MS releases - 6.27-28.2017
FYI...
Security Update Summary
> https://portal.msrc.microsoft.com/en...idance/summary
See -all- KB's dated 06/28/2017
___
June 27, 2017, update for Outlook 2010 (KB3015545)
- https://support.microsoft.com/en-us/...2010-kb3015545
Last Review: Jun 28, 2017 - Rev. 14
Last Review: Jun 28, 2017 - Rev: 20
June 27, 2017, update for Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/...2013-kb3191849
Last Review: Jun 27, 2017 - Rev: 13
Last Review: Jun 30, 2017 - Rev: 16
___
New ransomware, old techniques: Petya adds worm capabilities
- https://blogs.technet.microsoft.com/...-capabilities/
June 27, 2017
Update on Petya malware attacks
- https://blogs.technet.microsoft.com/...lware-attacks/
June 28, 2017
- https://www.us-cert.gov/ncas/alerts/TA17-181A
July 01, 2017 - "... Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable... US-CERT received a sample of this Petya ransomware variant and performed a detailed malware analysis. The team found that this Petya variant encrypts the victim’s files with a dynamically generated, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID, which means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid..."
___
- https://www.catalog.update.microsoft...px?q=KB4022716
2017-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4022716)
Last Modified: 6/28/2017
- https://support.microsoft.com/en-us/...date-kb4022716
Last Review: Jun 27, 2017 - Rev: 25
___
- https://www.catalog.update.microsoft...px?q=KB4022723
2017-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022723)
- https://support.microsoft.com/en-us/...date-kb4022723
Last Review: Jun 27, 2017 - Rev: 29
Last Review: Jun 29, 2017 - Rev: 36
___
- https://www.catalog.update.microsoft...px?q=KB4032693
2017-06 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4032693)
Last Modified: 6/26/2017
2017-06 Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4032693)
Last Modified: 6/26/2017
- https://support.microsoft.com/en-us/...date-kb4032693
Last Review: Jun 27, 2017 - Rev: 12
Last Review: Jun 29, 2017 - Rev: 19
> https://www.neowin.net/news/windows-...eres-whats-new
Jun 27, 2017 [More detail...]
:fear::fear::fear:
Outlook 2010 - KB3015545 / Win7 SP1 - KB4022719 Monthly Rollup
FYI...
Outlook 2010 (KB3015545)...
- https://support.microsoft.com/en-us/...2010-kb3015545
Last Review: Jun 28, 2017 - Rev: 20
"... Note: A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available. The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available..."
___
Windows 7 SP1 and Windows Server 2008 R2 SP1 - KB4022719 (Monthly Rollup)
- https://support.microsoft.com/en-us/...date-kb4022719
Last Review: Jun 27, 2017 - Rev: 41
MS Security Update Summary
> https://portal.msrc.microsoft.com/en...idance/summary
Latest dated 06/28/2017 as of date/time of this post.
:fear::fear:
MS Security Updates - July 2017
FYI...
MS Security Updates - July 2017
- https://portal.msrc.microsoft.com/en...urity-guidance
[Total items: 989] [Page: 1/10] - 7/11/2017
MS Security Update Summary
> https://portal.msrc.microsoft.com/en...idance/summary
Total items: 63 - 7/11/2017
> https://blogs.technet.microsoft.com/...pdate-release/
July 11, 2017 - "Today, we released security updates to provide additional protections against malicious attackers..."
Release Notes - July 2017 Security Updates
- https://portal.msrc.microsoft.com/en...c-000d3a32fc99
July 11, 2017 - "The July security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
.NET Framework
Adobe Flash Player
Microsoft Exchange Server..."
___
MS Office updates
> https://blogs.technet.microsoft.com/...pdate-release/
July 11, 2017 - "... This month, there are -17- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4033107*..."
* - https://support.microsoft.com/en-us/...crosoft-office
Last Review: Jul 11, 2017 - Rev: 12
"... Microsoft released the following security and nonsecurity updates. These monthly updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you..."
Office 2016, Office 2013, Office 2010, Office 2007
___
Additional information/reference:
- http://www.securitytracker.com/id/1038848
- http://www.securitytracker.com/id/1038849
- http://www.securitytracker.com/id/1038850
- http://www.securitytracker.com/id/1038851
- http://www.securitytracker.com/id/1038852
- http://www.securitytracker.com/id/1038853
- http://www.securitytracker.com/id/1038854
- http://www.securitytracker.com/id/1038855
- http://www.securitytracker.com/id/1038856
- http://www.securitytracker.com/id/1038857
- http://www.securitytracker.com/id/1038858
- http://www.securitytracker.com/id/1038859
- http://www.securitytracker.com/id/1038860
- http://www.securitytracker.com/id/1038861
- http://www.securitytracker.com/id/1038862
- http://www.securitytracker.com/id/1038863
- http://www.securitytracker.com/id/1038864
- http://www.securitytracker.com/id/1038865
- http://www.securitytracker.com/id/1038866
___
ghacks.net:
- https://www.ghacks.net/2017/07/11/mi...-2017-release/
July 11, 2017 - "... Executive Summary:
Microsoft released security updates for all client and server versions of Windows that the company supports.
All operating systems are affected by critical vulnerabilities.
Security updates have been released for other Microsoft products as well including Microsoft Office, Microsoft Edge, and Internet Explorer.
Windows 10 version 1507 won't receive security updates anymore.
Operating System Distribution:
Windows 7: 22 vulnerabilities of which 2 are rated critical, 19 important, and 1 moderate
Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate
Windows RT 8.1: 21 vulnerabilities of which 2 are rated critical, and 21 important
Windows 10 version 1703: 27 vulnerabilities of which 2 are rated critical, 23 important and 1 moderate ..."
(More at the ghacks URL above.)
___
- https://www.thezdi.com/blog/2017/7/1...-update-review
July 11, 2017 - "... 57 security patches impacting Windows, Internet Explorer, Edge, Office, SharePoint, .NET Framework, Exchange, and Hololens... some of these vulns were first disclosed to Microsoft during the most recent Pwn2Own competition back in March... all affected vendors were able to produce patches within 120 days... A few of the CVEs addressed by Microsoft this month deserve some extra attention..."
CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability
Security Vulnerability
- https://portal.msrc.microsoft.com/en.../CVE-2017-8463
7/11/2017
CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
Security Vulnerability
> https://portal.msrc.microsoft.com/en.../CVE-2017-8584
7/11/2017
___
Qualys analysis: https://blog.qualys.com/laws-of-vuln...-adobe-patches
July 11, 2017 - "Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.
Top priority for patching should go to CVE-2017-8589*, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya... Today’s release is normal in size, and covers 54 vulnerabilities in Windows, Internet Explorer, Edge, Office, .net Framework, Adobe Flash, and Exchange..."
* https://portal.msrc.microsoft.com/en.../CVE-2017-8589
.
Patch Watch: July’s releases fix June’s Issues
FYI...
Patch Watch: July’s releases fix June’s Issues
> http://windowssecrets.com/windows-se...-junes-issues/
July 13, 2017
"... Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply."
___
> https://www.askwoody.com/
"Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."
:fear::fear::fear:
MS yanks bad Outlook patches...
FYI...
Outlook 2010 (KB4011042)
- https://support.microsoft.com/en-us/...2010-kb4011042
Last Review: Jul 11, 2017 - Rev: 17
"Notice: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again..."
Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/...2013-kb3191849
Last Review: Jul 11, 2017 - Rev: 19
"Notice: Update 3191849 for Microsoft Outlook 2013 that was released on June 27, 2017, is not currently available. This article will be updated as soon as the update is available again..."
Outlook 2016 (KB3213654)
- https://support.microsoft.com/en-us/...2016-kb3213654
Last Review: Jul 11, 2017 - Rev: 21
"Notice: Update 3213654 for Microsoft Outlook 2016 that was released on June 30, 2017, is not currently available. This article will be updated as soon as the update is available again..."
... as of July 17, 2017
___
Win7 SP1 and Windows Server 2008 R2 SP1
... 2017 July monthly rollup
- https://support.microsoft.com/en-us/...date-kb4025341
Last Review: Jul 14, 2017 - Rev: -40-
___
- https://www.askwoody.com/2017/micros...213654-401042/
July 15, 2017
- http://www.computerworld.com/article...54-401042.html
July 15, 2017 - "... earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook."
___
Win10: https://blogs.msmvps.com/bradley/201...s-another-way/
July 17, 2017 - "Next way to get 1703 on systems – again go back to that download page:
- https://www.microsoft.com/en-us/soft...load/windows10
and use the download tool to make the iso/media. Park the iso on a network share and expand it out.
Next use the command switches noted in this blog post:
– https://blogs.technet.microsoft.com/...line-switches/
Specifically you want to ensure that you do -not- trigger a 'clean install' but an upgrade."
Tracking known issues with Win10 1703:
> https://techcommunity.microsoft.com/...703/td-p/67122
:fear::fear::fear:
MS Office Outlook updates - 7.27.2017
FYI...
New updates are available for Outlook
- https://blogs.technet.microsoft.com/...e-for-outlook/
July 27, 2017 - "We released security updates for Outlook today. See the following KB articles for more information:
- https://support.microsoft.com/en-us/help/4011052
- https://support.microsoft.com/en-us/help/4011078
- https://support.microsoft.com/en-us/help/2956078
- https://support.microsoft.com/en-us/help/3213643
A new version of Office 2013 Click-To-Run is available: 15.0.4953.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7187.5000"
___
CVE-2017-8572 | Microsoft Office Outlook Information Disclosure Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en.../CVE-2017-8572
07/27/2017
- http://www.securitytracker.com/id/1039010
CVE Reference: CVE-2017-8572
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix...
___
CVE-2017-8663 | Microsoft Office Outlook Memory Corruption Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en.../CVE-2017-8663
07/27/2017
- http://www.securitytracker.com/id/1039011
CVE Reference: CVE-2017-8663
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix...
___
CVE-2017-8571 | Microsoft Office Outlook Security Feature Bypass Vuln
Security Vulnerability
- https://portal.msrc.microsoft.com/en.../CVE-2017-8571
07/27/2017
- http://www.securitytracker.com/id/1039012
CVE Reference: CVE-2017-8571
Jul 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, 2010 C2R, 2013 C2R, 2016 C2R ...
Impact: A remote user can create a file that, when loaded and interacted with by the target user, will execute arbitrary commands on the target user's system.
Solution: The vendor has issued a fix...
___
Description of the security update for Outlook 2007
- https://support.microsoft.com/en-us/...7-july-27-2017
Last Review: Jul 27, 2017 - Rev: 15
Description of the security update for Outlook 2010
- https://support.microsoft.com/en-us/...0-july-27-2017
Last Review: Jul 27, 2017 - Rev: 14
Description of the security update for Outlook 2013
- https://support.microsoft.com/en-us/...3-july-27-2017
Last Review: Jul 27, 2017 - Rev: 18
Description of the security update for Outlook 2016
- https://support.microsoft.com/en-us/...6-july-27-2017
Last Review: Jul 27, 2017 - Rev: 15
___
MS Security Update Summary
- https://portal.msrc.microsoft.com/en...idance/summary
Latest dated: 7/27/2017 - Total items: 68
___
> http://www.computerworld.com/article...rity-bugs.html
Jul 27, 2017
:fear::fear::fear:
Microsoft Security Updates for August, 2017
Security Update Summary
https://portal.msrc.microsoft.com/en...idance/summary
The August 2017 Security Update Review
August 08, 2017 | Dustin Childs
"For this month, Adobe released two Critical-rated updates for Adobe Flash, Digital Edition, and Reader, and one Important-rated update for Adobe Experience Manager."
"Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. Of these 48 CVEs, 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. A total of seven of these CVEs came through the ZDI program. Two of these bugs are listed as publically known prior to release, with one bug listed as having publicly available PoC."
https://www.zerodayinitiative.com/bl...-update-review
Win7 August 2017 patches - bugzz
FYI...
Win7 August 2017 patches - bugzz
- http://computerworld.com/article/321...-problems.html
Aug 14, 2017 - "... We now have solid reports of a -bug- in -both- of the Win-7 security patches for this month, KB 4034664* (the monthly rollup, installed by Windows Automatic Update) and KB 4034679** (the manual security-only patch). If you have a Win7 machine with two or more monitors, and there’s something weird happening with the second monitor, you may be able to solve the problem by uninstalling the bad patch..."
* https://support.microsoft.com/en-us/...date-kb4034664
Last Review: Aug 9, 2017 - Rev: 21
Last Review: Aug 16, 2017 - Rev: 23
Last Review: Aug 18, 2017 - Rev: 25
Last Review: Aug 25, 2017 - Rev: 26
** https://support.microsoft.com/en-us/...date-kb4034679
Last Review: Aug 9, 2017 - Rev: 23
Last Review: Aug 16, 2017 - Rev: 27
Last Review: Aug 18, 2017 - Rev: 28
Last Review: Aug 25, 2017 - Rev: 29
- https://www.askwoody.com/2017/micros...ering-problem/
Aug 26, 2017
:fear::fear: :sad:
Patch Watch: August’s 'Follow-Up' Fixes
FYI...
Win7 August 2017 patches - bugzz
- http://computerworld.com/article/321...-problems.html
Aug 14, 2017 - "... We now have solid reports of a -bug- in -both- of the Win-7 security patches for this month, KB 4034664* (the monthly rollup, installed by Windows Automatic Update) and KB 4034679** (the manual security-only patch). If you have a Win7 machine with two or more monitors, and there’s something weird happening with the second monitor, you may be able to solve the problem by uninstalling the bad patch..."
* https://support.microsoft.com/en-us/...date-kb4034664
Last Review: Aug 9, 2017 - Rev: 21
Last Review: Aug 16, 2017 - Rev: 23
Last Review: Aug 18, 2017 - Rev: 25
Last Review: Aug 25, 2017 - Rev: 26
Last Review: Aug 29, 2017 - Rev: 27
Last Review: Aug 30, 2017 - Rev: 29
** https://support.microsoft.com/en-us/...date-kb4034679
Last Review: Aug 9, 2017 - Rev: 23
Last Review: Aug 16, 2017 - Rev: 27
Last Review: Aug 18, 2017 - Rev: 28
Last Review: Aug 25, 2017 - Rev: 29
Last Review: Aug 29, 2017 - Rev: 30
Last Review: Aug 30, 2017 - Rev: 31
- https://www.askwoody.com/2017/micros...ering-problem/
Aug 26, 2017
___
Patch Watch: August’s Follow-Up Fixes
> http://windowssecrets.com/windows-se...llow-up-fixes/
Aug 22, 2017 - "I have a phrase I often use with technology: Keep the children on the playground the same age. This means -not- mixing older-and-younger groups; they have different skill levels and abilities. The same goes for .NET 4.7, applications and Windows 7. If you dig into various locations on the web you will see post install side effects such as the following:
Impacting Autocad and earlier versions as noted in a forum[1]
1] https://www.cadnauseam.com/2017/07/1...ocad-pre-2017/
.NET 4.7 crashing Quickbooks as noted on a blog[2]
2] http://www.intuitiveaccountant.com/g.../#.WZO9HLpFw2w
Possible issues with Arcgis Pro[3]
3] https://geonet.esri.com/thread/19626...aks-arcgis-pro
May have issues with touchscreen inputs as notes in this post[4]
4] https://www.reddit.com/r/sysadmin/co...dp&sh=376b604f
Techsmith Snagit impact with .NET 4.7 as noted in this forum[5]
5] https://www.reddit.com/r/sysadmin/co...dp&sh=376b604f
I’ll be investigating and see if the 4.7 update is the trigger for these issues but in the meantime if you are impacted and want to block .NET 4.7 you can use a registry key as noted on the Ghacks site.[6]
6] https://www.ghacks.net/2017/06/12/bl...-installation/
... What to do: Consider -blocking- .NET 4.7 on older operating systems.
Windows 10 1607 Side Effects: The release of 4034658 to Windows 10, version 1607 release had a few noticeable side effects: Naming it wiped-out-your-update-history. As an alternative, to see which quality updates have been applied, you can navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates.” In addition, the update had additional-side-effects of making any hidden updates pop back up again. So if you hid the 1703 update it -will- offer back up again. Finally in a network setting, WSUS servers will exhibit increased CPU, memory, and network utilization when Windows Update clients perform their first scan after installing KB4034658. Remember this only happens with the KB4034658* for Windows 10 1607 update."
* https://support.microsoft.com/en-hk/help/4034658
Last updated: 11 Aug 2017 - Rev: 21
Last Review: 28 Aug 2017 - Rev: 25
___
Fixes or workarounds for recent issues in Outlook for Windows
- https://support.office.com/en-us/art...3-95a214ac1230
Last updated: Aug 24, 2017
___
Update for Office 2016 (KB4011093)
- https://support.microsoft.com/en-us/...2016-kb4011093
Last Review: Aug 24, 2017 - Rev: 16
Last Review: Sep 1, 2017 - Rev: 20
___
August 25, 2017 — KB4039884
> https://support.microsoft.com/en-us/...date-kb4039884
Last Review: Aug 25, 2017 - Rev: 33
Last Review: Aug 30, 2017 - Rev: 34 - "This update addresses an issue where UI elements, including menu bars, are missing from Windows and Java applications running on computers with multiple monitors (multimon). The issue affects console and Remote Desktop logons when the main monitor is -not- in the top left area of the monitor layout in Control Panel. Applications may also stop responding or not work properly when moved between monitors. This issue impacts the following releases:
2017-08 Monthly Rollup - KB4034664
2017-08 Security-only update - KB4034679
2017-08 Preview of Monthly Rollup - KB4034670
Before you install this update, you must install KB4034664 or KB4034679, and then apply this update... Microsoft is working on a resolution and will provide an update in an upcoming release..."
"... If you have problems with a Windows 7 second monitor after installing this month’s KB 4034664, there’s a new manual-install-only fix. But it’s buggy, too"
>> http://www.computerworld.com/article...b-4039884.html
Aug 28, 2017
:fear::fear::fear:
MS patch alert - Outstanding problems with recent updates
FYI...
MS patch alert: Outstanding problems with recent updates
... Long list of -unresolved- issues
- https://www.computerworld.com/articl...t-updates.html
Aug 31, 2017 - "... Recommendation: Hold off on applying August Windows and Office patches."
:fear::fear::fear: