MS Security Bulletin Summary - December 2016
FYI...
- https://technet.microsoft.com/en-us/...urity/ms16-dec
Dec 13, 2016 - "This bulletin summary lists security bulletins released for December 2016...
Note: As a reminder, the 'Security Updates Guide'* will be replacing security bulletins as of February 2017...
* https://portal.msrc.microsoft.com/en...urity-guidance
Microsoft Security Bulletin MS16-144 - Critical
Cumulative Security Update for Internet Explorer (3204059)
- https://technet.microsoft.com/library/security/ms16-144
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS16-145 - Critical
Cumulative Security Update for Microsoft Edge (3204062)
- https://technet.microsoft.com/library/security/ms16-145
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge
Microsoft Security Bulletin MS16-146 - Critical
Security Update for Microsoft Graphics Component (3204066)
- https://technet.microsoft.com/library/security/ms16-146
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-147 - Critical
Security Update for Microsoft Uniscribe (3204063)
- https://technet.microsoft.com/library/security/ms16-147
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-148 - Critical
Security Update for Microsoft Office (3204068)
- https://technet.microsoft.com/library/security/ms16-148
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps
Microsoft Security Bulletin MS16-149 - Important
Security Update for Microsoft Windows (3205655)
- https://technet.microsoft.com/library/security/ms16-149
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-150 - Important
Security Update for Secure Kernel Mode (3205642)
- https://technet.microsoft.com/library/security/ms16-150
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-151 - Important
Security Update for Windows Kernel-Mode Drivers (3205651)
- https://technet.microsoft.com/library/security/ms16-151
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-152 - Important
Security Update for Windows Kernel (3199709)
- https://technet.microsoft.com/library/security/ms16-152
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-153 - Important
Security Update for Common Log File System Driver (3207328)
- https://technet.microsoft.com/library/security/ms16-153
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS16-154 - Critical
Security Update for Adobe Flash Player (3209498)
- https://technet.microsoft.com/library/security/ms16-154
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
Microsoft Security Bulletin MS16-155 - Important
Security Update for .NET Framework (3205640)
- https://technet.microsoft.com/library/security/ms16-155
Important - Information Disclosure - Requires restart - Microsoft Windows, Microsoft .NET Framework
___
MS16-144: http://www.securitytracker.com/id/1037448
MS16-145: http://www.securitytracker.com/id/1037444
MS16-146: http://www.securitytracker.com/id/1037438
MS16-147: http://www.securitytracker.com/id/1037440
MS16-148: http://www.securitytracker.com/id/1037441
MS16-149: http://www.securitytracker.com/id/1037450
MS16-150: http://www.securitytracker.com/id/1037451
MS16-151: http://www.securitytracker.com/id/1037452
MS16-152: http://www.securitytracker.com/id/1037453
MS16-153: http://www.securitytracker.com/id/1037454
MS16-154: http://www.securitytracker.com/id/1037449
MS16-155: http://www.securitytracker.com/id/1037455
___
Dec 2016 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Dec 13, 2016 - "... This month, there are -24- security updates (1 bulletin) and 44 non-security updates.
Security bulletins: MS16-148:
- https://technet.microsoft.com/en-us/.../ms16-148.aspx
All of the security and non-security updates are listed in KB article 3208595:
- https://support.microsoft.com/en-us/kb/3208595
A new version of Office 2013 Click-To-Run is available: 15.0.4885.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7177.5000 ..."
___
ISC Analysis
- https://isc.sans.edu/mspatchdays.htm...day=2016-12-13
2016-12-13
Qualys Analysis
- https://blog.qualys.com/laws-of-vuln...ulletin-volume
Dec 13, 2016
.
MS Security Bulletin Summary - Jan 2017
FYI...
- https://technet.microsoft.com/en-us/...urity/ms17-jan
Jan 10, 2017 - "This bulletin summary lists security bulletins released for January 2017...
Note: There are no security fixes or quality improvements for Windows 8.1 or Windows Server 2012 R2 for release on Update Tuesday for January 2017. As such, there is no Security -Only- Quality Update or Security -Monthly- Quality Rollup release for these platforms this month...
(Total of -4-)
Microsoft Security Bulletin MS17-001 - Important
Security Update for Microsoft Edge (3214288)
- https://technet.microsoft.com/library/security/MS17-001
Important - Elevation of Privilege - Requires restart - Microsoft Windows, Microsoft Edge
Microsoft Security Bulletin MS17-002 - Critical
Security Update for Microsoft Office (3214291)
- https://technet.microsoft.com/library/security/ms17-002
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps
Microsoft Security Bulletin MS17-003 - Critical
Security Update for Adobe Flash Player (3214628)
- https://technet.microsoft.com/library/security/ms17-003
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
Microsoft Security Bulletin MS17-004 - Important
Security Update for Local Security Authority Subsystem Service (3216771)
- https://technet.microsoft.com/library/security/ms17-004
Important - Denial of Service - Requires restart - Microsoft Windows
___
MS17-001: http://www.securitytracker.com/id/1037573
MS17-002: http://www.securitytracker.com/id/1037568
- http://www.securitytracker.com/id/1037569
MS17-003: http://www.securitytracker.com/id/1037570
MS17-004: http://www.securitytracker.com/id/1037571
___
Security Updates Guide
- https://portal.msrc.microsoft.com/en...urity-guidance
10-Jan-2017 - January 2017 Security Updates
Total items: 34
[Note: There are -some- updates listed for Win8.1 and WinSvr2012 R2 here.]
___
Security Advisories
- https://technet.microsoft.com/en-us/...visories#APUMA
- https://technet.microsoft.com/library/security/2755801
1/10/2017 - 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/.../mt745127.aspx
- https://technet.microsoft.com/librar...y/3214296.aspx
Jan 10, 2017 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege
___
January 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Jan 10, 2017 - "... This month, there are -2- security updates (1 bulletin) and -31- non-security updates.
Security bulletins: MS17-002: https://technet.microsoft.com/en-us/.../ms17-002.aspx
All of the security and non-security updates are listed in KB article 3214449:
- https://support.microsoft.com/en-us/kb/3214449
A new version of Office 2013 Click-To-Run is available: 15.0.4893.1002 ..."
___
ISC Analysis
- https://isc.sans.edu/mspatchdays.htm...day=2017-01-10
2017-01-10
Qualys Analysis
- https://blog.qualys.com/laws-of-vuln...curity-updates
Jan 10, 2017 - "... in the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch month ever. Patches were released for Microsoft Office, the Edge browser and LSASS. It’s an unusually small patch update and will definitely make system administrators happy. For Windows server 2008 administrators, on top of the list is the LSASS or Local Security Authority Subsystem Service bulletin MS17-004 which is a denial-of-service condition which could allow unauthenticated attackers to trigger an automatic reboot. To exploit the vulnerability an unauthenticated attacker could send a specially crafted authentication request which would lead in the reboot condition. This vulnerability i.e. CVE-2017-0004 was publically disclosed before the availability of the patch and PoC exploit could become available soon. Windows 7 and Vista are also affected.
Top on the priority list for workstations is the critical Office bulletin MS17-002 which applies to Word 2016 and SharePoint 2016. An attacker could send a malicious file as an attachment and could take complete control of the system if the file is opened with the affected software.
Microsoft Edge bulletin MS17-001 affects Windows 10 and Windows Server 2016. It allows an attacker to access information from one domain and inject it into another domain resulting into getting elevated privileges. This vulnerability i.e. CVE-2017-0002 was publically disclosed before the availability of the patch.
It is also worth noting that starting next month Microsoft will scrap the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database and instead of having to poke through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates..."
.
Win10 v1607 media available
FYI...
Windows 10 v1607 media now available
- https://blogs.technet.microsoft.com/...now-available/
Jan 19, 2017 - "On November 29th, Windows 10, version 1607 was -declared- the Current Branch for Business (CBB), indicating that Microsoft, independent software vendors (ISVs), partners, and customers -believe- that the release is ready for broad deployment. Today we are releasing updated media for Windows 10 v1607 (also known as the Windows 10 Anniversary Update) on Windows Update for Business, Windows Server Update Services (WSUS), and MSDN Subscriptions. We will also be releasing -updated-refreshed- media for Windows 10, version 1607 to the Volume Licensing Service Center (VLSC) on January 26, 2017...
End of servicing for Windows 10, version 1507:
With the availability of Windows 10, version 1607 to the VLSC on January 26th, the 60-day grace period for Windows 10, version 1507 will begin. That means, after March 26th, 2017, Windows 10, version 1507 will no longer be serviced as only the two most Current Branch for Business (CBB) versions are actively serviced...
Additional information:
For the latest list of Windows 10 feature updates, and current versions by servicing option, see our Windows 10 release information page*..."
* https://technet.microsoft.com/en-us/.../mt679505.aspx
___
Microsoft’s Release Process Prompts Update Confusion
> http://windowssecrets.com/patch-watc...ate-confusion/
Jan 24, 2017
___
Windows 10 Version 1607 and Windows Server 2016
January 26, 2017—KB 3216755 (OS Build 14393.726)
- https://support.microsoft.com/en-us/...date-kb3216755
. Update replacement information: This update replaces the previously released update KB3213986.
Last Review: Jan 26, 2017 - Rev: 2
___
Windows 10 update KB 3216755
> http://www.infoworld.com/article/316...b-3216755.html
Jan 27, 2017 - "... The latest cumulative update is only available in the Update Catalog":
> http://www.catalog.update.microsoft....aspx?q=3216755
:confused: :fear: :spider:
MS Security Advisory 4010983
FYI...
Microsoft Security Advisory 4010983
Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service
- https://technet.microsoft.com/library/security/4010983
Jan 27, 2017
:fear::fear:
MS Feb 2017 Patches delayed
FYI...
MS Patches delayed
- https://isc.sans.edu/diary.html?storyid=22066
Feb 14, 2017 - "Microsoft delayed the release of all bulletins* scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused the delay... we do not know when Microsoft will release it's February patches. There is still the unpatched SMB 3 DoS vulnerability... hoped to be addressed in this round..."
* https://blogs.technet.microsoft.com/...pdate-release/
Feb 14, 2017 - "... This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates..."
:fear::fear:
MS February Patch Tuesday Now Rolled into March
FYI...
Microsoft February Patch Tuesday Now Rolled into March Update
- https://isc.sans.edu/diary.html?storyid=22072
2017-02-16 - "Microsoft earlier today updated its blog post* about the "skipped" February patch Tuesday with a note that "We will deliver updates as part of the planned March Update Tuesday, March 14, 2017." March 14th is the March Patch Tuesday date, so February's updates will be combined with the March update. Probably overall the least disruptive solution at this point."
* https://blogs.technet.microsoft.com/...pdate-release/
___
Windows Update issues may be at root of February's patch delay
- http://www.computerworld.com/article...tch-delay.html
Feb 15, 2017
:fear::fear:
MS Security Bulletin MS17-005
FYI...
Microsoft Security Bulletin MS17-005 - Critical
Security Update for Adobe Flash Player (4010250)
- https://technet.microsoft.com/en-us/...urity/MS17-005
Feb 21, 2017 - "This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016..."
- https://support.microsoft.com/en-us/...bruary-21-2017
Last Review: Feb 21, 2017 - Rev: 28
- https://isc.sans.edu/diary.html?storyid=22097
2017-02-21 23:55:22 UTC
- https://blogs.technet.microsoft.com/...ility-release/
Feb 21, 2017
___
Unpatched MS Edge and IE Bug
- https://isc.sans.edu/diary.html?storyid=22115
2017-02-25
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2017-0037
Last revised: 02/26/2017
:fear::fear:
MS March 2017 Non-Security Office Update Release
FYI... ("March madness" begins)
March 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Mar 7, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information."
Office 2013
Update for Microsoft Office 2013 (KB3162058)
> http://support.microsoft.com/KB/3162058
Update for Microsoft Office 2013 (KB3162039)
> http://support.microsoft.com/KB/3162039
Update for Microsoft OneDrive for Business (KB3178645)
> http://support.microsoft.com/KB/3178645
Update for Microsoft Project 2013 (KB3178650)
> http://support.microsoft.com/KB/3178650
Update for Microsoft Visio 2013 (KB3172437)
> http://support.microsoft.com/KB/3172437
Office 2016
Update for Microsoft Access 2016 (KB3128054)
> http://support.microsoft.com/KB/3128054
Update for Microsoft Office 2016 (KB3141452)
> http://support.microsoft.com/KB/3141452
Update for Microsoft OneDrive for Business (KB3141458)
> http://support.microsoft.com/KB/3141458
Update for Microsoft Office 2016 (KB3178661)
> http://support.microsoft.com/KB/3178661
Update for Microsoft Office 2016 (KB3178663)
> http://support.microsoft.com/KB/3178663
Update for Microsoft Office 2016 (KB3178668)
> http://support.microsoft.com/KB/3178668
Update for Microsoft Office 2016 (KB3178660)
> http://support.microsoft.com/KB/3178660
Update for Microsoft Office 2016 (KB3178655)
> http://support.microsoft.com/KB/3178655
Update for Microsoft PowerPoint 2016 (KB3178657)
> http://support.microsoft.com/KB/3178657
Update for Microsoft Project 2016 (KB3178669)
> http://support.microsoft.com/KB/3178669
Update for Microsoft Publisher 2016 (KB3128047)
> http://support.microsoft.com/KB/3128047
Update for Microsoft Visio 2016 (KB3178654)
> http://support.microsoft.com/KB/3178654
:fear::fear:
MS Security Updates - March 2017
FYI...
- https://blogs.technet.microsoft.com/...pdate-release/
Mar 14, 2017 - "Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide*..."
Security Update Guide
* https://portal.msrc.microsoft.com/en...urity-guidance
14-Mar-17
March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/...er-2008-r2-sp1
Mar 14, 2017 - Rev: 11
Windows 8.1 and Windows Server 2012 R2 update history
- https://support.microsoft.com/en-us/...update-history
Mar 14, 2017 - Rev: 129
March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
- https://support.microsoft.com/en-us/...server-2012-r2
Mar 14, 2017 - Rev: 11
Windows 10 Version 1607 and Windows Server 2016
KB4013429 (OS Build 14393.953)
- https://support.microsoft.com/en-us/...date-kb4013429
Mar 14, 2017 - Rev: 48
> https://www.catalog.update.microsoft...px?q=KB4012212
> https://www.catalog.update.microsoft...px?q=KB4012213
> https://www.catalog.update.microsoft...px?q=KB4013429
___
Microsoft Security Bulletin Summary for March 2017
- https://technet.microsoft.com/en-us/...urity/ms17-mar
Mar 14, 2017 - "This bulletin summary lists security bulletins released for March 2017..."
(18 total)
Microsoft Security Bulletin MS17-006 - Critical
Cumulative Security Update for Internet Explorer (4013073)
- https://technet.microsoft.com/library/security/MS17-006
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Internet Explorer
Microsoft Security Bulletin MS17-007 - Critical
Cumulative Security Update for Microsoft Edge (4013071)
- https://technet.microsoft.com/library/security/MS17-007
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge
Microsoft Security Bulletin MS17-008 - Critical
Security Update for Windows Hyper-V (4013082)
- https://technet.microsoft.com/library/security/MS17-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-009 - Critical
Security Update for Microsoft Windows PDF Library (4010319)
- https://technet.microsoft.com/library/security/MS17-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)
- https://technet.microsoft.com/library/security/MS17-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-011 - Critical
Security Update for Microsoft Uniscribe (4013076)
- https://technet.microsoft.com/library/security/MS17-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-012 - Critical
Security Update for Microsoft Windows (4013078)
- https://technet.microsoft.com/library/security/MS17-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.microsoft.com/library/security/MS17-013
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight
Microsoft Security Bulletin MS17-014 - Important
Security Update for Microsoft Office (4013241)
- https://technet.microsoft.com/library/security/MS17-014
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps,
Microsoft Server Software, Microsoft Communications Platforms and Software
Microsoft Security Bulletin MS17-015 - Important
Security Update for Microsoft Exchange Server (4013242)
- https://technet.microsoft.com/library/security/MS17-015
Important - Remote Code Execution - Requires restart - Microsoft Exchange
Microsoft Security Bulletin MS17-016 - Important
Security Update for Windows IIS (4013074)
- https://technet.microsoft.com/library/security/MS17-016
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-017 - Important
Security Update for Windows Kernel (4013081)
- https://technet.microsoft.com/library/security/MS17-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-018 - Important
Security Update for Windows Kernel-Mode Drivers (4013083)
- https://technet.microsoft.com/library/security/MS17-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-019 - Important
Security Update for Active Directory Federation Services (4010320)
- https://technet.microsoft.com/library/security/MS17-019
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-020 - Important
Security Update for Windows DVD Maker (3208223)
- https://technet.microsoft.com/library/security/MS17-020
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-021 - Important
Security Update for Windows DirectShow (4010318)
- https://technet.microsoft.com/library/security/MS17-021
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-022 - Important
Security Update for Microsoft XML Core Services (4010321)
- https://technet.microsoft.com/library/security/MS17-022
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS17-023 - Critical
Security Update for Adobe Flash Player (4014329)
- https://technet.microsoft.com/library/security/MS17-023
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___
MS17-006: http://www.securitytracker.com/id/1038008
MS17-007: http://www.securitytracker.com/id/1038006
MS17-008: http://www.securitytracker.com/id/1037999
MS17-009: http://www.securitytracker.com/id/1037989
MS17-010: http://www.securitytracker.com/id/1037991
MS17-011: http://www.securitytracker.com/id/1037992
MS17-012: http://www.securitytracker.com/id/1038001
MS17-013: http://www.securitytracker.com/id/1038002
MS17-014: http://www.securitytracker.com/id/1038010
- http://www.securitytracker.com/id/1038019
- http://www.securitytracker.com/id/1038020
MS17-015: http://www.securitytracker.com/id/1038011
MS17-016: http://www.securitytracker.com/id/1038012
MS17-017: http://www.securitytracker.com/id/1038013
MS17-018: http://www.securitytracker.com/id/1038017
MS17-019: http://www.securitytracker.com/id/1038018
MS17-020: http://www.securitytracker.com/id/1038015
MS17-021: http://www.securitytracker.com/id/1038016
MS17-022: http://www.securitytracker.com/id/1038014
___
March 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Mar 14, 2017 - "... This month, there are 28 security updates (2 bulletin) and 27 non-security updates.
Security bulletins:
MS17-013: https://technet.microsoft.com/en-us/.../ms17-013.aspx
MS17-014: https://technet.microsoft.com/en-us/.../ms17-014.aspx
All of the security and non-security updates are listed in KB article 4013886
- https://support.microsoft.com/en-us/...crosoft-office
A new version of Office 2013 Click-To-Run is available: 15.0.4911.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7179.5002"
___
ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=22185
Mar 14 2017 - "... large number of bulletins (18 total, which includes the Adobe Flash bulletin)
... You can review the patch summary here:
> https://isc.sans.edu/mspatchdays.htm...day=2017-03-14 "
Qualys Analysis:
- https://blog.qualys.com/laws-of-vuln...soft-for-march
Mar 14, 2017 - "Today Microsoft released a massive security update consisting of 17 security bulletins that fixed a total of -134- vulnerabilities. Out of the 17 security bulletins 8 were marked as Critical which could lead to remote code execution while the remaining were marked as Important. Since there were no patches released for February, in one way, a massive update was expected this month. We also liked the fact that Microsoft kept the older way of clubbing KB articles and patches in security bulletins which, in our opinion, is easy to read and provides better overall picture... Overall today is going to be very busy for IT department in organizations of all sizes due to the large number of client as well as server patches to be installed. But most people will be pleasantly surprised as Microsoft kept the older way of clubbing KB articles into security bulletins."
:fear::fear::fear: