4 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms17-jan
Jan 10, 2017 - "This bulletin summary lists security bulletins released for January 2017...
Note: There are no security fixes or quality improvements for Windows 8.1 or Windows Server 2012 R2 for release on Update Tuesday for January 2017. As such, there is no Security -Only- Quality Update or Security -Monthly- Quality Rollup release for these platforms this month...
(Total of -4-)

Microsoft Security Bulletin MS17-001 - Important
Security Update for Microsoft Edge (3214288)
- https://technet.micr...curity/MS17-001
Important - Elevation of Privilege - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS17-002 - Critical
Security Update for Microsoft Office (3214291)
- https://technet.micr...curity/ms17-002
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS17-003 - Critical
Security Update for Adobe Flash Player (3214628)
- https://technet.micr...curity/ms17-003
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS17-004 - Important
Security Update for Local Security Authority Subsystem Service (3216771)
- https://technet.micr...curity/ms17-004
Important - Denial of Service - Requires restart - Microsoft Windows
___

MS17-001: http://www.securityt....com/id/1037573
MS17-002: http://www.securityt....com/id/1037568
- http://www.securityt....com/id/1037569
MS17-003: http://www.securityt....com/id/1037570
MS17-004: http://www.securityt....com/id/1037571
___

Security Updates Guide
- https://portal.msrc....curity-guidance
10-Jan-2017 - January 2017 Security Updates

Total items: 34

[Note: There are -some- updates listed for Win8.1 and WinSvr2012 R2 here.]

___

Security Advisories
- https://technet.micr...dvisories#APUMA

- https://technet.micr...ecurity/2755801
1/10/2017 - 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge

- https://technet.micr...y/mt745127.aspx

- https://technet.micr...ty/3214296.aspx
Jan 10, 2017 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege
___

January 2017 Office Update Release
- https://blogs.techne...update-release/
Jan 10, 2017 - "... This month, there are -2- security updates (1 bulletin) and -31- non-security updates.
Security bulletins: MS17-002: https://technet.micr...y/ms17-002.aspx
All of the security and non-security updates are listed in KB article 3214449:
- https://support.micr...n-us/kb/3214449
A new version of Office 2013 Click-To-Run is available: 15.0.4893.1002 ..."
___

ISC Analysis
- https://isc.sans.edu...wday=2017-01-10
2017-01-10

Qualys Analysis
- https://blog.qualys....ecurity-updates
Jan 10, 2017 - "... in the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch month ever. Patches were released for Microsoft Office, the Edge browser and LSASS. It’s an unusually small patch update and will definitely make system administrators happy. For Windows server 2008 administrators, on top of the list is the LSASS or Local Security Authority Subsystem Service bulletin MS17-004 which is a denial-of-service condition which could allow unauthenticated attackers to trigger an automatic reboot. To exploit the vulnerability an unauthenticated attacker could send a specially crafted authentication request which would lead in the reboot condition. This vulnerability i.e. CVE-2017-0004 was publically disclosed before the availability of the patch and PoC exploit could become available soon. Windows 7 and Vista are also affected.
Top on the priority list for workstations is the critical Office bulletin MS17-002 which applies to Word 2016 and SharePoint 2016. An attacker could send a malicious file as an attachment and could take complete control of the system if the file is opened with the affected software.
Microsoft Edge bulletin MS17-001 affects Windows 10 and Windows Server 2016.  It allows an attacker to access information from one domain and inject it into another domain resulting into getting elevated privileges. This vulnerability i.e. CVE-2017-0002 was publically disclosed before the availability of the patch.
It is also worth noting that starting next month Microsoft will scrap  the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database and instead of having to poke through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates..."

.

Edited by AplusWebMaster, 11 January 2017 - 04:52 AM.

[AplusWebMaster]

FYI...

MS WMF 5.1 released - PowerShell 5.1 for Windows 7 and later
- https://blogs.msdn.m...f-5-1-released/
Jan 19, 2017 - "... we are releasing the Windows Management Framework (WMF) 5.1 today via the Microsoft download center:  
> http://www.microsoft...s.aspx?id=54616
WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition. You can find out more about the WMF 5.1 release in the Release Notes:
> https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes  
Please note that for Windows 7 and Windows Server 2008 R2 the installation instructions have changed significantly. Please read the Install and Configure topic in the release notes. We have removed the requirement for pre-installing WMF 4 on Windows 7 and Windows Server 2008 R2, but to do so we had create a script for checking the prerequisites that accompanies the MSU in a ZIP file. This affects only Windows 7 and Windows Server 2008 R2. The Install and Configure topic* in the release notes provides details on using the script..."
* https://msdn.microso...stall-configure
 

[AplusWebMaster]

FYI...

Windows 10 v1607 media now available
- https://blogs.techne...-now-available/
Jan 19, 2017 - "On November 29th, Windows 10, version 1607 was -declared- the Current Branch for Business (CBB), indicating that Microsoft, independent software vendors (ISVs), partners, and customers -believe- that the release is ready for broad deployment. Today we are releasing updated media for Windows 10 v1607 (also known as the Windows 10 Anniversary Update) on Windows Update for Business, Windows Server Update Services (WSUS), and MSDN Subscriptions. We will also be releasing -updated-refreshed- media for Windows 10, version 1607 to the Volume Licensing Service Center (VLSC) on January 26, 2017...
End of servicing for Windows 10, version 1507:
With the availability of Windows 10, version 1607 to the VLSC on January 26th, the 60-day grace period for Windows 10, version 1507 will begin. That means, after March 26th, 2017, Windows 10, version 1507 will no longer be serviced as only the two most Current Branch for Business (CBB) versions are actively serviced...
Additional information:
For the latest list of Windows 10 feature updates, and current versions by servicing option, see our Windows 10 release information page*..."
* https://technet.micr...s/mt679505.aspx
___

Microsoft’s Release Process Prompts Update Confusion
> http://windowssecret...date-confusion/
Jan 24, 2017
___

Windows 10 Version 1607 and Windows Server 2016
January 26, 2017—KB 3216755 (OS Build 14393.726)
- https://support.micr...pdate-kb3216755
. Update replacement information: This update replaces the previously released update KB3213986.
Last Review: Jan 26, 2017 - Rev: 2
___

Windows 10 update KB 3216755
> http://www.infoworld...kb-3216755.html
Jan 27, 2017 - "... The latest cumulative update is only available in the Update Catalog":
> http://www.catalog.u....aspx?q=3216755
 

 

Edited by AplusWebMaster, 28 January 2017 - 08:44 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 4010983
Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service
- https://technet.micr...ecurity/4010983
Jan 27, 2017
 

[AplusWebMaster]

FYI...

Windows Server 2016 update 14393.729 via hotfix
- http://www.infoworld...via-hotfix.html
Jan 31, 2017 - "KB 4010672 brings Server 2016 machines up to build 14393.729. Like the last cumulative update preview, it’s fully documented and only available in the Update Catalog*..."
* http://www.catalog.u...spx?q=KB4010672

> https://support.micr...pdate-kb4010672
Last Review: Jan 30, 2017 - Rev: 5
___

Correction to the list of superseded Word Viewer updates
- https://blogs.techne...viewer-updates/
Feb 2, 2017 - "We made some corrections to the superseded updates lists in three previously released Word Viewer updates on Microsoft Update today. These updates are KBs 3118394, 3128043, and 3128044. There were no other changes to the fixes provided by these updates."
 

Edited by AplusWebMaster, 03 February 2017 - 11:45 AM.