Patch Tuesday
Patch Tuesday

Microsoft followed up its out of band patch announcement on May 8 for its Microsoft Malware Protection Engine with its usual Patch Tuesday offering, which this month contained 57 vulnerabilities, including zero-day issues.

Topping the list is CVE-2017-0261, a remote code execution vulnerability currently active in the wild found in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file, Microsoft reported. Any attacker successfully exploiting this issue could take control of the system.

The problem affects the 32- and 64-bit versions of Office 2010, 2013 and 2016. The company has not identified any mitigating factors or workarounds at this time.

 “As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority,” said Amol Sarwate, director of vulnerability labs at Qualys.

Other problems covered by Microsoft, using its new security advisory system, correct a failure of Windows Update Client to receive updates issued under security advisory 4022345.

“The Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services,” Microsoft reported.

Microsoft also updated Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and then display an invalid certificate warning.

Sarwate said other important updates include three critical SMB remote code execution vulnerabilities (CVE-2017-0277, CVE-2017-0278, CVE-2017-0279) that affect the Windows server machines as well as desktop clients.

“An attacker who successfully exploits the vulnerability could gain the ability to execute code on the target. To exploit the vulnerability, in most situations an unauthenticated attacker would send a specially crafted packet to the SMBv1 server,” he said.

Advisory 4021279 covers problems with Vulnerabilities in .NET Core, ASP.NET core that could allow elevation of privilege.