Happy New Year to our readers! Today marks the first Patch Tuesday of 2017 with Microsoft releasing their monthly set of bulletins designed to address security vulnerabilities. This month’s release is relatively light with 4 bulletins addressing 3 vulnerabilities. Two bulletins are rated critical and address vulnerabilities in Office and Adobe Flash Player while the other two are rated important and address vulnerabilities Edge and the Local Security Authority Subsystem Service.
Bulletins Rated Critical
Microsoft bulletins MS17-002 and MS17-003 are rated critical.
MS17-002 addresses CVE-2017-0003, an arbitrary code execution vulnerability in Microsoft Office 2016. Specifically, Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016 are affected. This vulnerability manifests in the way Office handles objects in memory. Exploitation of this flaw is achievable if, for example, a user opens a specifically crafted Word document received via email or downloaded from a site hosting a specifically crafted document.