Vulnerability Protection

Cumulative Security Update for Internet Explorer

Details

Report ID:

MS20170301

Date Published:

15 March 2017

Date Revised:

Criticality:

Critical

Compromise Type:

Remote code execution, information disclosure, spoofing, escalation of privilege

Compromise From:

Remote

Affected Product/Component:

Internet Explorer 9
Internet Explorer 10
Internet Explorer 11

Summary

A cumulative security update for Internet Explorer addresses multiple vulnerabilities that could be exploited into allowing remote code execution, information disclosure, spoofing, and escalation of privilege. 

Detailed Description

Microsoft has issued a cumulative security update to address multiple vulnerabilities that were discovered in the Internet Explorer web browser. Of the total twelve vulnerabilities, five could lead to remote code execution, four could lead to information disclosure, two could lead to spoofing, and one could lead to escalation of privilege.

These vulnerabilities were caused by varying factors which include improper access or improper handling of objects in memory, rendering errors in JScript and VBScript engines, improper parsing of HTTP responses, and improper enforcement of cross-domain policies. All discovered issues have been resolved in the latest update through corrective modifications and fixes. 

CVE Reference

CVE-2017-0008, CVE-2017-0009, CVE-2017-0012, CVE-2017-0018, CVE-2017-0033, CVE-2017-0037, CVE-2017-0040, CVE-2017-0049, CVE-2017-0059, CVE-2017-0130, CVE-2017-0149, CVE-2017-0154

Solution

Install the latest security patch, available for download from https://technet.microsoft.com/en-us/library/security/ms17-006

Source

Microsoft Security Bulletin MS17-006