Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2017-03-14

MS17-006
Title Cumulative Security Update for Internet Explorer
Replaces MS16-126, MS16-144, KB3193515, KB3203621, KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Internet Explorer
KB KB4013073
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Critical
CVE Exploitability
2017-0008 2
2017-0009 1
2017-0012 3
2017-0018 1
2017-0033 1
2017-0037 1
2017-0040 1
2017-0049 2
2017-0059 2
2017-0130 1
2017-0149 0
2017-0154 1
MS17-007
Title Cumulative Security Update for Microsoft Edge
Replaces KB3210720, KB3210721, KB3213986
Affected Edge
KB KB4013071
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2017-0009 1
2017-0010 1
2017-0011 2
2017-0012 3
2017-0015 1
2017-0017 2
2017-0023 1
2017-0032 1
2017-0034 1
2017-0035 1
2017-0037 1
2017-0065 2
2017-0066 2
2017-0067 1
2017-0068 2
2017-0069 2
2017-0070 1
2017-0071 1
2017-0094 1
2017-0131 2
2017-0132 1
2017-0133 1
2017-0134 1
2017-0135 3
2017-0136 1
2017-0137 1
2017-0138 2
2017-0140 2
2017-0141 1
2017-0150 1
2017-0151 1
MS17-008
Title Security Update for Windows Hyper-V
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Hyper-V
KB KB4013082
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Important
ISC Server Rating Critical
CVE Exploitability
2017-0021 2
2017-0051 3
2017-0074 3
2017-0075 2
2017-0076 3
2017-0095 2
2017-0096 3
2017-0097 3
2017-0098 3
2017-0109 3
MS17-009
Title Security Update for Microsoft Windows PDF
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3213986
Affected Microsoft PDF Library
KB KB4010319
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2017-0023 2
MS17-010
Title Security Update for Microsoft Windows SMB
Replaces MS16-114, KB3177186, KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Microsoft Windows SMB
KB KB4013389
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Important
ISC Server Rating Critical
CVE Exploitability
2017-0143 1
2017-0144 1
2017-0145 1
2017-0146 1
2017-0147 1
2017-0148 1
MS17-011
Title Security Update for Microsoft Uniscribe
Replaces MS16-147, KB3196348, KB3205401, KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Microsoft Uniscribe
KB KB4013076
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2017-0072 2
2017-0083 3
2017-0084 3
2017-0085 3
2017-0086 2
2017-0087 2
2017-0088 2
2017-0089 2
2017-0090 2
2017-0091 3
2017-0092 3
2017-0111 3
2017-0112 3
2017-0113 3
2017-0114 3
2017-0115 3
2017-0116 3
2017-0117 3
2017-0118 3
2017-0119 3
2017-0120 3
2017-0121 2
2017-0122 3
2017-0123 3
2017-0124 3
2017-0125 3
2017-0126 3
2017-0127 3
2017-0128 3
MS17-012
Title Security Update for Microsoft Windows
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Windows
KB KB4013078
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2017-0007 2
2017-0016 1
2017-0039 2
2017-0039 3
2017-0057 3
2017-0100 2
2017-0104 3
MS17-013
Title Security Update for microsoft Graphics Component
Replaces MS16-097, MS16-104, MS16-120, MS16-146, MS16-146, MS16-148, MS16-151, KB3115109, KB3115131, KB3118327, KB3118348, KB3118394, KB3127995, KB3185319, KB3188397, KB3188399, KB3188400, KB3189647, KB3193713, KB3204723, KB3204724, KB3205400, KB3205408, KB3210720, KB3210721, KB3212646, KB3213986
Affected Graphics Library (Windows, Office, Skype, Lync, Silverlight)
KB KB4013075
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2017-0001 2
2017-0005 0
2017-0014 1
2017-0025 1
2017-0038 2
2017-0047 1
2017-0060 2
2017-0061 3
2017-0062 2
2017-0063 3
2017-0073 2
2017-0108 2
MS17-014
Title Security Update for Microsoft Office
Replaces MS16-015, MS16-133, MS16-148, MS16-148, MS16-148, MS16-148, KB3127932, KB3128008, KB3128016, KB3128019, KB3128019, KB3128022, KB3128023, KB3128024, KB3128025, KB3128025, KB3128032, KB3128032, KB3128037, KB3128037, KB3141542, KB3141542, KB3198808
Affected Office
KB KB4013241
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2017-0006 1
2017-0019 1
2017-0020 1
2017-0027 2
2017-0029 3
2017-0030 2
2017-0031 1
2017-0052 1
2017-0053 1
2017-0105 2
2017-0107 2
2017-0129 3
MS17-015
Title Security Update for Microsoft Exchange Server
Replaces MS16-108, KB3184736
Affected Outlook Web Access
KB KB4013242
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating Important
CVE Exploitability
2017-0110 3
MS17-016
Title Security Update for Windows IIS
Replaces MS10-040, KB982666, KB3205401, KB3205409, KB3205409, KB3210720, KB3210721, KB3212646, KB3212646, KB3213986
Affected Internet Information Server
KB KB4013074
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating Important
CVE Exploitability
2017-0055 2
MS17-017
Title
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Windows Kernel
KB KB4013081
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2017-0050 1
2017-0101 2
2017-0102 2
2017-0103 2
MS17-018
Title Security Update for Windows Kernel-Mode Drivers
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Kernel Mode Drivers
KB KB4013083
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2017-0024 1
2017-0026 1
2017-0056 2
2017-0078 1
2017-0079 2
2017-0080 2
2017-0081 2
MS17-019
Title Security Update for Active Directory Federation Services
Replaces KB3122646
Affected Active Directory Federation Services (ADFS)
KB KB4010320
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating Important
CVE Exploitability
2017-0043 3
MS17-020
Title Security Update for Windows DVD Maker
Replaces KB321646
Affected Windows DVD Maker
KB KB3208223
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2017-0045 3
MS17-021
Title Security Update for Windows DirectShow
Replaces KB3205401, KB3205409, KB3210720, KB3210721, KB3212646, KB3213986
Affected Windows DirectShow
KB KB4010318
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2017-0022 1
MS17-022
Title Security Update for Microsoft XML Core Services
Replaces MS16-040, MS16-040, KB3146963, KB3146963, KB3205401, KB3205401, KB3205409, KB3205409, KB3210720, KB3210721, KB3212646, KB3212646, KB3213986, KB3213986
Affected XML Core Services
KB KB4010321
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2017-0022 1
MS17-023
Title Security Update for Adobe Flash Player
Replaces
Affected Adobe Flash Player (and Internet Explorer, Edge)
KB KB4014329
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.