Qualys Blog

www.qualys.com
1 post

Massive Microsoft Patch Tuesday Security Update for March

Today Microsoft released a massive Patch Tuesday security update consisting of 17 security bulletins that fixed a total of 134 vulnerabilities.  Out of the 17 security bulletins 8 were marked as Critical which could lead to remote code execution while the remaining were marked as Important. Since there were no patches released for February, in one way, a massive update was expected this month. We also liked the fact that Microsoft kept the older way of clubbing KB articles and patches in security bulletins which, in our opinion, is easy to read and provides better overall picture. But the Microsoft blog here, allude that sometime in the future Microsoft will stop publishing security bulletins.

The highest priority overall goes to the Windows GDI bulletin MS17-013 which could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. This gets highest priority as CVE-2017-0005 is a zero day issue which is currently being exploited actively in the wild. This issue could be incorporated soon by ExploitKits using Silverlight as the attack vector as we have seen that happen in the past.

Continue reading …