PATCH TUESDAY May 9, 2017

15 Microsoft There’s no fix today for Microsoft’s new “crazy bad” 13 10 2 11 vulnerability in the Malware Protection Engine. Stay Bulletins Critical Important User Targeted New Bulletins tuned and stay vigilant—while you tackle what May Adobe Patch Tuesday does have to offer. Top of mind should 12 1 1 0 1 be the updates that patch exploited vulnerabilities as Bulletin Critical Important User Targeted well as the Flash Player update. And in this second User Targeted month since Microsoft nixed security bulletins, you’ll PDF-Xchange 10 1 0 0 0 see we’re making tweaks to our approach to keep Bulletin Critical Important User Targeted updates organized and easy to reference.

Zero Day

Privilege Management CVE Vendor Shavlik Threat User Mitigates Bulletins Count Impact Severity Priority Risk Notes Targeted Impact

MS17-05-AFP Remote Code Microsoft Critical Adobe Flash Player 7 Execution 1 for IE

MS17-05-IE Remote Code Exploited: Critical Internet Explorer 12 Execution 1 CVE-2017-0222 Publicly Disclosed: CVE-2017-0064

MS17-05-OFF Remote Code Exploited: Critical Office 8 Execution 1 CVE-2017-0261

MS17-05-W10 Remote Code Exploited: Critical Windows 10, Server 44 Execution 1 CVE-2017-0222, 2016 Edge, IE CVE-2017-0263 Publicly Disclosed: CVE-2017-0064, CVE-2017-0229, CVE-2017-0241

MS17-05-2K8 Remote Code Exploited: Critical Server 2008 27 Execution 1 CVE-2017-0263

MS17-05-SO7 Remote Code Exploited: Critical Windows 7, Server 27 Execution 1 CVE-2017-0263 2008 R2

MS17-05-SO8 Remote Code Exploited: Critical Server 2012 24 Execution CVE-2017-0263

MS17-05-SO81 Remote Code Exploited: Critical Windows 8.1, Server 23 Execution 1 CVE-2017-0263 2012 R2

MS17-05-MR7 Remote Code Exploited: Critical CVE-2017-0222, Windows 7, Server 39 Execution 1 2008 R2, Internet CVE-2017-0263 Explorer Publicly Disclosed: CVE-2017-0064

MS17-05-MR8 Remote Code Exploited: Critical CVE-2017-0222, Server 2012, Internet 36 Execution 1 Explorer CVE-2017-0263 Publicly Disclosed: CVE-2017-0065

MS17-05-MR81 Remote Code Exploited: Critical CVE-2017-0222, Windows 8.1, Server 35 Execution 1 2012 R2, Internet CVE-2017-0263 Explorer Publicly Disclosed: CVE-2017-0066

MS17-05-SONET Security Important .Net Framework 1 Feature 2 Bypass

MS17-05-MRNET Security Important .Net Framework 1 Feature 2 Bypass

APSB17-15 Remote Code Adobe Critical Adobe Flash Player 7 Execution 1

PDF-Xchange PDFX-008 PDF-Xchange Low 3

For additional analysis & insight visit: www.ivanti.com/patch-tuesday