Security Alert (A17-03-03): Multiple Vulnerabilities in Microsoft Products (March 2017)
15 March 2017
Last update on:
13 May 2017
Microsoft has released 18 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS17-006 Cumulative Security Update for Internet Explorer MS17-007 Cumulative Security Update for Microsoft Edge MS17-008 Security Update for Windows Hyper-V MS17-009 Security Update for Microsoft Windows PDF Library MS17-010 Security Update for Microsoft Windows SMB Server MS17-011 Security Update for Microsoft Uniscribe MS17-012 Security Update for Microsoft Windows MS17-013 Security Update for Microsoft Graphics Component MS17-014 Security Update for Microsoft Office MS17-015 Security Update for Microsoft Exchange Server MS17-016 Security Update for Windows IIS MS17-017 Security Update for Windows Kernel MS17-018 Security Update for Windows Kernel-Mode Drivers MS17-019 Security Update for Active Directory Federation Services MS17-020 Security Update for Windows DVD Maker MS17-021 Security Update for Windows DirectShow MS17-022 Security Update for Microsoft XML Core Services MS17-023 Security Update for Adobe Flash Player
There are reports of worldwide ransomware attack named "WannaCry" or "WanaCrypt0r 2.0", which exploits the Microsoft Windows Server Message Block (SMB) vulnerability (MS17-010)
Microsoft Internet Explorer 9, 10, 11
Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Office 2007, 2010, 2013, 2013RT, 2016, 2011 for Mac, 2016 for Mac
Microsoft Office Compatibility Pack 3, Word Viewer
Microsoft Office Web Apps 2010, 2013
Microsoft SharePoint Server 2007, 2010, 2013
Microsoft SharePoint Foundation 2013
Microsoft Lync 2010, 2013, 2011 for Mac
Microsoft Live Meeting 2007
Microsoft Silverlight 5
Microsoft Exchange Server 2013, 2016
Skype for Business 2016
A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at: https://technet.microsoft.com/library/security/ms17-mar
Depending on the vulnerability exploited, a successful attack could lead to denial of service, elevation of privilege, information disclosure, remote code execution, security restriction bypass, or spoofing.
Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Microsoft Update http://update.microsoft.com/microsoftupdate
If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected Software" section of the corresponding Microsoft Security Advisory and Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.
Microsoft provides a security update to all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Users and administrators are advised to take following immediate actions to prevent and defend against the potential attack against the SMB vulnerability:
- Apply the latest security patches on all Windows-based systems; - Block the SMB ports (TCP ports 139 and 445) from Internet access. SMB protocol should be used for file/printer sharing in the internal network only; - Keep the anti-malware software and signatures up-to-date on all computer systems; and - Stay vigilant of the suspicious emails and websites and avoiding clicking unknown attachments and links.