The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Windows: vulnerabilities of March 2017

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Microsoft products.
Impacted software: IIS, Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity of this computer vulnerability: 4/4.
Number of vulnerabilities in this bulletin: 82.
Creation date: 14/03/2017.
Revision date: 22/03/2017.
Références of this announce: 1019, 1021, 1022, 1023, 1025, 1027, 1028, 1029, 1030, 1031, 1042, 1052, 1053, 1054, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, 993, CERTFR-2017-AVI-082, CERTFR-2017-AVI-154, CVE-2017-0001, CVE-2017-0005, CVE-2017-0007, CVE-2017-0008, CVE-2017-0014, CVE-2017-0016, CVE-2017-0021, CVE-2017-0022, CVE-2017-0023, CVE-2017-0024, CVE-2017-0025, CVE-2017-0026, CVE-2017-0039, CVE-2017-0042, CVE-2017-0043, CVE-2017-0045, CVE-2017-0047, CVE-2017-0050, CVE-2017-0051, CVE-2017-0055, CVE-2017-0056, CVE-2017-0057, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0072, CVE-2017-0073, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0100, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103, CVE-2017-0104, CVE-2017-0108, CVE-2017-0109, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128, CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-22132, ZDI-17-168.

Description of the vulnerability 

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as IIS, Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.

Our Vigil@nce team determined that the severity of this computer weakness alert is critical.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 82 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer vulnerability.

Solutions for this threat 

Windows: patch.
A patch is indicated in information sources.

Windows XP, 2003, 8 RTM: patch for ETERNALBLUE.
A patch is available:
Windows Server 2003 SP2 x64
  http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=d3cb7407-3339-452e-8371-79b9c301132e
Windows Server 2003 SP2 x86
  http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=350ec04d-a0ba-4a50-9be3-f900dafeddf9
  
Windows XP SP2 x64
  http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=5fbaa61b-15ce-49c7-9361-cb5494f9d6aa
  
Windows XP SP3 x86
  http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7388c05d-9de6-4c6a-8b21-219df407754f
  
Windows XP Embedded SP3 x86
  http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-embedded-custom-enu_8f2c266f83a7e1b100ddb9acd4a6a3ab5ecd4059.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=a1db143d-6ad2-4e7e-9e90-2a73316e1add
  
Windows 8 x86
  http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x86_a0f1c953a24dd042acc540c59b339f55fb18f594.msu
  http://www.microsoft.com/downloads/details.aspx?FamilyId=6e2de6b7-9e43-4b42-aca2-267f24210340
Windows 8 x64
  http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu
  http://www.microsoft.com/downloads/details.aspx?FamilyId=b08bb3f1-f156-4e61-8a68-077963bae8c0
Note: the patch for supported Windows versions is indicated in VIGILANCE-SOL-51471.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.