Sep 2017 Non-Security Office Update Release
FYI...
September 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Sep 5, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information.
Office 2013
Update for Microsoft Office 2013 (KB3172484)
- https://support.microsoft.com/help/3172484
Update for Microsoft Office 2013 (KB3172512)
- https://support.microsoft.com/help/3172512
Update for Microsoft Office 2013 (KB3203486)
- https://support.microsoft.com/help/3203486
Update for Microsoft Office 2013 (KB3213536)
- https://support.microsoft.com/help/3213536
Update for Microsoft Office 2013 (KB4011087)
- https://support.microsoft.com/help/4011087
Update for Microsoft Office 2013 (KB4011106)
- https://support.microsoft.com/help/4011106
Update for Microsoft Project 2013 (KB4011109)
- https://support.microsoft.com/help/4011109
Update for Microsoft Visio 2013 (KB3191936)
- https://support.microsoft.com/help/3191936
Update for Microsoft Word 2013 (KB4011105)
- https://support.microsoft.com/help/4011105
Office 2016
Update for Microsoft Access 2016 (KB4011032)
- https://support.microsoft.com/help/4011032
Update for Microsoft Office 2016 (KB3191923)
- https://support.microsoft.com/help/3191923
Update for Microsoft Office 2016 (KB3191924)
- https://support.microsoft.com/help/3191924
Update for Microsoft Office 2016 (KB3203478)
- https://support.microsoft.com/help/3203478
Update for Microsoft Office 2016 (KB3203482)
- https://support.microsoft.com/help/3203482
Update for Microsoft Office 2016 (KB4011093)
- https://support.microsoft.com/help/4011093
Update for Microsoft Office 2016 (KB4011099)
- https://support.microsoft.com/help/4011099
Update for Microsoft Office 2016 (KB4011102)
- https://support.microsoft.com/help/4011102
Update for Microsoft Office 2016 Language Interface Pack (KB4011098)
- https://support.microsoft.com/help/4011098
Update for Microsoft OneNote 2016 (KB4011092)
- https://support.microsoft.com/help/4011092
Update for Microsoft Project 2016 (KB4011101)
- https://support.microsoft.com/help/4011101
Update for Microsoft Visio 2016 (KB4011096)
- https://support.microsoft.com/help/4011096
Update for Microsoft Word 2016 (KB4011039)
- https://support.microsoft.com/help/4011039
___
- https://www.computerworld.com/articl...carefully.html
Sep 5, 2017 - "August was a banner month for Windows and Office customers. If I counted correctly, we saw patches on -14- different days last month... current list of outstanding problems... it’s time for you to get the August patches out of the way..."
(More detail at the computerworld URL above.)
:fear::fear:
MS Security Updates - Sept 2017
FYI...
- https://blogs.technet.microsoft.com/...pdate-release/
Sep 12, 2017 - "... we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."
- https://portal.msrc.microsoft.com/en...d-000d3a32fc99
Sep 12, 2017 - "The September security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Adobe Flash Player
Skype for Business and Lync
.NET Framework
Microsoft Exchange Server ..."
> https://portal.msrc.microsoft.com/en...idance/summary
Total items: 96 - Page: 1/1
___
Sept 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Sep 12, 2017 - "... This month, there are -45- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4040279*.
* https://support.microsoft.com/en-us/...crosoft-office
Last Review: Sep 12, 2017 - Rev: 9
A new version of Office 2013 Click-To-Run is available: 15.0.4963.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7188.5002"
___
Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.microsoft.com/en-us/...ces-changes-in
Last Review: Sep 12, 2017 - Rev: 125
___
Additional info:
- http://www.securitytracker.com/id/1039320
- http://www.securitytracker.com/id/1039322
- http://www.securitytracker.com/id/1039323
- http://www.securitytracker.com/id/1039324
- http://www.securitytracker.com/id/1039325
- http://www.securitytracker.com/id/1039326
- http://www.securitytracker.com/id/1039327
- http://www.securitytracker.com/id/1039328
- http://www.securitytracker.com/id/1039329
- http://www.securitytracker.com/id/1039330
- http://www.securitytracker.com/id/1039331
- http://www.securitytracker.com/id/1039333
- http://www.securitytracker.com/id/1039337
- http://www.securitytracker.com/id/1039338
- http://www.securitytracker.com/id/1039339
- http://www.securitytracker.com/id/1039340
- http://www.securitytracker.com/id/1039341
- http://www.securitytracker.com/id/1039342
- http://www.securitytracker.com/id/1039343
- http://www.securitytracker.com/id/1039344
- http://www.securitytracker.com/id/1039352
- http://www.securitytracker.com/id/1039369
___
Qualys analysis: https://blog.qualys.com/laws-of-vuln...-adobe-patches
Sep 12, 2017 - "Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering -27- of these vulnerabilities are labeled as -Critical- and -39- can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.
Out of the 26 vulnerabilities that are both Critical and RCE, -22- of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser. Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp."
ghacks.net: https://www.ghacks.net/2017/09/12/mi...-2017-release/
Sep 12, 2017 - "... Executive Summary:
Microsoft released security patches for all versions of Windows. Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.
Operating System Distribution:
- Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
- Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
- Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important
Windows Server products:
- Windows Server 2008 R2: 23 vulnerabilities, of which 3 are rated critical, 20 important
- Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
- Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important
Other Microsoft Products:
- Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
- Microsoft Edge: 28 vulnerabilities, 19 critical, 7 important, 2 moderate..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Sep 12, 2017
:fear::fear:
Outlook 2010, 2013 and 2016 - Email retrieval fails after installing Patch
FYI...
Email retrieval fails after installing Security Patch for Outlook 2010, 2013 and 2016
- https://www.veritas.com/support/en_US/article.000127958
2017-09-20 - "Problem: Users will not be able to retrieve emails after installing the associated Microsoft Outlook Security patch, listed below, released on September 12, 2017.
KB4011089 for Outlook 2010
KB4011090 for Outlook 2013
KB4011091 for Outlook 2016
When this Microsoft Security patch for Outlook is installed on the client, users are unable to access archived emails.Upon double clicking on the shortcut it will open the shortcut only with the banner: "The item has archived by Enterprise vault. Click here to view the original link"
Outlook will become unresponsive, when clicking on the banner.
Cause: These Microsoft Office security updates have disabled scripts for custom forms. Enterprise Vault's archived item shortcuts are custom forms that require scripting for their retrieval functionality.
>> Note: Outlook clients without this patch are not affected..."
Custom form script is now disabled by default
Applies To: Outlook 2016 Outlook 2013 Outlook 2010 Outlook 2007
> https://support.office.com/en-gb/art...c-d7cce0120e94
Last updated: Sep 19, 2017
ISSUE: Custom form script is now disabled by default and requires setting registry keys to re-enable it..."
___
Where we stand with messy September Windows and .NET patches
... Bugs galore — IE won’t start or looks odd, custom controls turn black, Edge goes AWOL — with Windows 10 Creators Update getting more than its fair share.
> https://www.computerworld.com/articl...t-patches.html
Sep 21, 2017
___
Maintaining Windows 10 security tops list of enterprise challenges
- https://www.helpnetsecurity.com/2017...s-10-security/
Sep 21, 2017 - "Companies are experiencing significant challenges in their attempts to keep their endpoints secure. Maintaining Windows 10 security topped the list of challenges with over half of respondents to an Adaptiva survey indicating it can take a -month- or -more- for IT teams to execute Windows OS updates, which ultimately leaves systems vulnerable..."
(More detail at the helpnetsecurity URL above.)
:fear::fear::fear:
MS Sept 2017 Windows and Office patches
FYI...
Where we stand with MS Sept 2017 Windows and Office patches ...
- https://www.computerworld.com/articl...e-patches.html
Sep 26, 2017 - "... Recommendations: Assuming you don’t click “Enable Editing” in Word, there are no immediately pressing September patches. I say it’s wise to wait-and-see if any of the outstanding bugs get fixed — and wait to see if the patches-of-patches generate new problems of their own..."
(More detail at the computerworld URL above.)
> https://www.askwoody.com/
Sep 26, 2017 - "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."
:fear::fear::fear:
MS Sep 2017 - patch status ...
FYI...
It’s time to install the September patches for Windows and Office
... The September patches were problematic — a couple of them got pulled, a couple more replaced — but most of the bugs are now reasonably well known and understood
- https://www.computerworld.com/articl...nd-office.html
Sep 29, 2017 11:31 AM PT
(Many details at the computerworld URL above.)
> https://www.askwoody.com/
Sep 30, 2017 at 12:09 - "Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems."
> https://www.askwoody.com/2017/work-i...askwoody-site/
- https://twitter.com/woodyleonhard/st...35736215105536
7:31 AM - 30 Sep 2017 - "... AskWoody.com is under attack, going up and down, mostly down. We're working on it..."
- https://www.facebook.com/WoodyOnWindows/
:fear::fear::fear:
Turn MS 'Auto Update' off ...
FYI...
Check to see that MS 'Auto Update' is turned off
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it...
- https://askwoody.com/2017/ms-defcon-...is-turned-off/
Oct 10, 2017 - "... a slew of patches waiting, for a dozen different platforms, including all versions of Windows (even RT 8.1!), Office, IE, Skype and more..."
... delay Automatic Update at least a few days, until the bugs have shaken out...
> https://www.computerworld.com/articl...re-coming.html
Oct 10, 2017 - "If you’re running Windows, do yourself a favor and put Automatic Update on a temporary hold..."
:fear::fear:
MS Security Updates - Oct 2017
FYI...
October 2017 security update release
- https://blogs.technet.microsoft.com/...pdate-release/
Oct 10, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."
- https://portal.msrc.microsoft.com/en...2-000d3a32fc99
Oct 10, 2017 - "The October security release consists of security updates for the following software:
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• Skype for Business and Lync
• Chakra Core ...
Known issues:
- https://support.microsoft.com/en-us/help/4041691
- https://support.microsoft.com/en-us/help/4042895
- https://support.microsoft.com/en-us/help/4041676
- https://support.microsoft.com/en-us/help/4041681
"... Microsoft is working on a resolution and will provide an update in an upcoming release."
Security Update Summary
> https://portal.msrc.microsoft.com/en...idance/summary
10/10/2017
___
October 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Oct 10, 2017 - "... This month, there are 26 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4043461*.
A new version of Office 2013 Click-To-Run is available: 15.0.4971.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7189.5001
* https://support.microsoft.com/en-us/...crosoft-office
Last Review: Oct 10, 2017 - Rev: 10
___
Additional information:
- http://www.securitytracker.com/id/1039526
- http://www.securitytracker.com/id/1039527
- http://www.securitytracker.com/id/1039528
- http://www.securitytracker.com/id/1039529
- http://www.securitytracker.com/id/1039530
- http://www.securitytracker.com/id/1039532
- http://www.securitytracker.com/id/1039533
- http://www.securitytracker.com/id/1039534
- http://www.securitytracker.com/id/1039535
- http://www.securitytracker.com/id/1039536
- http://www.securitytracker.com/id/1039537
- http://www.securitytracker.com/id/1039538
- http://www.securitytracker.com/id/1039539
- http://www.securitytracker.com/id/1039540
- http://www.securitytracker.com/id/1039541
- http://www.securitytracker.com/id/1039542
___
ghacks.net: https://www.ghacks.net/2017/10/10/mi...-2017-release/
Oct 10, 2017 - "... Our monthly series provides you with information on Microsoft's Patch Day. It features an overview of all security and non-security updates that Microsoft released since the last Patch day in September 2017. The monthly guide lists how different versions of Windows -- client and server -- and Microsoft's browsers Edge and Internet Explorer are affected. It features links to resources, direct download links for cumulative Windows updates, new and updated security advisories, and information on how to download the updates to Windows machines...
Windows 7: 20 vulnerabilities of which 5 are rated critical, 15 important
Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 17 important
Windows 10 version 1607: 29 vulnerabilities, 6 critical, 23 important
Windows 10 version 1703: 29 vulnerabilities of which 6 are rated critical, 23 important ..."
(More detail at the URL above.)
Qualys analysis: https://blog.qualys.com/laws-of-vuln...ulnerabilities
Oct 10, 2017 - "Today Microsoft released patches covering 62 vulnerabilities as part of August’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild. Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.
Also of note are two vulnerabilities in the Windows font library, CVE-2017-11762 and CVE-2017-11763, that can be exploited through a browser or malicious file, as well as a vulnerability in DNSAPI, CVE-2017-11779, that could allow a malicious DNS server to execute code on a client system.
A vulnerability in certain TPM chips is addressed by ADV170012. This vulnerability is in the TPM chip itself, and not in Windows, but could result in weak cryptographic keys. These keys are used for BitLocker, Biometric auth, and other areas of Windows. The updates provide a workaround for the weak keys leveraging additional logging and an option to use software-derived keys. Full remediation requires a firmware update from the device manufacturer.
As with several of the last Patch Tuesdays, the majority of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Oct 10, 2017
:fear::fear::fear:
Microsoft 'Patch Tuesday' problems
FYI...
Microsoft 'Patch Tuesday' problems ...
... It's been less than a day since the Patch Tuesday patches rolled out, and we're already seeing lots of complaints – and a few unexpected explanations
- https://www.computerworld.com/articl...-problems.html
Oct 11, 2017
... Every version of Windows gets patched, as well as Edge, IE, Skype for Business and Office. Pay special attention to the Word zero-day, the DNS security problem, and the TPM patching madness....
- https://www.computerworld.com/articl...eral-bugs.html
Oct 10, 2017
___
Microsoft patch problems persist...
... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computerworld.com/articl...-and-more.html
Oct 12, 2017
:fear::fear::fear:
MS Oct 2017- known issues
FYI...
Microsoft Dynamics 365 for Outlook is unable to render webpages after installing the October 2017 Microsoft Outlook security update
- https://support.microsoft.com/en-us/...webpages-after
Last Review: Oct 13, 2017 - Rev: 5
Fixes or workarounds for recent issues in Outlook for Windows
Applies To: Outlook 2016 Outlook 2013
- https://support.office.com/en-us/art...rs=en-US&ad=US
Last updated: October 2017
___
- https://askwoody.com/ms-defcon-system/
"... Current Microsoft patches are causing havoc. Don’t patch."
... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computerworld.com/articl...-and-more.html
Oct 12, 2017
___
> https://askwoody.com/2017/ms-defcon-...tes-and-krack/
Oct 17, 2017 - "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."
Excel, Access, external DB driver errors linked to this month’s patches
... If you’re seeing new “Unexpected error from external database driver” error messages, chances are good you recently installed KB 4041681 (Win7), KB4041676 (Win10 1703), or any of this month's Windows security patches
- https://www.computerworld.com/articl...s-patches.html
Oct 17, 2017
___
Windows 7 SP1 and Windows Server 2008 R2 SP1
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us/...date-kb4041681
Oct 17, 2017 - "... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 17
Windows 7 SP1 and Windows Server 2008 R2 SP1
October 17, 2017—KB4041686 (Preview of Monthly Rollup)
- https://support.microsoft.com/en-us/...date-kb4041686
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 10
___
MS ADV170018 | October Flash Security Update
> https://portal.msrc.microsoft.com/en...sory/ADV170018
10/17/2017
___
Announcing the .NET Framework 4.7.1
- https://blogs.msdn.microsoft.com/dot...amework-4-7-1/
October 17, 2017
Windows 10 release information
- https://technet.microsoft.com/en-us/...ease-info.aspx
Latest revision date - 10/17/2017 - 'Microsoft recommends'
October 17, 2017—KB4043961 (OS Build 16299.19)
Windows 10 Version 1709
- https://support.microsoft.com/en-us/...date-kb4043961
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 19
:fear::fear::fear: