ID MS:CVE-2017-0003 Type mscve Reporter Microsoft Modified 2017-01-10T08:00:00
Description
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
Note that the Preview Pane is not an attack vector for this vulnerability.
The security update addresses the vulnerability by correcting how Office handles objects in memory.
{"id": "MS:CVE-2017-0003", "bulletinFamily": "microsoft", "title": "Microsoft Office Memory Corruption Vulnerability", "description": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\n\nNote that the Preview Pane is not an attack vector for this vulnerability.\n\nThe security update addresses the vulnerability by correcting how Office handles objects in memory.\n", "published": "2017-01-10T08:00:00", "modified": "2017-01-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0003", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2017-0003"], "type": "mscve", "lastseen": "2020-08-07T11:45:27", "edition": 2, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-0003"]}, {"type": "symantec", "idList": ["SMNTC-95287"]}, {"type": "kaspersky", "idList": ["KLA10939"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809776", "OPENVAS:1361412562310809777"]}, {"type": "nessus", "idList": ["SMB_NT_MS17-002.NASL"]}, {"type": "mskb", "idList": ["KB3214291"]}, {"type": "threatpost", "idList": ["THREATPOST:04FAA050D643AD8D61D8063D5232A682"]}, {"type": "thn", "idList": ["THN:D0463537F0A6A260170D27CB12689824"]}], "modified": "2020-08-07T11:45:27", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2020-08-07T11:45:27", "rev": 2}, "vulnersScore": 7.3}, "kbList": ["KB3141486", "KB3128057", "KBNone", "KB3118331"], "msrc": "", "mscve": "CVE-2017-0003", "msAffectedSoftware": [{"kb": "KB3128057", "kbSupersedence": "KB3118331", "msplatform": "", "name": "Microsoft Word 2016 (64-bit edition)"}, {"kb": "KB3141486", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft SharePoint Enterprise Server 2016"}, {"kb": "KB3128057", "kbSupersedence": "KB3118331", "msplatform": "", "name": "Microsoft Word 2016 (32-bit edition)"}], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T13:07:29", "description": "Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-10T21:59:00", "title": "CVE-2017-0003", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0003"], "modified": "2018-10-12T22:15:00", "cpe": ["cpe:/a:microsoft:sharepoint_enterprise_server:2016", "cpe:/a:microsoft:word:2016"], "id": "CVE-2017-0003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0003", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-13T06:16:48", "bulletinFamily": "software", "cvelist": ["CVE-2017-0003"], "description": "### Description\n\nMicrosoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft SharePoint Enterprise Server 2016 \n * Microsoft Word 2016 (32-bit edition) \n * Microsoft Word 2016 (64-bit edition) \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-01-10T00:00:00", "published": "2017-01-10T00:00:00", "id": "SMNTC-95287", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/95287", "type": "symantec", "title": "Microsoft Office CVE-2017-0003 Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:55:57", "bulletinFamily": "info", "cvelist": ["CVE-2017-0003"], "description": "### *Detect date*:\n01/10/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMemory corruption vulnerability was found in Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document.\n\n### *Affected products*:\nMicrosoft Word 2016 \nMicrosoft SharePoint Enterprise Server 2016\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-002](<https://technet.microsoft.com/en-us/library/security/ms17-002.aspx>) \n[CVE-2017-0003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0003>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Word](<https://threats.kaspersky.com/en/product/Microsoft-Word/>)\n\n### *CVE-IDS*:\n[CVE-2017-0003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0003>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3128057](<http://support.microsoft.com/kb/3128057>) \n[3141486](<http://support.microsoft.com/kb/3141486>)", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2017-01-10T00:00:00", "id": "KLA10939", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10939", "title": "\r KLA10939Arbitrary code execution vulnerability in Microsoft Office Word 2016 and Microsoft SharePoint Enterprise Server 2016 ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:20:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0003"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS17-002", "modified": "2020-06-04T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310809776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809776", "type": "openvas", "title": "Microsoft Office Word Remote Code Execution Vulnerability (3214291)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Remote Code Execution Vulnerability (3214291)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809776\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0003\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:33:11 +0530 (Wed, 11 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Word Remote Code Execution Vulnerability (3214291)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS17-002\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists when the Office software\n fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to run arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2016 Service Pack 1 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3128057\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms17-002.aspx\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n##word 2016 only is affected\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer =~ \"^(16\\.)\")\n{\n if(version_is_less(version:exeVer, test_version:\"16.0.4483.1000\"))\n {\n report = 'File checked: ' + exePath + \"winword.exe\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + \"16.0 - 16.0.4483.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:23:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0003"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS17-002", "modified": "2020-06-04T00:00:00", "published": "2017-01-11T00:00:00", "id": "OPENVAS:1361412562310809777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809777", "type": "openvas", "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability (3214291)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Server Remote Code Execution Vulnerability (3214291)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:sharepoint_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809777\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0003\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 08:53:36 +0530 (Wed, 11 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft SharePoint Server Remote Code Execution Vulnerability (3214291)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS17-002\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists as Office software fails to\n properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to run arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Enterprise Server 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3141486\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms17-002.aspx\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nshareVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\n## SharePoint Server 2016\nif(shareVer =~ \"^16\\..*\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\n if(path)\n {\n path = path + \"\\microsoft shared\\Web Server Extensions\\16\\BIN\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"Onetutil.dll\");\n\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"16.0\", test_version2:\"16.0.4483.0999\"))\n {\n report = 'File checked: ' + path + \"\\Onetutil.dll\"+ '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + \"16.0 - 16.0.4483.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:55", "description": "The version of Microsoft Word or Microsoft SharePoint Server installed\non the remote Windows host is missing a security update. It is,\ntherefore, affected by a memory corruption issue due to improper\nhandling of objects in memory. An unauthenticated, remote attacker can\nexploit this, by convincing a user to visit a specially crafted\nwebsite or open a specially crafted Office file, to execute arbitrary\ncode in the context of the current user.", "edition": 31, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-10T00:00:00", "title": "MS17-002: Security Update for Microsoft Office (3214291)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0003"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:word", "cpe:/a:microsoft:office"], "id": "SMB_NT_MS17-002.NASL", "href": "https://www.tenable.com/plugins/nessus/96391", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96391);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-0003\");\n script_xref(name:\"MSFT\", value:\"MS17-002\");\n script_xref(name:\"MSKB\", value:\"3128057\");\n script_xref(name:\"MSKB\", value:\"3141486\");\n script_xref(name:\"IAVA\", value:\"2017-A-0009\");\n\n script_name(english:\"MS17-002: Security Update for Microsoft Office (3214291)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a remote\ncode execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Word or Microsoft SharePoint Server installed\non the remote Windows host is missing a security update. It is,\ntherefore, affected by a memory corruption issue due to improper\nhandling of objects in memory. An unauthenticated, remote attacker can\nexploit this, by convincing a user to visit a specially crafted\nwebsite or open a specially crafted Office file, to execute arbitrary\ncode in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Word 2016 and\nSharePoint Server 2016\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var bulletin, vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-002';\nkbs = make_list(\n '3128057', # Word 2016\n '3141486' # SharePoint Server 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nregistry_init();\n\nvuln = FALSE;\n\n######################################################################\n# Word 2016\n######################################################################\nfunction perform_word_checks()\n{\n local_var word_checks;\n\n word_checks = make_array(\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4483.1000\", \"channel\", \"MSI\", \"kb\", \"3128057\"),\n make_array(\"sp\", 0, \"version\", \"16.0.6741.2105\", \"channel\", \"Deferred\", \"channel_version\", \"1602\", \"kb\", \"3128057\"),\n make_array(\"sp\", 0, \"version\", \"16.0.6965.2117\", \"channel\", \"Deferred\", \"channel_version\", \"1605\", \"kb\", \"3128057\"),\n make_array(\"sp\", 0, \"version\", \"16.0.7369.2102\", \"channel\", \"First Release for Deferred\", \"kb\", \"3128057\"),\n make_array(\"sp\", 0, \"version\", \"16.0.7571.2109\", \"channel\", \"Current\", \"kb\", \"3128057\")\n )\n );\n if (hotfix_check_office_product(product:\"Word\", checks:word_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# SharePoint Server 2016\n######################################################################\nfunction perform_sharepoint_checks()\n{\n local_var installs, install, path;\n\n installs = get_installs(app_name:\"Microsoft SharePoint Server\");\n foreach install (installs[1])\n {\n if (install[\"Product\"] == \"2016\" &&\n !isnull(install['path']) &&\n install['SP'] == '0' &&\n install['Edition'] == 'Server')\n {\n path = hotfix_append_path(path:install['path'], value:\"WebServices\\ConversionServices\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"16.0.4483.1000\", min_version:\"16.0.0.0\", path:path, bulletin:bulletin, kb:\"3141486\", product:\"Office SharePoint Server 2016\") == HCF_OLDER)\n vuln = TRUE;\n }\n }\n}\n\nperform_word_checks();\nperform_sharepoint_checks();\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:53:11", "bulletinFamily": "microsoft", "cvelist": ["CVE-2017-0003"], "description": "<html><body><p>Describes a security update that fixes vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a vulnerability in Microsoft Office. To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms17-002\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS17-002</a>.<span></span><br/></div><h2>More information about this security update</h2><div class=\"kb-moreinformation-section section\">The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known issue information. <br/> <ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3141486\" id=\"kb-link-3\" target=\"_self\">KB3141486 MS17-002: Description of the security update for SharePoint Server 2016: January 10, 2017</a></li><li><a href=\"https://support.microsoft.com/help/3128057\" id=\"kb-link-4\" target=\"_self\">KB3128057 MS17-002: Description of the security update for Word 2016: January 10, 2017</a></li></ul><h3 class=\"sbody-h3\">Nonsecurity-related fixes and improvements that are included in this security update</h3><ul class=\"sbody-free_list\"><li>Some terms are translated into multiple languages to make sure that the meaning is accurate.<br/></li><li>You can't access the Shortcuts link through the keyboard in grid edit mode of a SharePoint task list. In addition, screen readers can't read or access information panels in SharePoint Server 2016.<br/></li><li> The PSConfig tool may recommend incorrect cmdlets.<br/></li><li>Sometimes, the PSConfig tool shows the upgrade as 100 percent completed even though it still takes some time before the tool moves to the next status. This problem occurs because the tool must complete some minor steps after it upgrades the products. Progress messages are displayed for these steps.<br/></li><li> Fixes the following cmdlet legacy issues of the Administrative Actions Logging feature:<ul class=\"sbody-free_list\"><li>Support partial execution for the cmdlet and update the help document correspondingly.</li><li>Refine the messages for some exceptions and logs.</li></ul></li><li> After you try to configure and use the Lotus Notes connector for SharePoint Server, the crawl fails.<br/></li><li> You can't use the CSOM API to set the BookingType property for enterprise resources in projects.<br/></li><li>A system access control list (SACL) isn't read correctly for large file paths that exceed the Windows limitation of 260 characters. This causes the SACL to be discoverable by any user in the query results even if\u00a0the user doesn't have the appropriate permissions.<br/></li><li> After you make multiple changes to the same user in quick succession in SharePoint Server 2016, the Quick Sync job can't be completed successfully.<br/></li><li>When you configure hybrid taxonomy, the specified Local Term Store Name parameter is now case-insensitive even though it was previously case-sensitive.<br/></li><li>You can't restore site collection that have site URLs. Additionally, you receive the following error message:\u00a0<div class=\"indent\"><div class=\"sbody-error\">Error: Violation of PRIMARY KEY constraint 'PK_SiteUrlMap'. Cannot insert duplicate key in object 'dbo.SiteUrlMap'</div></div><br/></li><li>When you add a subtask to an existing subtask of a SharePoint task list, multiple subtasks are created instead of just one in certain conditions.<br/></li><li>When you copy and paste subtasks in grid edit mode of a SharePoint task list, multiple subtasks are created unexpectedly.<br/></li><li>SharePoint Server 2016 becomes unresponsive and the server experiences high CPU usage that requires a restart. Additionally, you can't access sites, or you get extremely slow page load times.<br/></li><li>When you apply status updates in PWA, actual work is added to some assignments unexpectedly. For example, you have an assignment that has 35 hours total work, and the status update is to apply 9 hours. When you view the results in Project Professional, you find that the assignment is unexpectedly completed. Meanwhile, the total work and the actual work have increased to 400 hours.<br/></li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Microsoft Office 2016 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5>The following table contains the security update information for this software.<div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Word 2016 (32-bit edition)<br/><span class=\"text-base\">word2016-kb3128057-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2016 (64-bit edition)<br/><span class=\"text-base\">word2016-kb3128057-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-6\" target=\"_self\">Microsoft Knowledge Base article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.<br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-7\" target=\"_self\">Microsoft Knowledge Base article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use the <span class=\"sbody-userinput\">Add or Remove Programs </span>\u00a0item in<span class=\"sbody-userinput\"> Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3128057\" id=\"kb-link-8\" target=\"_self\">Microsoft Knowledge Base article 3128057</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft SharePoint Enterprise Server 2016</h4><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft SharePoint Server 2016:<br/><span class=\"text-base\">sts2016-kb3141486-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.<br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-10\" target=\"_self\">Microsoft Knowledge Base article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">This security update cannot be removed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3141486\" id=\"kb-link-11\" target=\"_self\">Microsoft Knowledge Base article 3141486</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to get help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-12\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-13\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-14\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"\" id=\"kb-link-15\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2017-01-20T04:37:37", "id": "KB3214291", "href": "https://support.microsoft.com/en-us/help/3214291/", "published": "2017-01-10T00:00:00", "title": "MS17-002: Security Update for Microsoft Office: January 10, 2017", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-0003", "CVE-2017-11882"], "description": "Microsoft\u2019s first Patch Tuesday update of 2017 is one of the smallest in the history of the program with four bulletins released today, including three rated important along with Adobe\u2019s monthly Flash Player update for Internet Explorer and Edge, which was rated critical by the vendor.\n\nThe Microsoft bulletins were for vulnerabilities in Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS).\n\nThe Office bulletin, [MS17-002](<https://technet.microsoft.com/en-us/library/security/ms17-002.aspx>), includes a patch for a single remote code execution vulnerability triggered if a user opened a specially crafted Office file. This vulnerability was originally rated critical by Microsoft, but it later downgraded the bulletin to important. The flaw (CVE-2017-0003) impacts specific Office applications such as Microsoft Word 2016 (64-bit, 32-bit) as well as Microsoft SharePoint Enterprise Server 2016.\n\n\u201cCustomers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,\u201d according to the bulletin.\n\nThe Edge bulletin, [MS17-001](<https://technet.microsoft.com/en-us/library/security/MS17-001>), patched one elevation of privilege vulnerability rated important by Microsoft.\n\n\u201cAn elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge,\u201d according to Microsoft.\n\nA[ ](<https://technet.microsoft.com/en-us/library/security/MS17-004>)denial of service vulnerability rated important by Microsoft was also patched in [MS17-004](<https://technet.microsoft.com/en-us/library/security/MS17-004>) in the Local Security Authority Subsystem Service (LSASS). The flaw impacts Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (and Server Core). The vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests, said Microsoft. \u201cAn attacker who successfully exploited the vulnerability could cause a denial of service on the target system\u2019s LSASS service, which triggers an automatic reboot of the system,\u201d Microsoft said.\n\nFinally, Microsoft also published a critical bulletin, [MS17-003](<https://technet.microsoft.com/en-us/library/security/MS17-003>), tied to a swath of bugs found in Adobe Flash Player used in its Windows 8.1 OS (64-bit, 32-bit), Windows RT 8.1, multiple versions of Windows 10 and Windows Server 2016. Those Adobe Flash Player vulnerabilities were outlined [earlier Tuesday by Adobe when it announced](<https://threatpost.com/adobe-patches-code-execution-flaws-in-flash-reader-acrobat/122983/>) a bevy of patches that addressed code execution flaws in Flash, Reader and Acrobat. Besides applying the requisite patches, Microsoft suggested disabling instances of Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010.\n\nToday\u2019s Patch Tuesday, the first of 2017, marks the first monthly cycle that Microsoft is doing away with bulletins for newer products. Instead, Microsoft patches will be delivered in one installable package. Under the new patch management regime Microsoft\u2019s Vista operating system will still get bulletins however.\n\nMicrosoft\u2019s Patch Tuesday coincides with the release with cumulative updates for nearly all versions of Windows 10 including the Anniversary Update for PCs (Build 14393.693). The update did not introduce new features, rather fixed several security-related features such as fingerprint authentication, App-V Connection Group and an issue that had allowed two similar input devices to work on the same machine.\n", "modified": "2017-01-13T18:03:30", "published": "2017-01-10T15:52:02", "id": "THREATPOST:04FAA050D643AD8D61D8063D5232A682", "href": "https://threatpost.com/microsoft-issues-record-low-number-of-patch-tuesday-bulletins/122999/", "type": "threatpost", "title": "Microsoft Issues Record Low Number of Patch Tuesday Bulletins", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T10:06:59", "bulletinFamily": "info", "cvelist": ["CVE-2017-0002", "CVE-2017-0004", "CVE-2017-0003"], "description": "[](<https://4.bp.blogspot.com/-QKlvF6Psskk/WHXz6SbQd4I/AAAAAAAAq-o/uKyZNH6xC8M0230VUKTWEiduE-Y9Op_egCLcB/s1600/microsoft-security-update-patch-tuesday.png>)\n\n## In Brief\n\nMicrosoft has issued its first [Patch Tuesday for 2017](<https://technet.microsoft.com/library/security/ms17-jan>), and it's one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player. \n \nMeanwhile, Adobe has also released patches for more than three dozen security vulnerabilities in its Flash Player and Acrobat/Reader for Windows, MacOS, and Linux desktops.\n\n \nAccording to the Microsoft Advisory, only one security bulletin is rated critical, while other three are important. The bulletins address security vulnerabilities in Microsoft's Windows, Windows Server, Office, Edge and Flash Player. \n \nThe only security bulletin rated as critical is the one dedicated to Adobe Flash Player, for which Microsoft distributed security patches through Windows Update. Other security bulletins that addresses flaws in Microsoft products are as follows: \n \n\n\n#### **Bulletin 1 \u2014 MS17-001**\n\nThis security update resolves just one vulnerability in the Microsoft Edge browser. Microsoft rates this bulletin as important. \n \nThe vulnerability ([CVE-2017-0002](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0002>)) could let an attacker gain elevated access privileges by tricking users to view a specially crafted web page using Microsoft Edge. \n \nThis elevation of privilege flaw exists in Microsoft Edge's cross-domain policies, which could allow \"an attacker to access information from one domain and inject it into another domain,\" Microsoft says. \n \nThe update will be rolled out to Windows 10 and Server 2016. \n \n\n\n#### **Bulletin 2 \u2014 MS17-002**\n\nThis security bulletin is the one that also patches a single vulnerability in Microsoft Office. \n \nThe vulnerability, designated [CVE-2017-0003](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0003>), is a memory corruption issue that allows an attacker to perform remote code execution (RCE) in Microsoft Office 2016 and SharePoint Enterprise Server 2016. \n \nThe flaw lets a specially crafted Word file to take control of the target machine with the current user's access privileges. \n \nUsers who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users. \n\n\n#### **Bulletin 3 \u2014 ****MS17-003**\n\nThis security bulletin is rated as Critical and resolves 12 security vulnerabilities in Adobe Flash Player for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. \n \nThe security patch will be automatically rolled out to Windows users running Microsoft Edge or Internet Explorer 11. \n** \n**\n\n#### **Bulletin 4 \u2014 ****MS17-004**\n\n \nThis security update, also rated as important, addresses just one denial of service (DoS) vulnerability in Local Security Authority Subsystem Service (LSASS) for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. \n \nThe flaw ([CVE-2017-0004](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0004>)) resides in the LSASS that handles authentication requests, which could be exploited to reboot the system by sending a specially crafted authentication request to the targeted system or server. \n\n\n### Adobe Security Patch Update\n\n \nA total of 13 vulnerabilities has been addressed in the [Flash Player](<https://helpx.adobe.com/security/products/flash-player/apsb17-02.html>), while none of the flaws have actively been exploited in the wild. \n \nThe Flash Player updates for both Windows and macOS systems have been rated critical, as successful exploitation of the vulnerability could let an attacker perform remote code execution on the target system. However, Linux users are at lower risk for attack. \n \nThe update for [Adobe Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb17-01.html>) addresses some 29 flaws, including some remote code execution (RCE) vulnerabilities in both Windows and macOS. \n \nUsers and IT administrators are strongly recommended to apply Windows and Adobe patches as soon as possible in order to keep away hackers and cybercriminals from taking control over your computer. \n \nA system reboot is necessary for installing updates, so users are advised to save work on PCs where the whole package of patches is deployed before initiating the process.\n", "modified": "2017-01-11T09:26:27", "published": "2017-01-10T22:26:00", "id": "THN:D0463537F0A6A260170D27CB12689824", "href": "https://thehackernews.com/2017/01/microsoft-security-patch.html", "type": "thn", "title": "Microsoft Releases 4 Security Updates \u2014 Smallest Patch Tuesday Ever!", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
