6 replies to this topic

[AplusWebMaster]

FYI...

MS Security Update Guide
> https://portal.msrc....curity-guidance

Release Notes
April 2017 Security Updates
> https://portal.msrc....d9-000d3a32fc99
April 11, 2017 - "The April security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Visual Studio for Mac
    .NET Framework
    Silverlight
    Adobe Flash Player ..."
> https://portal.msrc....uidance/summary

Cumulative security update for Internet Explorer: April 11, 2017
> https://support.micr...r-april-11-2017
Last Review: Apr 13, 2017 - Rev: 46
"... Additionally, see Windows 10* and Windows Server 2016 update history for more information on cumulative updates for Windows 10 and Windows Server 2016..."
* https://support.micr...-update-history
Last Review: Apr 13, 2017 - Rev: 46
___

April 11, 2017, update for Microsoft Office
- https://support.micr...icrosoft-office
Last Review: Apr 13, 2017 - Rev: 10
___

Qualys analysis:
- https://blog.qualys....ecurity-updates
April 11, 2017 - "Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide:
- https://portal.msrc....curity-guidance
In today’s release Microsoft fixed a total of 45 vulnerabilities that could lead to remote code execution, denial-of-service, elevation of privileges, security feature bypass and spoofing. Top priority goes to the Office and WordPad CVE-2017-0199 which fixed a 0-day vulnerability that is being actively exploited in the wild. Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad. Attacker could accomplish this by sending a specially crafted file to the user and then convincing the user to open the file. We recommend administrators patch this as soon as possible..."
(More detail at the qualys URL above.)

ISC analysis:
- https://isc.sans.edu...l?storyid=22286
Apr 11 2017 - "Today on Tuesday 2017-04-11, Microsoft announced its monthly security release (also known as "Patch Tuesday). Reviewing Microsoft's Security Update Guide, it looks like there's 644 updates with 210 of them listed as "Critical" severity..."
(More detail at the ISC URL above.)

'ghacks' analysis:
- https://www.ghacks.n...l-2017-release/
April 11, 2017 - "... marks the end of Windows Vista's extended support phase. Microsoft won't release security updates for Windows Vista officially anymore*...
* https://www.ghacks.n...nds-next-month/
... Executive Summary: Security Bulletins are no longer provided. Microsoft switched the information system to the Security Update Guide fully. The April security update patches issues in all supported versions and editions of Microsoft Windows. Other Microsoft products with patches are Microsoft Edge and Internet Explorer, the .NET Framework, Silverlight, and Microsoft Office.
Operating System Distribution:
Windows Vista: 9 vulnerabilities, 1 critical, 8 important
Windows 7: 9 vulnerabilities, 1 critical, 8 important.
Windows 8.1: 23 vulnerabilities, 4 critical, 19 important.
Windows RT 8.1: 11 vulnerabilities, 1 critical, 10 important.
Windows 10 version 1703: 21 vulnerabilities, 5 critical, 16 important..."

Edited by AplusWebMaster, 08 May 2017 - 12:02 PM.

[AplusWebMaster]

FYI...

Microsoft Security Bulletin Summary for March 2017
Published: March 14, 2017 | Updated: April 11, 2017
> https://technet.micr...y/ms17-mar.aspx
V2.0 (April 11, 2017): Bulletin Summary revised to announce the following updates:

For MS17-013, the release of update 4017018 for Windows Vista and Windows Server 2008. The update replaces update 4012583 for CVE-2017-0038 only, to comprehensively address the vulnerability. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4017018 for more information.

For MS17-014, to comprehensively address CVE-2017-0027 for Office for Mac 2011 only, Microsoft is releasing security update 3212218. Microsoft recommends that customers running Office for Mac 2011 install update 3212218 to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 3212218 for more information.

For MS17-021, security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft Windows do not need to take any further action,

___

- https://www.us-cert....ecurity-Updates
April 12, 2017 - "Microsoft has released -61- updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code: https://nvd.nist.gov...l/CVE-2017-0199

US-CERT encourages users and administrators to review Vulnerability Note #VU921560* and Microsoft's April 2017 Security Update** and apply the necessary updates."

* https://www.kb.cert.org/vuls/id/921560

** https://portal.msrc....d9-000d3a32fc99
___

April 2017 Office Update Release
- https://blogs.techne...update-release/
April 11, 2017 - "The April 2017 Public Update releases for Office are now available! This month, there are -19- security updates and 33 non-security updates. All of the security and non-security updates are listed in KB article 4016803:
- https://support.micr...icrosoft-office
A new version of Office 2013 Click-To-Run is available: 15.0.4919.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7180.5002 "

> https://portal.msrc....y/CVE-2017-0199
April 11, 2017

- http://www.securityt....com/id/1038224
CVE Reference: CVE-2017-0199
Updated: Apr 12 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix, available at:
- https://catalog.upda...spx?q=KB4014793
- https://catalog.upda...spx?q=KB4015549
- https://catalog.upda...spx?q=KB4015551

- http://www.securityt....com/id/1038227
CVE Reference: CVE-2017-0106, CVE-2017-0204
Apr 11 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016; Outlook for Mac 2011
Impact: A remote user can create an email message that, when loaded or previewed by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix.
The vendor advisories are available at:
- https://support.micr...3-april-11-2017
- https://support.micr...7-april-11-2017
- https://support.micr...0-april-11-2017
- https://support.micr...011-14-7-3-apri
- https://support.micr...6-april-11-2017
 

Edited by AplusWebMaster, 12 April 2017 - 10:04 AM.

[AplusWebMaster]

FYI...

Microsoft's critical Windows and Office patches - problems
- http://www.infoworld...f-problems.html
Apr 13, 2017 - "Windows and Office patching have had a horrible three months... just what we've seen in the first 48 hours... The SANS Internet Storm Center*, my go-to source for patch insight, has thrown up its hands, listing all -210- "critical" updates in one massive blob. In addition to the 210 "critical" there's another -434- that aren't so critical, coming to a grand total of -644- patches this month... tip of the -buggy- iceberg..."
(More detail at the infoworld URL above.)

* https://isc.sans.edu... Tuesday/22288/
___

Also see:

Microsoft Addresses Shadow Brokers Exploits
> https://www.us-cert....kers-Exploits-0
Last revised: April 16, 2017

- https://blogs.techne...valuating-risk/
April 14, 2017

- https://arstechnica....sterious-patch/
4/15/2017
 

  

Edited by AplusWebMaster, 17 April 2017 - 07:47 AM.

[AplusWebMaster]

FYI...

April 11, 2017 — KB4015549 (Monthly Rollup)
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...pdate-kb4015549
Last Review: Apr 12, 2017 - Rev: 21
"... Known issues in this update:
If the PC uses an AMD Carrizo DDR4 processor, installing this update will -block- downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release..."
___

- http://www.infoworld...-backfires.html
Apr 13, 2017 - "Microsoft is working on a fix after Tuesday’s Windows 7 and 8.1 security updates misfired on some users, forcibly locking them -out- of future Windows updates.
Microsoft has acknowledged that the updates’ detection mechanism, intended to force users with newer 7th generation processor chips to move to Windows 10, also caught people with 6th generation AMD Carrizo DDR 4 PCs, which -were- explicitly -allowed- under terms of Microsoft’s Lifecycle Policy FAQ. Microsoft admitted erroneously -blocking- Windows Update on -four- different Tuesday patches:
KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), and KB 4015547 (the Win8.1 Security-Only patch)..."
 

[AplusWebMaster]

FYI...

MS - Feedback on the Security Update Guide
- https://blogs.techne...y-update-guide/
April 21, 2017 - "The Security Update Guide* has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide. As we completed Preview this month, we want to let you know that we are continuing to listen to your feedback, and are working to enhance your experience... If you have questions about the change, or how to accomplish certain tasks, we have a FAQ**, as well as a TechNet support forum*** for the Security Update Guide. If you have questions about how to use the Security Update Guide or a suggestion to improve it, please post to the forum or (even better) upvote someone else’s suggestion if you also like it. We are listening."
* https://portal.msrc....curity-guidance

FAQ: ** https://technet.micr...curity/mt791750

Forum: *** https://social.techn...rityupdateguide
___

Why is Intel allowing this?
- https://software.int...ns/topic/731318
4/14/2017
 

   

Edited by AplusWebMaster, 28 April 2017 - 09:57 AM.

[AplusWebMaster]

FYI...

MS Ending Security Updates for Windows 10 version 1507
- https://www.us-cert....10-version-1507
May 04, 2017 - "After May 9, 2017, devices running Windows 10 version 1507 will no longer receive security updates. US-CERT encourages users and administrators to review Microsoft's Windows 10 version 1507 post* for more information and to apply necessary updates."

* https://support.micr...ecurity-updates
Last Review: Apr 12, 2017 - Rev: 17
"... Microsoft recommends visiting the Software Download site** and selecting 'Update now' to manually update your device..."
** https://www.microsof...nload/windows10
___

Outlook 2010 (KB3191906)
- https://support.micr...-2010-kb3191906
Article ID: 3191906 - Last Review: May 2, 2017 - Rev: 11
"... Fixes the following issue: When you add attachments to a saved email message and then send the email message in Outlook 2010, the attachments are missing, corrupted or duplicated..."
> https://www.catalog.....aspx?q=3191906

Office 2010 (KB3128031)
- https://support.micr...-2010-kb3128031
Article ID: 3128031 - Last Review: May 2, 2017 - Rev: 9
"... Improvements and fixes: Improves the robustness to make sure that the stability of Office 2010 applications in certain scenarios..."
> https://www.catalog.....aspx?q=3128031
 

Edited by AplusWebMaster, 04 May 2017 - 09:49 AM.

[AplusWebMaster]

FYI...

MS Security Advisory 4022344
Security Update for Microsoft Malware Protection Engine
- https://technet.micr...ty/4022344.aspx
May 8, 2017 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system... Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
___

- http://www.infoworld...ivirus-bug.html
May 9, 2017 - "... critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012..."

- http://www.securityt....com/id/1038419
CVE Reference: https://nvd.nist.gov...l/CVE-2017-0290
May 9 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.micr....com/kb/2510781
___

- http://www.securityt....com/id/1038420
CVE Reference: https://nvd.nist.gov...l/CVE-2017-0290
May 9 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.micr....com/kb/2510781
___

- https://www.us-cert....Security-Update
May 08, 2017
 

Edited by AplusWebMaster, 09 May 2017 - 12:56 PM.