Microsoft Security Bulletin MS17-008 - Critical

Security Update for Windows Hyper-V (4013082)

Published: March 14, 2017

Version: 1.0

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

This security update is rated Critical for all supported editions of Windows. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input. For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 4013082.

Affected Software and Vulnerability Severity Ratings

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the March bulletin summary.

Microsoft Software (Table 1 of 2)

**Operating System** [**Hyper-V vSMB Remote Code Execution Vulnerability – CVE-2017-0021**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) [**Microsoft Hyper-V Network Switch Denial of Service Vulnerability - CVE-2017-0051**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0051) [**Hyper-V Denial of Service Vulnerability – CVE-2017-0074**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) [**Hyper-V Remote Code Execution Vulnerability – CVE-2017-0075**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0075) **Hyper-V Denial of Service Vulnerabilities: [CVE-2017-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0076) [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) [CVE-2017-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0099)** **Updates Replaced**
**Windows Server 2008**
[Windows Server 2008 for x64-based Systems Service Pack 2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3211306) (3211306) Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service None
**Windows 7**
[Windows 7 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (4012212) Security Only[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service None
[Windows 7 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (4012215) Monthly Rollup[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service [3212646](https://support.microsoft.com/kb/3212646)
**Windows Server 2008 R2**
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (4012212) Security Only[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (4012215) Monthly Rollup[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service [3212646](https://support.microsoft.com/kb/3212646)
**Windows 8.1**
[Windows 8.1 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (4012213) Security Only[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service None
[Windows 8.1 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (4012216) Monthly Rollup[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3205401](https://support.microsoft.com/kb/3205401)
**Windows Server 2012 and Windows Server 2012 R2**
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012214) (4012214) Security Only[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012217) (4012217) Monthly Rollup[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3205409](https://support.microsoft.com/kb/3205409)
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (4012213) Security Only[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (4012216) Monthly Rollup[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3205401](https://support.microsoft.com/kb/3205401)
**Windows 10**
[Windows 10 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012606)[2] (4012606) Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3210720](https://support.microsoft.com/en-us/kb/3210720)
[Windows 10 Version 1511 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013198)[2] (4013198) Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3210721](https://support.microsoft.com/en-us/kb/3210721)
[Windows 10 Version 1607 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2] (4013429) **Critical** Remote Code Execution **Important** Denial of Service **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3213986](https://support.microsoft.com/en-us/kb/3213986)
**Windows Server 2016**
[Windows Server 2016 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2] (4013429) **Critical** Remote Code Execution **Important** Denial of Service **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3213986](https://support.microsoft.com/en-us/kb/3213986)
**Server Core installation option**
[Windows Server 2008 for x64-based Systems Service Pack 2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3211306) (Server Core installation) (3211306) Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (Server Core installation) (4012212) Security Only[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (Server Core installation) (4012215) Monthly Rollup[1] Not applicable Not applicable Not applicable **Critical** Remote Code Execution **Important** Denial of Service [3212646](https://support.microsoft.com/kb/3212646)
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012214) (Server Core installation) (4012214) Security Only[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012217) (Server Core installation) (4012217) Monthly Rollup[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3205409](https://support.microsoft.com/kb/3205409)
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (Server Core installation) (4012213) Security Only[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service None
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (Server Core installation) (4012216) Monthly Rollup[1] Not applicable Not applicable **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3205401](https://support.microsoft.com/kb/3205401)
[Windows Server 2016 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2](Server Core installation) (4013429) **Critical** Remote Code Execution **Important** Denial of Service **Important** Denial of Service **Critical** Remote Code Execution **Important** Denial of Service [3213986](https://support.microsoft.com/en-us/kb/3213986)
### Microsoft Software (Table 2 of 2)

**Operating System** [**Hyper-V vSMB Remote Code Execution Vulnerability – CVE-2017-0095**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0095) [**Hyper-V Information Disclosure Vulnerability – CVE-2017-0096**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0096) [**Hyper-V Denial of Service Vulnerability – CVE-2017-0098**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0098) [**Hyper-V Remote Code Execution Vulnerability – CVE-2017-0109**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0109) **Updates Replaced**
**Windows Server 2008**
[Windows Server 2008 for x64-based Systems Service Pack 2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3211306) (3211306) Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
**Windows 7**
[Windows 7 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (4012212) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows 7 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (4012215) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3212646](https://support.microsoft.com/kb/3212646)
**Windows Server 2008 R2**
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (4012212) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (4012215) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3212646](https://support.microsoft.com/kb/3212646)
**Windows 8.1**
[Windows 8.1 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (4012213) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows 8.1 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (4012216) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3205401](https://support.microsoft.com/kb/3205401)
**Windows Server 2012 and Windows Server 2012 R2**
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012214) (4012214) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012217) (4012217) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3205409](https://support.microsoft.com/kb/3205409)
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (4012213) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (4012216) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3205401](https://support.microsoft.com/kb/3205401)
**Windows 10**
[Windows 10 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012606)[2] (4012606) **Important** Remote Code Execution **Important** Information Disclosure **Important** Denial of Service **Critical** Remote Code Execution [3210720](https://support.microsoft.com/en-us/kb/3210720)
[Windows 10 Version 1511 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013198)[2] (4013198) **Important** Remote Code Execution **Important** Information Disclosure **Important** Denial of Service **Critical** Remote Code Execution [3210721](https://support.microsoft.com/en-us/kb/3210721)
[Windows 10 Version 1607 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2] (4013429) **Important** Remote Code Execution **Important** Information Disclosure **Important** Denial of Service **Critical** Remote Code Execution [3213986](https://support.microsoft.com/en-us/kb/3213986)
**Windows Server 2016**
[Windows Server 2016 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2] (4013429) **Important** Remote Code Execution **Important** Information Disclosure **Important** Denial of Service **Critical** Remote Code Execution [3213986](https://support.microsoft.com/en-us/kb/3213986)
**Server Core installation option**
[Windows Server 2008 for x64-based Systems Service Pack 2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3211306) (Server Core installation) (3211306) Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012212) (Server Core installation) (4012212) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012215) (Server Core installation) (4012215) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3212646](https://support.microsoft.com/kb/3212646)
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012214) (Server Core installation) (4012214) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2012](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012217) (Server Core installation) (4012217) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3205409](https://support.microsoft.com/kb/3205409)
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012213) (Server Core installation) (4012213) Security Only[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution None
[Windows Server 2012 R2](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012216) (Server Core installation) (4012216) Monthly Rollup[1] Not applicable **Important** Information Disclosure Not applicable **Critical** Remote Code Execution [3205401](https://support.microsoft.com/kb/3205401)
[Windows Server 2016 for x64-based Systems](http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4013429)[2](Server Core installation) (4013429) **Important** Remote Code Execution **Important** Information Disclosure **Important** Denial of Service **Critical** Remote Code Execution [3213986](https://support.microsoft.com/en-us/kb/3213986)
[1]Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this [Microsoft TechNet article](https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/).

[2]Windows 10 and Windows Server 2016 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Please note that effective December 13, 2016, Windows 10 and Windows Server 2016 details for the Cumulative Updates will be documented in Release Notes. Please refer to the Release Notes for OS Build numbers, Known Issues, and affected file list information.

*The Updates Replaced column shows only the latest update in any chain of superseded updates. For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the PackageDetails tab).

Update FAQ

I do not have Hyper-V enabled, why am I being offered this update?
The vulnerable code exists in the affected software that is listed in the affected software table. As a defense-in-depth measure, and to ensure that systems are protected if Hyper-V is enabled, the update is applicable to all supported products and versions that contain the vulnerable code.

Vulnerability Information

Multiple Hyper-V Denial of Service Vulnerabilities

Multiple denial of service vulnerabilities exist when the Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.

The security update addresses these vulnerabilities by preventing out-of-bound memory access.

The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

**Vulnerability title** **CVE number** **Publicly disclosed** **Exploited**
Microsoft Hyper-V Network Switch Denial of Service Vulnerability [CVE-2017-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0051) No No
Hyper-V Denial of Service Vulnerability [CVE-2017-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) No No
Hyper-V Denial of Service Vulnerability [CVE-2017-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0076) No No
Hyper-V Denial of Service Vulnerability [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) Yes No
Hyper-V Denial of Service Vulnerability [CVE-2017-0098](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0098) No No
Hyper-V Denial of Service Vulnerability [CVE-2017-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0099) No No
### Mitigating Factors The following [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) may be helpful in your situation: - Customers who have not enabled the Hyper-V role are not affected. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for these vulnerabilities. Multiple Hyper-V vSMB Remote Code Execution Vulnerabilities ----------------------------------------------------------- Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system. To exploit these vulnerabilities, an attacker running inside a virtual machine could run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code. The update addresses the vulnerabilities by correcting how Windows Hyper-V validates vSMB packet data. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

**Vulnerability title** **CVE number** **Publicly disclosed** **Exploited**
Hyper-V vSMB Remote Code Execution Vulnerability [CVE-2017-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) No No
Hyper-V vSMB Remote Code Execution Vulnerability [CVE-2017-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0095) No No
### Mitigating Factors The following [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) may be helpful in your situation: - Customers who have not enabled the Hyper-V role are not affected. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for these vulnerabilities. Multiple Hyper-V Remote Code Execution Vulnerabilities ------------------------------------------------------ Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit these vulnerabilities, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code An attacker who successfully exploited these vulnerabilities could execute arbitrary code on the host operating system. The security update addresses these vulnerabilities by correcting how Hyper-V validates guest operating system user input. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

**Vulnerability title** **CVE number** **Publicly disclosed** **Exploited**
Hyper-V Remote Code Execution Vulnerability [CVE-2017-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0075) No No
Hyper-V Remote Code Execution Vulnerability [CVE-2017-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0109) No No
### Mitigating Factors The following [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) may be helpful in your situation: - Customers who have not enabled the Hyper-V role are not affected. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for these vulnerabilities. Hyper-V Information Disclosure Vulnerability – CVE-2017-0096 ------------------------------------------------------------ An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

**Vulnerability title** **CVE number** **Publicly disclosed** **Exploited**
Hyper-V Information Disclosure Vulnerability [CVE-2017-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0096) No No
### Mitigating Factors The following [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) may be helpful in your situation: - Customers who have not enabled the Hyper-V role are not affected. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. Security Update Deployment --------------------------

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced in the Executive Summary.

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (March 14, 2017): Bulletin published.

Page generated 2017-03-16 11:18-07:00.