Microsoft Security Bulletin Summary for March 2017

Published: March 14, 2017 | Updated: August 8, 2017

Version: 4.0

On this page

Executive Summaries
Exploitability Index
Affected Software
Detection and Deployment Tools and Guidance
Acknowledgments
Other Information

This bulletin summary lists security bulletins released for March 2017.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

Executive Summaries

The following table summarizes the security bulletins for this month in order of severity.

For details on affected software, see the next section, Affected Software.

Bulletin ID	Bulletin Title and Executive Summary	Maximum Severity Rating and Vulnerability Impact	Restart Requirement	Known Issues	Affected Software
MS17-006	Cumulative Security Update for Internet Explorer (4013073) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows, Microsoft Internet Explorer
MS17-007	Cumulative Security Update for Microsoft Edge (4013071) This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows, Microsoft Edge
MS17-008	Security Update for Windows Hyper-V (4013082) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-009	Security Update for Microsoft Windows PDF Library (4010319) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-010	Security Update for Microsoft Windows SMB Server (4013389) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-011	Security Update for Microsoft Uniscribe (4013076) This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-012	Security Update for Microsoft Windows (4013078) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-013	Security Update for Microsoft Graphics Component (4013075) This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight
MS17-014	Security Update for Microsoft Office (4013241) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.	Important Remote Code Execution	May require restart	---------	Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft Communications Platforms and Software
MS17-015	Security Update for Microsoft Exchange Server (4013242) This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.	Important Remote Code Execution	Requires restart	---------	Microsoft Exchange
MS17-016	Security Update for Windows IIS (4013074) This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.	Important Remote Code Execution	Requires restart	---------	Microsoft Windows
MS17-017	Security Update for Windows Kernel (4013081) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.	Important Elevation of Privilege	Requires restart	---------	Microsoft Windows
MS17-018	Security Update for Windows Kernel-Mode Drivers (4013083) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.	Important Elevation of Privilege	Requires restart	---------	Microsoft Windows
MS17-019	Security Update for Active Directory Federation Services (4010320) This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.	Important Information Disclosure	Requires restart	---------	Microsoft Windows
MS17-020	Security Update for Windows DVD Maker (3208223) This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.	Important Information Disclosure	Requires restart	---------	Microsoft Windows
MS17-021	Security Update for Windows DirectShow (4010318) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.	Important Information Disclosure	Requires restart	---------	Microsoft Windows
MS17-022	Security Update for Microsoft XML Core Services (4010321) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.	Important Information Disclosure	Requires restart	---------	Microsoft Windows
MS17-023	Security Update for Adobe Flash Player (4014329) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.	Critical Remote Code Execution	Requires restart	---------	Microsoft Windows, Adobe Flash Player

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

How do I use this table?

Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you may need to install. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected Software" and "Non-Affected Software" tables in the bulletin.

CVE ID	Vulnerability Title	Exploitability Assessment for Latest Software Release	Exploitability Assessment for Older Software Release	Denial of Service Exploitability Assessment
MS17-006: Cumulative Security Update for Internet Explorer (4013073)
CVE-2017-0008	Internet Explorer Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0009	Microsoft Browser Information Disclosure Vulnerability	1 - Exploitation More Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0012	Microsoft Browser Spoofing Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0018	Internet Explorer Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0033	Microsoft Browser Spoofing Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0037	Microsoft Browser Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0040	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0049	Scripting Engine Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0059	Internet Explorer Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0130	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0149	Internet Explorer Memory Corruption Vulnerability	0 - Exploitation Detected	0 - Exploitation Detected	Not applicable
CVE-2017-0154	Internet Explorer Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
MS17-007: Cumulative Security Update for Microsoft Edge (4013071)
CVE-2017-0009	Microsoft Browser Information Disclosure Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0010	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0011	Microsoft Edge Information Disclosure Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0012	Microsoft Browser Spoofing Vulnerability	3 - Exploitation Unlikely	4 - Not affected	Not applicable
CVE-2017-0015	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0017	Microsoft Edge Information Disclosure Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0023	Microsoft PDF Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0032	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0033	Microsoft Browser Spoofing Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0034	Microsoft Edge Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0035	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0037	Microsoft Browser Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0065	Microsoft Browser Information Disclosure Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0066	Microsoft Edge Security Feature Bypass Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0067	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0068	Microsoft Edge Information Disclosure Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0069	Microsoft Edge Spoofing Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0070	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0071	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0094	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0131	Scripting Engine Memory Corruption Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0132	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0133	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0134	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0135	Microsoft Edge Security Feature Bypass	3 - Exploitation Unlikely	4 - Not affected	Not applicable
CVE-2017-0136	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0137	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0138	Scripting Engine Memory Corruption Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0140	Microsoft Edge Security Feature Bypass	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0141	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0150	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0151	Scripting Engine Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
MS17-008: Security Update for Windows Hyper-V (4013082)
CVE-2017-0021	Hyper-V vSMB Remote Code Execution Vulnerability	2 - Exploitation Less Likely	4 - Not affected	Not applicable
CVE-2017-0051	Microsoft Hyper-V Network Switch Denial of Service Vulnerability	3 - Exploitation Unlikely	4 - Not affected	Not applicable
CVE-2017-0074	Hyper-V Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Permanent
CVE-2017-0075	Hyper-V Remote Code Execution Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0076	Hyper-V Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0095	Hyper-V vSMB Remote Code Execution Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0096	Hyper-V Information Disclosure Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0097	Hyper-V Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Permanent
CVE-2017-0098	Hyper-V Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0099	Hyper-V Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Permanent
CVE-2017-0109	Hyper-V Remote Code Execution Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
MS17-009: Security Update for Microsoft Windows PDF Library (4010319)
CVE-2017-0023	Microsoft PDF Memory Corruption Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
MS17-010: Security Update for Microsoft Windows SMB Server (4013389)
CVE-2017-0143	Windows SMB Remote Code Execution Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0144	Windows SMB Remote Code Execution Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0145	Windows SMB Remote Code Execution Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0146	Windows SMB Remote Code Execution Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0147	Windows SMB Information Disclosure Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0148	Windows SMB Remote Code Execution Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
MS17-011: Security Update for Microsoft Uniscribe (4013076)
CVE-2017-0072	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0083	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0084	Uniscribe Remote Code Execution Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0085	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0086	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0087	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0088	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0089	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0090	Uniscribe Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0091	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0092	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0111	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0112	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0113	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0114	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0115	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0116	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0117	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0118	Uniscribe Information Disclosure Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0119	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0120	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0121	Uniscribe Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0122	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0123	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0124	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0125	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0126	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0127	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0128	Uniscribe Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
MS17-012: Security Update for Microsoft Windows (4013078)
CVE-2017-0007	Device Guard Security Feature Bypass Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0016	SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0039	Windows DLL Loading Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0057	Windows DNS Query Information Disclosure Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0100	Windows HelpPane Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0104	iSNS Server Memory Corruption Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
MS17-013: Security Update for Microsoft Graphics Component (4013075)
CVE-2017-0001	Windows GDI Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0005	Windows GDI Elevation of Privilege Vulnerability	1 - Exploitation More Likely	0 – Exploitation Detected	Not applicable
CVE-2017-0014	GDI+ Remote Code Execution Vulnerability	2 - Exploitation Less Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0025	Windows GDI Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0038	Windows Graphics Component Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0047	Windows GDI Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0060	GDI+ Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0061	Microsoft Color Management Information Disclosure Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
CVE-2017-0062	GDI+ Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0063	Microsoft Color Management Information Disclosure Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0073	Windows GDI+ Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0108	Windows Graphics Component Remote Code Execution Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
MS17-014: Security Update for Microsoft Office (4013241)
CVE-2017-0006	Microsoft Office Memory Corruption Vulnerability	4 - Not affected	1 - Exploitation More Likely	Not applicable
CVE-2017-0019	Microsoft Office Memory Corruption Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0020	Microsoft Office Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0027	Microsoft Office Information Disclosure Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0029	Microsoft Office Denial of Service Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
CVE-2017-0030	Microsoft Office Memory Corruption Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0031	Microsoft Office Memory Corruption Vulnerability	4 - Not affected	1 - Exploitation More Likely	Not applicable
CVE-2017-0052	Microsoft Office Memory Corruption Vulnerability	4 - Not affected	1 - Exploitation More Likely	Not applicable
CVE-2017-0053	Microsoft Office Memory Corruption Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0105	Microsoft Office Information Disclosure Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0107	Microsoft SharePoint XSS Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
CVE-2017-0129	Microsoft Lync for Mac Certificate Validation Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
MS17-015: Security Update for Microsoft Exchange Server (4013242)
CVE-2017-0110	Microsoft Exchange Server Elevation of Privilege Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Not applicable
MS17-016: Security Update for Windows IIS (4013074)
CVE-2017-0055	Microsoft IIS Server XSS Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
MS17-017: Security Update for Windows Kernel (4013081)
CVE-2017-0050	Windows Kernel Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0101	Windows Elevation of Privilege Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Permanent
CVE-2017-0102	Windows Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0103	Windows Registry Elevation of Privilege Vulnerability	4 - Not affected	2 - Exploitation Less Likely	Not applicable
MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)
CVE-2017-0024	Win32k Elevation of Privilege Vulnerability	1 - Exploitation More Likely	4 - Not affected	Not applicable
CVE-2017-0026	Win32k Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0056	Win32k Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0078	Win32k Elevation of Privilege Vulnerability	1 - Exploitation More Likely	1 - Exploitation More Likely	Not applicable
CVE-2017-0079	Win32k Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0080	Win32k Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Permanent
CVE-2017-0081	Win32k Elevation of Privilege Vulnerability	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
CVE-2017-0082	Win32k Elevation of Privilege Vulnerability	4 - Not affected	1 - Exploitation More Likely	Not applicable
MS17-019: Security Update for Active Directory Federation Services (4010320)
CVE-2017-0043	Microsoft Active Directory Federation Services Information Disclosure Vulnerability	3 - Exploitation Unlikely	3 - Exploitation Unlikely	Temporary
MS17-020: Security Update for Windows DVD Maker (3208223)
CVE-2017-0045	Windows DVD Maker Cross-Site Request Forgery Vulnerability	4 - Not affected	3 - Exploitation Unlikely	Not applicable
MS17-021: Security Update for Windows DirectShow (4010318)
CVE-2017-0042	Windows DirectShow Information Disclosure Vulnerabitliy	2 - Exploitation Less Likely	2 - Exploitation Less Likely	Not applicable
MS17-022: Security Update for Microsoft XML Core Services (4010321)
CVE-2017-0022	Microsoft XML Core Services Information Disclosure Vulnerability	0 - Exploitation Detected	0 - Exploitation Detected	Not applicable
MS17-023: Security Update for Adobe Flash Player (4014329)
APSB17-07	See Adobe Security Bulletin APSB17-07 for vulnerability severity and update priority ratings	---------	---------	Not applicable

Affected Software

The following tables list the bulletins in order of major software category and severity.

Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the severity rating of the software update is also listed.

Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.