Microsoft Critical Security Bulletins Summary – March 2017

Number: AV17-032
Date: 14 March 2017

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for March 2017.

Assessment

The summary covers 18 bulletins (7 Critical and 11 Important), which addresses multiple vulnerabilities in; Microsoft Internet Explorer, Microsoft Windows, Microsoft Edge, Microsoft Office, Microsoft Uniscribe, Microsoft Graphics Component, Microsoft Exchange Server, Active Directory, Microsoft XML Core Services, Adobe Flash Player.

***Critical***
MS17-006 Cumulative Security Update for Internet Explorer (4013073)
MS17-007 Cumulative Security Update for Microsoft Edge (4013071)
MS17-008 Security Update for Windows Hyper-V (4013082)
MS17-009 Security Update for Microsoft Windows PDF Library (4010319)
MS17-010 Security Update for Microsoft Windows SMB Server (4013389)
MS17-013 Security Update for Microsoft Graphics Component (4013075)
MS17-023 Security Update for Adobe Flash Player (4014329)

***Important***
MS17-011 Security Update for Microsoft Uniscribe (4013076)
MS17-012 Security Update for Microsoft Windows (4013078)
MS17-014 Security Update for Microsoft Office (4013241)
MS17-015 Security Update for Microsoft Exchange Server (4013242)
MS17-016 Security Update for Windows IIS (4013074)
MS17-017 Security Update for Windows Kernel (4013081)
MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)
MS17-019 Security Update for Active Directory Federation Services (4010320)
MS17-020 Security Update for Windows DVD Maker (3208223)
MS17-021 Security Update for Windows DirectShow (4010318)
MS17-022 Security Update for Microsoft XML Core Services (4010321)

CVE References: CVE-2017-0001, CVE-2017-0005, CVE-2017-0006, CVE-2017-0007, CVE-2017-0008, CVE-2017-0009, CVE-2017-0010, CVE-2017-0011, CVE-2017-0012, CVE-2017-0014, CVE-2017-0015, CVE-2017-0016, CVE-2017-0017, CVE-2017-0019, CVE-2017-0020, CVE-2017-0021, CVE-2017-0022, CVE-2017-0023, CVE-2017-0024, CVE-2017-0025, CVE-2017-0026, CVE-2017-0027, CVE-2017-0029, CVE-2017-0030, CVE-2017-0031, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0038, CVE-2017-0039, CVE-2017-0042, CVE-2017-0043, CVE-2017-0045, CVE-2017-0047, CVE-2017-0050, CVE-2017-0051, CVE-2017-0052, CVE-2017-0053, CVE-2017-0055, CVE-2017-0056, CVE-2017-0057, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0065, CVE-2017-0066, CVE-2017-0067, CVE-2017-0068, CVE-2017-0069, CVE-2017-0070, CVE-2017-0071, CVE-2017-0072, CVE-2017-0073, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0094, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0100, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103, CVE-2017-0104, CVE-2017-0105, CVE-2017-0107, CVE-2017-0108, CVE-2017-0109, CVE-2017-0110, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128, CVE-2017-0129, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0135, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0140, CVE-2017-0141, CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148, CVE-2017-0150, CVE-2017-0151, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://technet.microsoft.com/en-us/library/security/MS17-006
https://technet.microsoft.com/en-us/library/security/MS17-007
https://technet.microsoft.com/en-us/library/security/MS17-008
https://technet.microsoft.com/en-us/library/security/MS17-009
https://technet.microsoft.com/en-us/library/security/MS17-010
https://technet.microsoft.com/en-us/library/security/MS17-011
https://technet.microsoft.com/en-us/library/security/MS17-012
https://technet.microsoft.com/en-us/library/security/MS17-013
https://technet.microsoft.com/en-us/library/security/MS17-014
https://technet.microsoft.com/en-us/library/security/MS17-015
https://technet.microsoft.com/en-us/library/security/MS17-016
https://technet.microsoft.com/en-us/library/security/MS17-017
https://technet.microsoft.com/en-us/library/security/MS17-018
https://technet.microsoft.com/en-us/library/security/MS17-019
https://technet.microsoft.com/en-us/library/security/MS17-020
https://technet.microsoft.com/en-us/library/security/MS17-021
https://technet.microsoft.com/en-us/library/security/MS17-022
https://technet.microsoft.com/en-us/library/security/MS17-023

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: