4 replies to this topic

[AplusWebMaster]

FYI...

October 2017 security update release
- https://blogs.techne...update-release/
Oct 10, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

- https://portal.msrc....e2-000d3a32fc99
Oct 10, 2017 - "The October security release consists of security updates for the following software:
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• Skype for Business and Lync
• Chakra Core ...

Known issues:
- https://support.micr...us/help/4041691
- https://support.micr...us/help/4042895
- https://support.micr...us/help/4041676
- https://support.micr...us/help/4041681
"... Microsoft is working on a resolution and will provide an update in an upcoming release."

Security Update Summary
> https://portal.msrc....uidance/summary
10/10/2017
___

October 2017 Office Update Release
- https://blogs.techne...update-release/
Oct 10, 2017 - "... This month, there are 26 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4043461*.
A new version of Office 2013 Click-To-Run is available: 15.0.4971.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7189.5001

* https://support.micr...icrosoft-office
Last Review: Oct 10, 2017 - Rev: 10
___

Additional information:
- http://www.securityt....com/id/1039526
- http://www.securityt....com/id/1039527
- http://www.securityt....com/id/1039528
- http://www.securityt....com/id/1039529
- http://www.securityt....com/id/1039530

- http://www.securityt....com/id/1039532
- http://www.securityt....com/id/1039533
- http://www.securityt....com/id/1039534
- http://www.securityt....com/id/1039535
- http://www.securityt....com/id/1039536

- http://www.securityt....com/id/1039537
- http://www.securityt....com/id/1039538
- http://www.securityt....com/id/1039539
- http://www.securityt....com/id/1039540
- http://www.securityt....com/id/1039541

- http://www.securityt....com/id/1039542
___

ghacks.net: https://www.ghacks.n...r-2017-release/
Oct 10, 2017 - "... Our monthly series provides you with information on Microsoft's Patch Day. It features an overview of all security and non-security updates that Microsoft released since the last Patch day in September 2017. The monthly guide lists how different versions of Windows -- client and server -- and Microsoft's browsers Edge and Internet Explorer are affected. It features links to resources, direct download links for cumulative Windows updates, new and updated security advisories, and information on how to download the updates to Windows machines...
 Windows 7: 20 vulnerabilities of which 5 are rated critical, 15 important
 Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 17 important
 Windows 10 version 1607: 29 vulnerabilities, 6 critical, 23 important
 Windows 10 version 1703: 29 vulnerabilities of which 6 are rated critical, 23 important ..."
(More detail at the URL above.)

Qualys analysis: https://blog.qualys....vulnerabilities
Oct 10, 2017 - "Today Microsoft released patches covering 62 vulnerabilities as part of August’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild. Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.
Also of note are two vulnerabilities in the Windows font library, CVE-2017-11762 and CVE-2017-11763, that can be exploited through a browser or malicious file, as well as a vulnerability in DNSAPI, CVE-2017-11779, that could allow a malicious DNS server to execute code on a client system.
A vulnerability in certain TPM chips is addressed by ADV170012. This vulnerability is in the TPM chip itself, and not in Windows, but could result in weak cryptographic keys. These keys are used for BitLocker, Biometric auth, and other areas of Windows. The updates provide a workaround for the weak keys leveraging additional logging and an option to use software-derived keys. Full remediation requires a firmware update from the device manufacturer.
As with several of the last Patch Tuesdays, the majority of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser..."
___

- https://www.us-cert....ecurity-Updates
Oct 10, 2017
 

Edited by AplusWebMaster, 11 October 2017 - 05:53 AM.

[AplusWebMaster]

FYI...

Microsoft 'Patch Tuesday' problems ...
... It's been less than a day since the Patch Tuesday patches rolled out, and we're already seeing lots of complaints – and a few unexpected explanations
- https://www.computer...y-problems.html
Oct 11, 2017

... Every version of Windows gets patched, as well as Edge, IE, Skype for Business and Office. Pay special attention to the Word zero-day, the DNS security problem, and the TPM patching madness....
- https://www.computer...veral-bugs.html
Oct 10, 2017
___

Microsoft patch problems persist...
... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computer...s-and-more.html
Oct 12, 2017
 

Edited by AplusWebMaster, 12 October 2017 - 01:39 PM.

[AplusWebMaster]

FYI...

Microsoft Dynamics 365 for Outlook is unable to render webpages after installing the October 2017 Microsoft Outlook security update
- https://support.micr...-webpages-after
Last Review: Oct 13, 2017 - Rev: 5

Fixes or workarounds for recent issues in Outlook for Windows
Applies To: Outlook 2016 Outlook 2013
- https://support.offi...&rs=en-US&ad=US
Last updated: October 2017
___

- https://askwoody.com/ms-defcon-system/
"... Current Microsoft patches are causing havoc. Don’t patch."

... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computer...s-and-more.html
Oct 12, 2017
___

> https://askwoody.com...ates-and-krack/
Oct 17, 2017 - "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

Excel, Access, external DB driver errors linked to this month’s patches
... If you’re seeing new “Unexpected error from external database driver” error messages, chances are good you recently installed KB 4041681 (Win7), KB4041676 (Win10 1703), or any of this month's Windows security patches
- https://www.computer...-s-patches.html
Oct 17, 2017
___

Windows 7 SP1 and Windows Server 2008 R2 SP1
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...pdate-kb4041681
Oct 17, 2017 - "... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 17

Windows 7 SP1 and Windows Server 2008 R2 SP1
October 17, 2017—KB4041686 (Preview of Monthly Rollup)
- https://support.micr...pdate-kb4041686
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 10
___

MS ADV170018 | October Flash Security Update
> https://portal.msrc....isory/ADV170018
10/17/2017
___

Announcing the .NET Framework 4.7.1
- https://blogs.msdn.m...ramework-4-7-1/
October 17, 2017

Windows 10 release information
- https://technet.micr...lease-info.aspx
Latest revision date - 10/17/2017 - 'Microsoft recommends'

October 17, 2017—KB4043961 (OS Build 16299.19)
Windows 10 Version 1709
- https://support.micr...pdate-kb4043961
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 19
 

Edited by AplusWebMaster, 19 October 2017 - 06:40 AM.

[AplusWebMaster]

FYI...

- https://askwoody.com...-get-caught-up/
Oct 27, 2017 - "There are isolated problems with current patches, but they are well-known and documented on this site..."

- https://www.computer...y-crawlies.html
Oct 27, 2017

Fixes or workarounds for recent Office issues
Applies To: Excel 2016 Word 2016 Outlook 2016 PowerPoint 2016 More...
- https://support.offi...&rs=en-US&ad=US

- https://www.computer...ky-rollout.html

- https://social.techn...=win10itprovirt
 

[AplusWebMaster]

FYI...

MS fixes 'external database' bug with patches that have even more bugs
... Yesterday, in an odd Patch Thursday, Microsoft released five patches for the “Unexpected error from external database driver” bug. But the cure’s worse than the disease. If you installed one, yank it now — and expect Microsoft to pull the patches soon
- https://www.computer...-more-bugs.html
Nov 3, 2017 - "... It’s too early to assess all of the damage, but reports from many corners say installing these new patches brings back old, unpatched versions of many files. If you installed one of the patches from yesterday, best to uninstall it. Now..."
(More detail at the URL above.)

> https://www.ghacks.n...ows-10-updates/
Nov 3, 2017 - "... users may run into another issue after installing the update..."
___

- https://www.ghacks.n...ows-10-updates/
Last Update: Nov 5, 2017 - "Microsoft released a whole bunch of non-security updates for its operating systems Windows 7, Windows 8.1, and several versions of Windows 10 yesterday.
Update: Microsoft pulled KB4052234 and KB4052234. It is unclear right now why the company did so..."

Microsoft yanks buggy Windows patches KB 4052233, 4052234, 4052235
...In a startling departure from the norm, Microsoft has not only pulled the buggy Win7/Server 2008 R2, Server 2012, and Win 8.1/Server 2012 R2 patches; it’s even eliminated the associated KB articles and entries in the official update history pages...
- https://www.computer...34-4052235.html
Nov 6, 2017
___

Non-security Office updates due today
- https://askwoody.com...ates-due-today/
Nov 7, 2017 - "Which means it’s a good time to check and make sure you have Automatic Updates turned off...
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

... With a crop of non-security Office updates due today, a big dose of security patches expected in a week, and a known bug in the KB 4041686 Win7 Preview, now’s a good time to make sure you have Automatic Update set so it won’t deal you a nasty surprise
> https://www.computer...tic-update.html
Nov 7, 2017

>> https://www.computer...nd-2976978.html
Nov 8, 2017
 

Edited by AplusWebMaster, 08 November 2017 - 07:53 AM.