MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 2.1
Revision Note: V2.1 (April 14, 2017):
Summary: This bulletin summary lists security bulletins released for March 2017
Severity Rating: Critical
Revision Note: V2.0 (April 11, 2017): Bulletin revised to announce the release of a new Internet Explorer cumulative update (4014661) for CVE-2016-0162. The update adds to the original release to comprehensively address CVE-2016-0162. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4014661 for more information.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Severity Rating: Important
Revision Note: V2.0 (April 11, 2017): Bulletin revised to announce that the security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft Windows do not need to take any further action.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an Information Disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.
New Tusayan Malware Targets WordPress, Joomla and Magento
Attention WordPress, Joomla and Magento content management system users. There’s a new dual threat malware that not only steals administrative privileges, but also takes computer files and makes them public. Identified by SiteLock and named Tusayan, the malware is currently active in the wild. How does it work? An attack begins by inserting an IndoXploit Shell file […]Two Car Hacks – Daily Security Byte
The week has barely begun and there are already two car-related hacks in the news. First, a group of Chinese security researchers found a cheaper way hack a car key’s wireless communications. While these electronic theft techniques existed before, this research lowers the bar for digital car criminals. Next, a group of Israeli researchers found vulnerabilities […]
Read More - Two Car Hacks – Daily Security ByteLinksys Router 0day – Daily Security Byte
Researchers from IOActive found a number of security vulnerabilities in popular models of Linksys consumer and small business routers. Some of the vulnerabilities allow attackers to launch a denial of service (DoS) attack, and others allow attackers to gain access to sensitive data. However, the worst flaw could allow attackers to gain complete control of […]
Read More - Linksys Router 0day – Daily Security Byte