Microsoft Alerts

'Get Windows 10' patch reappears

FYI...

'Get Windows 10' snooping patch KB 2952664 reappears
- http://www.infoworld.com/article/31...s-10-snooping-patch-kb-2952664-reappears.html
Oct 5, 2016 - "For whatever reason, our old nemesis KB 2952664 reappeared suddenly yesterday afternoon, and Windows users are livid... For those of you who don't recall, KB 2952664 (and its Windows 8.1 companion KB 2976978)... Bottom line: If you want to upgrade your Windows 7 or 8.1 PC to Windows 10, and haven't already done so, you're being set up to pay-full-price for the privilege. If you want to keep Windows 10 off your machine, don't install KB 2952664 (Win7) or KB 2976978 (Win 8.1)...
Update: A Microsoft spokesperson sent this comment:
'There is no Get Windows 10 or upgrade functionality contained in this update. This KB article is related to the Windows Update and the appraiser systems that enables us to continue to deliver servicing updates to Windows 7 and Windows 8.1 devices, as well as ensure device and application compatibility.'"

- https://support.microsoft.com/en-us/kb/2952664
Last Review: 10/04/2016 17:25:00 - Rev: 25.0
Applies to: Windows 7 Service Pack 1

- https://support.microsoft.com/en-us/kb/2976978
Last Review: 10/04/2016 17:29:00 - Rev: 29.0
Applies to: Windows 8.1 Enterprise, Windows 8.1, Windows 8.1 Pro, Windows 8 Enterprise, Windows 8, Windows 8 Pro

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - October 2016

FYI...

- https://technet.microsoft.com/library/security/ms16-oct
Oct 11, 2016 - "This bulletin summary lists security bulletins released for October 2016...

Microsoft Security Bulletin MS16-118 - Critical
Cumulative Security Update for Internet Explorer (3192887)
- https://technet.microsoft.com/library/security/MS16-118
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-119 - Critical
Cumulative Security Update for Microsoft Edge (3192890)
- https://technet.microsoft.com/library/security/MS16-119
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-120 - Critical
Security Update for Microsoft Graphics Component (3192884)
- https://technet.microsoft.com/library/security/MS16-120
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync.

Microsoft Security Bulletin MS16-121 - Important
Security Update for Microsoft Office (3194063)
- https://technet.microsoft.com/library/security/MS16-121
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-122 - Critical
Security Update for Microsoft Video Control (3195360)
- https://technet.microsoft.com/library/security/MS16-122
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-123 - Important
Security Update for Windows Kernel-Mode Drivers (3192892)
- https://technet.microsoft.com/library/security/MS16-123
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-124 - Important
Security Update for Windows Registry (3193227)
- https://technet.microsoft.com/library/security/MS16-124
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-125 - Important
Security Update for Diagnostics Hub (3193229)
- https://technet.microsoft.com/library/security/MS16-125
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-126 - Moderate
Security Update for Microsoft Internet Messaging API (3196067)
- https://technet.microsoft.com/library/security/MS16-126
Moderate - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-127 - Critical
Security Update for Adobe Flash Player (3194343)
- https://technet.microsoft.com/library/security/MS16-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

Re-released:

Compatibility update for keeping Windows up-to-date in Windows 7
- https://support.microsoft.com/en-us/kb/2952664
"This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate compatibility on the Windows ecosystem and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update..."
Last Review: 10/11/2016 16:06:00 - Rev. 27.0
Applies to: Windows 7 Service Pack 1
___

MS16-118: http://www.securitytracker.com/id/1036992
MS16-119: http://www.securitytracker.com/id/1036993
MS16-120: http://www.securitytracker.com/id/1036988
MS16-121: http://www.securitytracker.com/id/1036984
MS16-122: http://www.securitytracker.com/id/1036983
MS16-123: http://www.securitytracker.com/id/1036996
MS16-124:
MS16-125: http://www.securitytracker.com/id/1036997
MS16-126:
MS16-127: http://www.securitytracker.com/id/1036985
___

- https://blogs.technet.microsoft.com/msrc/2016/10/11/october-2016-security-update-release/
Oct 11, 2016

Oct 2016 Office Update Release
- https://blogs.technet.microsoft.com...016/10/11/october-2016-office-update-release/
Oct 11, 2016 - "... This month, there are -16- security updates (2 bulletins) and 32 non-security updates.
Security bulletins:
MS16-120: https://technet.microsoft.com/en-us/library/security/ms16-120.aspx
MS16-121: https://technet.microsoft.com/en-us/library/security/ms16-121.aspx
All of the security and non-security updates for October are listed in KB article 3194160:
- https://support.microsoft.com/en-us/kb/3194160
A new version of Office 2013 Click-To-Run is available: 15.0.4867.1003
A new version of Office 2010 Click-To-Run is available: 14.0.7174.5001
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases*."
* https://technet.microsoft.com/en-us/mt465751

.NET Framework Monthly Rollups Explained
- https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/
Oct 11, 2016
___

ISC Analysis: https://isc.sans.edu/diary.html?storyid=21581
2016-10-11 - "Microsoft published -nine- bulletins plus one bulletin affecting Adobe Flash. These bulletins fix 43 vulnerabilities in Microsoft software, and 11 in Flash. Several of the bulletins address vulnerabilities that are already exploited in the wild. Most of these vulnerabilities are information disclosure vulnerabilities. One of them, CVE 2016-3393 is a remote code execution vulnerability which is why I labeled it as "Patch Now"... summary here:
- https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11 "

Qualys Analysis: https://blog.qualys.com/laws-of-vul...october-b-week-patch-tuesday-five-0-day-fixes
Oct 11, 2016 - "Today Microsoft started rolling out a new way to patch systems, and I explain the different components which are included and their timeline:
> Patch Tuesday (second Tuesday of every month or B week): Two main components will be released on Patch Tuesday:
- A security-only update: This is a single update containing all new security fixes for that month. It will be released on Windows Server Update Services (WSUS) where it can be consumed by other tools like ConfigMgr, and the Windows Update Catalog. This package will NOT be available for consumer PCs which get updated via Windows Update.
- A security monthly rollup: A single update containing all new security fixes for that month (same as the security-only update) as well as fixes from all previous monthly rollups. This will be available for consumer PCs which get updated via Windows Update.
> Third Tuesday of every month (C Week): This is a monthly rollup containing a preview of new non-security fixes that will be included in the next monthly rollup, as well as fixes from all previous monthly rollup. This is included for users to test their systems before next month. This will be available on WSUS, Windows update and Windows Update Catalog.
Internet Explorer updates are included in the security-only -and- monthly security rollup. .NET will follow a similar formula as monthly rollup and security-only updates.
Since today is Patch Tuesday i.e. B week or second Tuesday week, here is a list of security fixes that administrators should focus on:
A total of ten security updates were released affecting Browsers, Office, GDI, Kernel Drivers, Registry, Messaging and also update for Adobe Flash. Five updates are critical, four are important while one is moderate. What’s interesting is that five updated have at least one vulnerability each which a fixes a 0-day. These are the vulnerabilities that are already actively exploited in the wild..."

.
 
Last edited:
October 2016 security 'only/monthly' quality 'rollup' - Win7

FYI...

October 2016 'security monthly' quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security updates includes improvements and fixes from an update that was shipped earlier by update 3185278. To learn more about the non-security improvements and fixes in this update, see the September 20, 2016 — 3185278 section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history.
This security update also resolves the following vulnerabilities in Windows:
MS16-101 Security update for Windows authentication methods
MS16-118 Cumulative security update for Internet Explorer
MS16-120 Security update for Microsoft graphics component
MS16-122 Security update for Microsoft video control
MS16-123 Security update for kernel-mode drivers
MS16-124 Security update for Windows registry
MS16-126 Security update for Microsoft Internet Messaging API
More information:
Important:
The security fixes listed above that are included in this security update 3185330 are also included in this October 2016 month’s Security Only Quality Update 3192391*, which only includes those fixes. Installing either update will include the security fixes listed above, and the Security Monthly Quality Rollup also includes improvements and fixes from previous Monthly Rollups.
If you use update management processes other than Windows Update and automatically approve all Security updates classifications for deployment, note that both the Security Only Quality Update 3192391* and the Security Monthly Quality Rollup for the month 3185330 will be deployed. We recommend that you review your update deployment rules to ensure the desired updates are deployed.
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows."
- https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/11/2016 18:51:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

October 2016 'security only' quality update for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security update resolves the following vulnerabilities in Windows 7 and Windows Server 2008 R2:
MS16-101 Security update for Windows authentication methods
MS16-118 Cumulative security update for Internet Explorer
MS16-120 Security update for Microsoft graphics component
MS16-122 Security update for Microsoft video control
MS16-123 Security update for kernel-mode drivers
MS16-124 Security update for Windows registry
MS16-126 Security update for Microsoft Internet Messaging API
More information..."
* https://support.microsoft.com/en-us/kb/3192391
Last Review: 10/11/2016 17:49:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"The September 2016 update rollup includes some new improvements and fixes for the Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 platform. We recommend that you apply this update rollup as part of your regular maintenance routines.
Improvements and fixes: To learn more about the non-security improvements and fixes in this update, see the "September 20, 2016 – KB3185278" section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history[1].
Known issues in this update:
Symptoms: Assume that you are running Enhanced Mitigation Experience Toolkit (EMET) on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed. When you try to start an application, the application freezes very early in the process and does not completely start.
Cause: This issue occurs because the Export Address table Filtering (EAF) mitigation is active on the application..." (More...)
- https://support.microsoft.com/en-us/kb/3185278
Last Review: 09/20/2016 16:20:00 - Rev: 1.0

1] http://go.microsoft.com/fwlink/p/?LinkId=821934
Last Review: Oct 10, 2016 - Rev: 41
Applies to: Windows 7
___

- https://krebsonsecurity.com/2016/10/microsoft-no-more-pick-and-choose-patching/
Oct 11, 2016 - "... Consumers on Win7 SP1 and Win8.1 will henceforth receive what Redmond is calling a “Monthly Rollup,” which addresses both security issues and reliability issues in a single update. The “Security-only updates” option — intended for enterprises and -not- available via Windows Update — will only include new security patches that are released for that month. What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible)..."

:fear::fear:
 
Last edited:
New rules for updating Win7

FYI...

New rules for updating Win7
- http://windowssecrets.com/patch-watch/coping-with-the-new-rules-for-updating-windows-7/
Oct 12, 2016 - "Only Microsoft could make Windows updating both easier and harder at the same time. This month we move from individual Win7 security updates to the new roll-up model. But Microsoft also released some individual updates alongside the rollups. To get through this transition, here are some steps to make the updating process less painful. Working with the big change in Win7 updating:
Microsoft’s new roll-up model for Windows 7 has a significant impact... I can no longer give you patch-by-patch recommendations on what to install now and what to put off — or never install. October’s patch release seemed especially confusing because some fixes are being addressed by both roll-up updates and separate patches. (Most of those separate updates are for corporate environments.) Whether this is a temporary expediency by Microsoft is something we’ll have to wait to see. For Patch Watch followers who stuck with Win7, I’m taking a slightly different tack in this column. I’d like you to review your system and determine how “crusty” it is — and how much you depend on it. If you have several Win7 computers, I recommend taking a cue from IT administrators: At least for this first use of the roll-up update system, install the updates on one system and carefully test that machine. Check, for example, that printer connections continue to work and there are no issues with your key applications."
___

> https://technet.microsoft.com/library/security/ms16-oct
Revisions:
•V1.1 (October 12, 2016): Bulletin Summary revised to change the severity of MS16-121 to Critical. This is an informational change only.

:fear:
 
Last edited:
Ms16-128 - 10.27.2016

FYI...

MS Security Bulletin MS16-128 - Critical
Security Update for Adobe Flash Player (3201860)
- https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
Oct 27, 2016 - "This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."

:fear::fear:
 
MS Security Bulletin Summary - Nov 2016

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-nov
Nov 8, 2016 - "This bulletin summary lists security bulletins released for November 2016...
(Total of -14-)

Microsoft Security Bulletin MS16-129 - Critical
Cumulative Security Update for Microsoft Edge (3199057)
- https://technet.microsoft.com/library/security/MS16-129
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-130 - Critical
Security Update for Microsoft Windows (3199172)
- https://technet.microsoft.com/library/security/MS16-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-131 - Critical
Security Update for Microsoft Video Control (3199151)
- https://technet.microsoft.com/library/security/MS16-131
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-132 - Critical
Security Update for Microsoft Graphics Component (3199120)
- https://technet.microsoft.com/library/security/MS16-132
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-133 - Important
Security Update for Microsoft Office (3199168)
- https://technet.microsoft.com/library/security/MS16-133
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-134 - Important
Security Update for Common Log File System Driver (3193706)
- https://technet.microsoft.com/library/security/MS16-134
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-135 - Important
Security Update for Windows Kernel-Mode Drivers (3199135)
- https://technet.microsoft.com/library/security/MS16-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-136 - Important
Security Update for SQL Server (3199641)
- https://technet.microsoft.com/library/security/MS16-136
Important - Elevation of Privilege - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS16-137 - Important
Security Update for Windows Authentication Methods (3199173)
- https://technet.microsoft.com/library/security/MS16-137
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-138 - Important
Security Update for Microsoft Virtual Hard Disk Driver (3199647)
- https://technet.microsoft.com/library/security/MS16-138
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-139 - Important
Security Update for Windows Kernel (3199720)
- https://technet.microsoft.com/library/security/MS16-139
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-140 - Important
Security Update for Boot Manager (3193479)
- https://technet.microsoft.com/library/security/MS16-140
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-141 - Critical
Security Update for Adobe Flash Player (3202790)
- https://technet.microsoft.com/library/security/MS16-141
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-142 - Critical
Cumulative Security Update for Internet Explorer (3198467)
- https://technet.microsoft.com/library/security/MS16-142
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
___

MS16-129: http://www.securitytracker.com/id/1037245
MS16-130: http://www.securitytracker.com/id/1037241
MS16-131: http://www.securitytracker.com/id/1037242
MS16-132: http://www.securitytracker.com/id/1037243
MS16-133: http://www.securitytracker.com/id/1037246
MS16-134: http://www.securitytracker.com/id/1037252
MS16-135: http://www.securitytracker.com/id/1037251
MS16-136: http://www.securitytracker.com/id/1037250
MS16-137: http://www.securitytracker.com/id/1037249
MS16-138: http://www.securitytracker.com/id/1037248
MS16-139: http://www.securitytracker.com/id/1037253
MS16-140: http://www.securitytracker.com/id/1037255
MS16-141: http://www.securitytracker.com/id/1037240
MS16-142: http://www.securitytracker.com/id/1037247
___

- https://blogs.technet.microsoft.com/msrc/2016/11/08/november-2016-security-update-release/
Nov 8, 2016

Nov 2016 Office Update Release
- https://blogs.technet.microsoft.com...16/11/08/november-2016-office-update-release/
Nov 8, 2016 - "... there are -25- security updates (1 bulletin) and 39 non-security updates.
Security bulletins: MS16-133:
> https://technet.microsoft.com/en-us/library/security/ms16-133.aspx
All of the security and non-security updates for November are listed in KB article 3200802:
> https://support.microsoft.com/en-us/kb/3200802
A new version of Office 2013 Click-To-Run is available: 15.0.4875.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7176.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.microsoft.com/en-us/mt465751

November 2016 security monthly quality rollup
- https://support.microsoft.com/en-us/search?query=November 2016 security monthly quality rollup
___

ISC Analysis
- https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/
2016-11-08 - "Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:
- https://isc.sans.edu/mspatchdays.html?viewday=2016-11-08
2016-11-08

Qualys Analysis
- https://blog.qualys.com/laws-of-vul...ously-disclosed-browser-issues-and-sql-server
Nov 8, 2016 - "Today Microsoft released 14 security bulletins with six critical and eight important security fixes. It patched 0-day vulnerability CVE-2016-7255 in the MS16-135 which was actively attacked and disclosed by Google in their disclosure blog a few days ago. Since it is publicly disclosed and actively exploited it should be the top priority for organizations. Three more vulnerabilities that were previously disclosed before availability of patches were fixed. These three issues are in IE and Edge browser and were fixed in MS16-142 and MS16-129 respectively (CVE-2016-7227 for IE, CVE-2016-7199 and CVE-2016-7209 for Edge). Microsoft office bulletin MS16-133 contains fixes for 10 vulnerabilities that could allow attackers to take complete control of the system. In addition to these 10 fixes there is an information disclosure as well as a denial-of-service i.e crash which was fixed. Since office documents are prevalent in typical corporate environment I think this bulletin should be treated as critical even if it is rated as ‘Important’..."

.
 
Last edited:
MS to revamp documentation for security patches

FYI...

MS to revamp its documentation for security patches
Microsoft has eliminated individual patches from every Windows version, and Security Bulletins will go away soon, replaced by a spreadsheet with tools
> http://www.infoworld.com/article/31...p-its-documentation-for-security-patches.html
Nov 10, 2016 - "... Starting in January, per the Microsoft Security Response Center*, the Security Bulletins are going away..."
* https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/
"... After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide**."

Software Update Summary
** https://portal.msrc.microsoft.com/en-us/security-guidance/summary

> https://portal.msrc.microsoft.com/en-us/security-guidance

> https://portal.msrc.microsoft.com/en-us/

:fear::fear:
 
MS pulls KB 3197868 Win7 Security Rollup

FYI...

Microsoft pulls MS 3197868 Win7 Security Rollup
- https://www.askwoody.com/2016/micro...security-rollup-that-blew-apart-malwarebytes/
Nov 23, 2016

> https://www.catalog.update.microsoft.com/Search.aspx?q=3197868

- https://support.malwarebytes.com/cu...by-the-kernel32-dll-false-positive-?b_id=6442
11.11.2016 - "... false positive was caused by Microsoft not digitally signing over 500 files included in "November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)". Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future..."
___

‘Appears to have been restored:
> https://www.catalog.update.microsoft.com/Search.aspx?q=3197868
Last Updated: 11/23/2016

:fear::fear::fear:
 
Last edited:
MS Security Bulletin Summary - December 2016

FYI...

- https://technet.microsoft.com/en-us/library/security/ms16-dec
Dec 13, 2016 - "This bulletin summary lists security bulletins released for December 2016...
Note: As a reminder, the 'Security Updates Guide'* will be replacing security bulletins as of February 2017...
* https://portal.msrc.microsoft.com/en-us/security-guidance

Microsoft Security Bulletin MS16-144 - Critical
Cumulative Security Update for Internet Explorer (3204059)
- https://technet.microsoft.com/library/security/ms16-144
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-145 - Critical
Cumulative Security Update for Microsoft Edge (3204062)
- https://technet.microsoft.com/library/security/ms16-145
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-146 - Critical
Security Update for Microsoft Graphics Component (3204066)
- https://technet.microsoft.com/library/security/ms16-146
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-147 - Critical
Security Update for Microsoft Uniscribe (3204063)
- https://technet.microsoft.com/library/security/ms16-147
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-148 - Critical
Security Update for Microsoft Office (3204068)
- https://technet.microsoft.com/library/security/ms16-148
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-149 - Important
Security Update for Microsoft Windows (3205655)
- https://technet.microsoft.com/library/security/ms16-149
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-150 - Important
Security Update for Secure Kernel Mode (3205642)
- https://technet.microsoft.com/library/security/ms16-150
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-151 - Important
Security Update for Windows Kernel-Mode Drivers (3205651)
- https://technet.microsoft.com/library/security/ms16-151
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-152 - Important
Security Update for Windows Kernel (3199709)
- https://technet.microsoft.com/library/security/ms16-152
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-153 - Important
Security Update for Common Log File System Driver (3207328)
- https://technet.microsoft.com/library/security/ms16-153
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-154 - Critical
Security Update for Adobe Flash Player (3209498)
- https://technet.microsoft.com/library/security/ms16-154
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS16-155 - Important
Security Update for .NET Framework (3205640)
- https://technet.microsoft.com/library/security/ms16-155
Important - Information Disclosure - Requires restart - Microsoft Windows, Microsoft .NET Framework
___

MS16-144: http://www.securitytracker.com/id/1037448
MS16-145: http://www.securitytracker.com/id/1037444
MS16-146: http://www.securitytracker.com/id/1037438
MS16-147: http://www.securitytracker.com/id/1037440
MS16-148: http://www.securitytracker.com/id/1037441
MS16-149: http://www.securitytracker.com/id/1037450
MS16-150: http://www.securitytracker.com/id/1037451
MS16-151: http://www.securitytracker.com/id/1037452
MS16-152: http://www.securitytracker.com/id/1037453
MS16-153: http://www.securitytracker.com/id/1037454
MS16-154: http://www.securitytracker.com/id/1037449
MS16-155: http://www.securitytracker.com/id/1037455
___

Dec 2016 Office Update Release
- https://blogs.technet.microsoft.com...16/12/13/december-2016-office-update-release/
Dec 13, 2016 - "... This month, there are -24- security updates (1 bulletin) and 44 non-security updates.
Security bulletins: MS16-148:
- https://technet.microsoft.com/en-us/library/security/ms16-148.aspx
All of the security and non-security updates are listed in KB article 3208595:
- https://support.microsoft.com/en-us/kb/3208595
A new version of Office 2013 Click-To-Run is available: 15.0.4885.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7177.5000 ..."
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
2016-12-13

Qualys Analysis
- https://blog.qualys.com/laws-of-vul...ends-2016-with-15-increase-in-bulletin-volume
Dec 13, 2016

.
 
Last edited:
MS Security Bulletin Summary - Jan 2017

FYI...

- https://technet.microsoft.com/en-us/library/security/ms17-jan
Jan 10, 2017 - "This bulletin summary lists security bulletins released for January 2017...
Note: There are no security fixes or quality improvements for Windows 8.1 or Windows Server 2012 R2 for release on Update Tuesday for January 2017. As such, there is no Security -Only- Quality Update or Security -Monthly- Quality Rollup release for these platforms this month...
(Total of -4-)

Microsoft Security Bulletin MS17-001 - Important
Security Update for Microsoft Edge (3214288)
- https://technet.microsoft.com/library/security/MS17-001
Important - Elevation of Privilege - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS17-002 - Critical
Security Update for Microsoft Office (3214291)
- https://technet.microsoft.com/library/security/ms17-002
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS17-003 - Critical
Security Update for Adobe Flash Player (3214628)
- https://technet.microsoft.com/library/security/ms17-003
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS17-004 - Important
Security Update for Local Security Authority Subsystem Service (3216771)
- https://technet.microsoft.com/library/security/ms17-004
Important - Denial of Service - Requires restart - Microsoft Windows
___

MS17-001: http://www.securitytracker.com/id/1037573
MS17-002: http://www.securitytracker.com/id/1037568
- http://www.securitytracker.com/id/1037569
MS17-003: http://www.securitytracker.com/id/1037570
MS17-004: http://www.securitytracker.com/id/1037571
___

Security Updates Guide
- https://portal.msrc.microsoft.com/en-us/security-guidance
10-Jan-2017 - January 2017 Security Updates
Total items: 34
[Note: There are -some- updates listed for Win8.1 and WinSvr2012 R2 here.]
___

Security Advisories
- https://technet.microsoft.com/en-us/security/advisories#APUMA

- https://technet.microsoft.com/library/security/2755801
1/10/2017 - 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge

- https://technet.microsoft.com/en-us/library/security/mt745127.aspx

- https://technet.microsoft.com/library/security/3214296.aspx
Jan 10, 2017 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege
___

January 2017 Office Update Release
- https://blogs.technet.microsoft.com...017/01/10/january-2017-office-update-release/
Jan 10, 2017 - "... This month, there are -2- security updates (1 bulletin) and -31- non-security updates.
Security bulletins: MS17-002: https://technet.microsoft.com/en-us/library/security/ms17-002.aspx
All of the security and non-security updates are listed in KB article 3214449:
- https://support.microsoft.com/en-us/kb/3214449
A new version of Office 2013 Click-To-Run is available: 15.0.4893.1002 ..."
___

ISC Analysis
- https://isc.sans.edu/mspatchdays.html?viewday=2017-01-10
2017-01-10

Qualys Analysis
- https://blog.qualys.com/laws-of-vul...-starts-2017-with-record-low-security-updates
Jan 10, 2017 - "... in the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch month ever. Patches were released for Microsoft Office, the Edge browser and LSASS. It’s an unusually small patch update and will definitely make system administrators happy. For Windows server 2008 administrators, on top of the list is the LSASS or Local Security Authority Subsystem Service bulletin MS17-004 which is a denial-of-service condition which could allow unauthenticated attackers to trigger an automatic reboot. To exploit the vulnerability an unauthenticated attacker could send a specially crafted authentication request which would lead in the reboot condition. This vulnerability i.e. CVE-2017-0004 was publically disclosed before the availability of the patch and PoC exploit could become available soon. Windows 7 and Vista are also affected.
Top on the priority list for workstations is the critical Office bulletin MS17-002 which applies to Word 2016 and SharePoint 2016. An attacker could send a malicious file as an attachment and could take complete control of the system if the file is opened with the affected software.
Microsoft Edge bulletin MS17-001 affects Windows 10 and Windows Server 2016. It allows an attacker to access information from one domain and inject it into another domain resulting into getting elevated privileges. This vulnerability i.e. CVE-2017-0002 was publically disclosed before the availability of the patch.
It is also worth noting that starting next month Microsoft will scrap the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database and instead of having to poke through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates..."

.
 
Last edited:
MS WMF 5.1 released

FYI...

MS WMF 5.1 released - PowerShell 5.1 for Windows 7 and later
- https://blogs.msdn.microsoft.com/po...indows-management-framework-wmf-5-1-released/
Jan 19, 2017 - "... we are releasing the Windows Management Framework (WMF) 5.1 today via the Microsoft download center:
> http://www.microsoft.com/en-us/download/details.aspx?id=54616
WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition. You can find out more about the WMF 5.1 release in the Release Notes:
> https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes
Please note that for Windows 7 and Windows Server 2008 R2 the installation instructions have changed significantly. Please read the Install and Configure topic in the release notes. We have removed the requirement for pre-installing WMF 4 on Windows 7 and Windows Server 2008 R2, but to do so we had create a script for checking the prerequisites that accompanies the MSU in a ZIP file. This affects only Windows 7 and Windows Server 2008 R2. The Install and Configure topic* in the release notes provides details on using the script..."
* https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure

:fear:
 
Win10 v1607 media available

FYI...

Windows 10 v1607 media now available
- https://blogs.technet.microsoft.com/windowsitpro/2017/01/19/windows-10-v1607-media-now-available/
Jan 19, 2017 - "On November 29th, Windows 10, version 1607 was -declared- the Current Branch for Business (CBB), indicating that Microsoft, independent software vendors (ISVs), partners, and customers -believe- that the release is ready for broad deployment. Today we are releasing updated media for Windows 10 v1607 (also known as the Windows 10 Anniversary Update) on Windows Update for Business, Windows Server Update Services (WSUS), and MSDN Subscriptions. We will also be releasing -updated-refreshed- media for Windows 10, version 1607 to the Volume Licensing Service Center (VLSC) on January 26, 2017...
End of servicing for Windows 10, version 1507:
With the availability of Windows 10, version 1607 to the VLSC on January 26th, the 60-day grace period for Windows 10, version 1507 will begin. That means, after March 26th, 2017, Windows 10, version 1507 will no longer be serviced as only the two most Current Branch for Business (CBB) versions are actively serviced...
Additional information:
For the latest list of Windows 10 feature updates, and current versions by servicing option, see our Windows 10 release information page*..."
* https://technet.microsoft.com/en-us/windows/mt679505.aspx
___

Microsoft’s Release Process Prompts Update Confusion
> http://windowssecrets.com/patch-watch/microsofts-release-process-prompts-update-confusion/
Jan 24, 2017
___

Windows 10 Version 1607 and Windows Server 2016
January 26, 2017—KB 3216755 (OS Build 14393.726)
- https://support.microsoft.com/en-us/help/4011347/windows-10-update-kb3216755
. Update replacement information: This update replaces the previously released update KB3213986.
Last Review: Jan 26, 2017 - Rev: 2
___

Windows 10 update KB 3216755
> http://www.infoworld.com/article/31...-distribute-windows-10-update-kb-3216755.html
Jan 27, 2017 - "... The latest cumulative update is only available in the Update Catalog":
> http://www.catalog.update.microsoft.com/Search.aspx?q=3216755

:confused: :fear: :spider:
 
Last edited:
MS Feb 2017 Patches delayed

FYI...

MS Patches delayed
- https://isc.sans.edu/diary.html?storyid=22066
Feb 14, 2017 - "Microsoft delayed the release of all bulletins* scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused the delay... we do not know when Microsoft will release it's February patches. There is still the unpatched SMB 3 DoS vulnerability... hoped to be addressed in this round..."

* https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Feb 14, 2017 - "... This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates..."

:fear::fear:
 
MS February Patch Tuesday Now Rolled into March

FYI...

Microsoft February Patch Tuesday Now Rolled into March Update
- https://isc.sans.edu/diary.html?storyid=22072
2017-02-16 - "Microsoft earlier today updated its blog post* about the "skipped" February patch Tuesday with a note that "We will deliver updates as part of the planned March Update Tuesday, March 14, 2017." March 14th is the March Patch Tuesday date, so February's updates will be combined with the March update. Probably overall the least disruptive solution at this point."

* https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
___

Windows Update issues may be at root of February's patch delay
- http://www.computerworld.com/articl...-may-be-at-root-of-februarys-patch-delay.html
Feb 15, 2017

:fear::fear:
 
Last edited:
MS Security Bulletin MS17-005

FYI...

Microsoft Security Bulletin MS17-005 - Critical
Security Update for Adobe Flash Player (4010250)
- https://technet.microsoft.com/en-us/library/security/MS17-005
Feb 21, 2017 - "This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016..."

- https://support.microsoft.com/en-us...pdate-for-adobe-flash-player-february-21-2017
Last Review: Feb 21, 2017 - Rev: 28

- https://isc.sans.edu/diary.html?storyid=22097
2017-02-21 23:55:22 UTC

- https://blogs.technet.microsoft.com...-flash-player-security-vulnerability-release/
Feb 21, 2017
___

Unpatched MS Edge and IE Bug
- https://isc.sans.edu/diary.html?storyid=22115
2017-02-25
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0037
Last revised: 02/26/2017

:fear::fear:
 
Last edited:
MS March 2017 Non-Security Office Update Release

FYI... ("March madness" begins)

March 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com...arch-2017-non-security-office-update-release/
Mar 7, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information."

Office 2013
Update for Microsoft Office 2013 (KB3162058)
> http://support.microsoft.com/KB/3162058
Update for Microsoft Office 2013 (KB3162039)
> http://support.microsoft.com/KB/3162039
Update for Microsoft OneDrive for Business (KB3178645)
> http://support.microsoft.com/KB/3178645
Update for Microsoft Project 2013 (KB3178650)
> http://support.microsoft.com/KB/3178650
Update for Microsoft Visio 2013 (KB3172437)
> http://support.microsoft.com/KB/3172437

Office 2016
Update for Microsoft Access 2016 (KB3128054)
> http://support.microsoft.com/KB/3128054
Update for Microsoft Office 2016 (KB3141452)
> http://support.microsoft.com/KB/3141452
Update for Microsoft OneDrive for Business (KB3141458)
> http://support.microsoft.com/KB/3141458
Update for Microsoft Office 2016 (KB3178661)
> http://support.microsoft.com/KB/3178661
Update for Microsoft Office 2016 (KB3178663)
> http://support.microsoft.com/KB/3178663
Update for Microsoft Office 2016 (KB3178668)
> http://support.microsoft.com/KB/3178668
Update for Microsoft Office 2016 (KB3178660)
> http://support.microsoft.com/KB/3178660
Update for Microsoft Office 2016 (KB3178655)
> http://support.microsoft.com/KB/3178655
Update for Microsoft PowerPoint 2016 (KB3178657)
> http://support.microsoft.com/KB/3178657
Update for Microsoft Project 2016 (KB3178669)
> http://support.microsoft.com/KB/3178669
Update for Microsoft Publisher 2016 (KB3128047)
> http://support.microsoft.com/KB/3128047
Update for Microsoft Visio 2016 (KB3178654)
> http://support.microsoft.com/KB/3178654

:fear::fear:
 
MS Security Updates - March 2017

FYI...

- https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-update-release/
Mar 14, 2017 - "Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide*..."

Security Update Guide
* https://portal.msrc.microsoft.com/en-us/security-guidance
14-Mar-17

March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.microsoft.com/en-us...-windows-7-sp1-and-windows-server-2008-r2-sp1
Mar 14, 2017 - Rev: 11

Windows 8.1 and Windows Server 2012 R2 update history
- https://support.microsoft.com/en-us/help/24717/windows-8-1-and-windows-server-2012-r2-update-history
Mar 14, 2017 - Rev: 129

March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
- https://support.microsoft.com/en-us...te-for-windows-8-1-and-windows-server-2012-r2
Mar 14, 2017 - Rev: 11

Windows 10 Version 1607 and Windows Server 2016
KB4013429 (OS Build 14393.953)
- https://support.microsoft.com/en-us/help/4013429/windows-10-update-kb4013429
Mar 14, 2017 - Rev: 48

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012213

> https://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429
___

Microsoft Security Bulletin Summary for March 2017
- https://technet.microsoft.com/en-us/library/security/ms17-mar
Mar 14, 2017 - "This bulletin summary lists security bulletins released for March 2017..."
(18 total)

Microsoft Security Bulletin MS17-006 - Critical
Cumulative Security Update for Internet Explorer (4013073)
- https://technet.microsoft.com/library/security/MS17-006
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Internet Explorer

Microsoft Security Bulletin MS17-007 - Critical
Cumulative Security Update for Microsoft Edge (4013071)
- https://technet.microsoft.com/library/security/MS17-007
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS17-008 - Critical
Security Update for Windows Hyper-V (4013082)
- https://technet.microsoft.com/library/security/MS17-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-009 - Critical
Security Update for Microsoft Windows PDF Library (4010319)
- https://technet.microsoft.com/library/security/MS17-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)
- https://technet.microsoft.com/library/security/MS17-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-011 - Critical
Security Update for Microsoft Uniscribe (4013076)
- https://technet.microsoft.com/library/security/MS17-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-012 - Critical
Security Update for Microsoft Windows (4013078)
- https://technet.microsoft.com/library/security/MS17-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.microsoft.com/library/security/MS17-013
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight

Microsoft Security Bulletin MS17-014 - Important
Security Update for Microsoft Office (4013241)
- https://technet.microsoft.com/library/security/MS17-014
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps,
Microsoft Server Software, Microsoft Communications Platforms and Software

Microsoft Security Bulletin MS17-015 - Important
Security Update for Microsoft Exchange Server (4013242)
- https://technet.microsoft.com/library/security/MS17-015
Important - Remote Code Execution - Requires restart - Microsoft Exchange

Microsoft Security Bulletin MS17-016 - Important
Security Update for Windows IIS (4013074)
- https://technet.microsoft.com/library/security/MS17-016
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-017 - Important
Security Update for Windows Kernel (4013081)
- https://technet.microsoft.com/library/security/MS17-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-018 - Important
Security Update for Windows Kernel-Mode Drivers (4013083)
- https://technet.microsoft.com/library/security/MS17-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-019 - Important
Security Update for Active Directory Federation Services (4010320)
- https://technet.microsoft.com/library/security/MS17-019
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-020 - Important
Security Update for Windows DVD Maker (3208223)
- https://technet.microsoft.com/library/security/MS17-020
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-021 - Important
Security Update for Windows DirectShow (4010318)
- https://technet.microsoft.com/library/security/MS17-021
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-022 - Important
Security Update for Microsoft XML Core Services (4010321)
- https://technet.microsoft.com/library/security/MS17-022
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS17-023 - Critical
Security Update for Adobe Flash Player (4014329)
- https://technet.microsoft.com/library/security/MS17-023
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

MS17-006: http://www.securitytracker.com/id/1038008
MS17-007: http://www.securitytracker.com/id/1038006
MS17-008: http://www.securitytracker.com/id/1037999
MS17-009: http://www.securitytracker.com/id/1037989
MS17-010: http://www.securitytracker.com/id/1037991
MS17-011: http://www.securitytracker.com/id/1037992
MS17-012: http://www.securitytracker.com/id/1038001
MS17-013: http://www.securitytracker.com/id/1038002
MS17-014: http://www.securitytracker.com/id/1038010
- http://www.securitytracker.com/id/1038019
- http://www.securitytracker.com/id/1038020
MS17-015: http://www.securitytracker.com/id/1038011
MS17-016: http://www.securitytracker.com/id/1038012
MS17-017: http://www.securitytracker.com/id/1038013
MS17-018: http://www.securitytracker.com/id/1038017
MS17-019: http://www.securitytracker.com/id/1038018
MS17-020: http://www.securitytracker.com/id/1038015
MS17-021: http://www.securitytracker.com/id/1038016
MS17-022: http://www.securitytracker.com/id/1038014
___

March 2017 Office Update Release
- https://blogs.technet.microsoft.com.../2017/03/14/march-2017-office-update-release/
Mar 14, 2017 - "... This month, there are 28 security updates (2 bulletin) and 27 non-security updates.
Security bulletins:
MS17-013: https://technet.microsoft.com/en-us/library/security/ms17-013.aspx
MS17-014: https://technet.microsoft.com/en-us/library/security/ms17-014.aspx
All of the security and non-security updates are listed in KB article 4013886
- https://support.microsoft.com/en-us/help/4013886/march-14-2017-update-for-microsoft-office
A new version of Office 2013 Click-To-Run is available: 15.0.4911.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7179.5002"
___

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=22185
Mar 14 2017 - "... large number of bulletins (18 total, which includes the Adobe Flash bulletin)
... You can review the patch summary here:
> https://isc.sans.edu/mspatchdays.html?viewday=2017-03-14 "

Qualys Analysis:
- https://blog.qualys.com/laws-of-vul...sive-security-update-from-microsoft-for-march
Mar 14, 2017 - "Today Microsoft released a massive security update consisting of 17 security bulletins that fixed a total of -134- vulnerabilities. Out of the 17 security bulletins 8 were marked as Critical which could lead to remote code execution while the remaining were marked as Important. Since there were no patches released for February, in one way, a massive update was expected this month. We also liked the fact that Microsoft kept the older way of clubbing KB articles and patches in security bulletins which, in our opinion, is easy to read and provides better overall picture... Overall today is going to be very busy for IT department in organizations of all sizes due to the large number of client as well as server patches to be installed. But most people will be pleasantly surprised as Microsoft kept the older way of clubbing KB articles into security bulletins."

:fear::fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top