Happy New Year! In the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch months ever. Patches were released for Microsoft Office, the Edge browser and LSASS. It’s an unusually small patch update and will definitely make system administrators happy. It is worth noting that starting next month Microsoft will scrap the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database, and instead of having to browse through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates.
In today’s update, top on the priority list for Windows Server 2008 administrators is the LSASS or Local Security Authority Subsystem Service bulletin MS17- 004 which is a denial-of-service condition which could allow unauthenticated attackers to trigger an automatic reboot. To exploit the vulnerability an unauthenticated attacker could send a specially crafted authentication request which would lead in the reboot condition. This vulnerability, CVE-2017-0004, was publicly disclosed before the availability of the patch, and a PoC exploit could become available soon. Windows 7 and Vista are also affected.
Top on the priority list for workstations is the critical Office bulletin MS17-002 which applies to Word 2016 and SharePoint 2016. An attacker could send a malicious file as an attachment and could take complete control of the system if the file is opened with the affected software.
Microsoft Edge bulletin MS17-001 affects Windows 10 and Windows Server 2016. It allows an attacker to access information from one domain and inject it into another domain resulting into getting elevated privileges. This vulnerability i.e. CVE-2017-0002 was publically disclosed before the availability of the patch.
Overall, it’s a very light patch update for administrators with one unauthenticated DoS for Server 2008 and one critical Word 2016 remote code execution vulnerability for workstations.