 : Security updates to the Microsoft Scripting Engine, Microsoft Edge, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
KB4020821 : Adobe Security Updates
Severity Rating: Critical Important
CVE’s: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017-3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074
Impact: Code Execution, denial of service.
KB4016871 : Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0224, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
KB4018271 : Cumulative security update for Internet Explorer
Severity Rating: Important
CVE’s: CVE-2017-0064, CVE-2017-0238
Impact: Security Feature Bypass Vulnerability
KB4019214 : Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel and Microsoft Windows DNS.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0226, CVE-2017-0238, CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
KB4019215 : Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server, Windows kernel, and Internet Explorer.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238, CVE-2017-0246, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
KB4019472 : Security updates to Windows COM, Windows SMB Server, Windows server, Internet Explorer, and Microsoft Edge.
Severity Rating: Critical
CVE’s: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0221, CVE-2017-0222, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0236, CVE-2017-0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.