Jump to content


Photo

MS Security Updates - July 2017


  • Please log in to reply
2 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,859 posts

Posted 11 July 2017 - 12:21 PM

FYI...

MS Security Updates - July 2017

- https://portal.msrc....curity-guidance
[Total items: 989] [Page: 1/10] - 7/11/2017

MS Security Update Summary
> https://portal.msrc....uidance/summary
Total items: 63 - 7/11/2017

 

> https://blogs.techne...update-release/
July 11, 2017 - "Today, we released security updates to provide additional protections against malicious attackers..."

Release Notes - July 2017 Security Updates
- https://portal.msrc....dc-000d3a32fc99
July 11, 2017 - "The July security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    .NET Framework
    Adobe Flash Player
    Microsoft Exchange Server..."

___

MS Office updates
> https://blogs.techne...update-release/
July 11, 2017 - "... This month, there are -17- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4033107*..."
* - https://support.micr...icrosoft-office
Last Review: Jul 11, 2017 - Rev: 12
"... Microsoft released the following security and nonsecurity updates. These monthly updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you..."

Office 2016, Office 2013, Office 2010, Office 2007
___

Additional information/reference:
- http://www.securityt....com/id/1038848
- http://www.securityt....com/id/1038849
- http://www.securityt....com/id/1038850
- http://www.securityt....com/id/1038851
- http://www.securityt....com/id/1038852
- http://www.securityt....com/id/1038853
- http://www.securityt....com/id/1038854
- http://www.securityt....com/id/1038855
- http://www.securityt....com/id/1038856
- http://www.securityt....com/id/1038857
- http://www.securityt....com/id/1038858
- http://www.securityt....com/id/1038859
- http://www.securityt....com/id/1038860
- http://www.securityt....com/id/1038861
- http://www.securityt....com/id/1038862
- http://www.securityt....com/id/1038863
- http://www.securityt....com/id/1038864
- http://www.securityt....com/id/1038865
- http://www.securityt....com/id/1038866
___

ghacks.net:
- https://www.ghacks.n...y-2017-release/
July 11, 2017 - "... Executive Summary:
 Microsoft released security updates for all client and server versions of Windows that the company supports.
 All operating systems are affected by critical vulnerabilities.
 Security updates have been released for other Microsoft products as well including Microsoft Office, Microsoft Edge, and Internet Explorer.
 Windows 10 version 1507 won't receive security updates anymore.
Operating System Distribution:
 Windows 7: 22 vulnerabilities of which 2 are rated critical, 19 important, and 1 moderate
 Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate
 Windows RT 8.1: 21 vulnerabilities of which 2 are rated critical, and 21 important
 Windows 10 version 1703: 27 vulnerabilities of which 2 are rated critical, 23 important and 1 moderate ..."
(More at the ghacks URL above.)
___

- https://www.thezdi.c...y-update-review
July 11, 2017 - "... 57 security patches impacting Windows, Internet Explorer, Edge, Office, SharePoint, .NET Framework, Exchange, and Hololens... some of these vulns were first disclosed to Microsoft during the most recent Pwn2Own competition back in March... all affected vendors were able to produce patches within 120 days... A few of the CVEs addressed by Microsoft this month deserve some extra attention..."

CVE-2017-8463 | Windows Explorer Remote Code Execution Vulnerability
Security Vulnerability
- https://portal.msrc....y/CVE-2017-8463
7/11/2017
CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability
Security Vulnerability
> https://portal.msrc....y/CVE-2017-8584
7/11/2017
___

Qualys analysis: https://blog.qualys....l-adobe-patches
July 11, 2017 - "Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.
Top priority for patching should go to CVE-2017-8589*, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya... Today’s release is normal in size, and covers 54 vulnerabilities in Windows, Internet Explorer, Edge, Office, .net Framework, Adobe Flash, and Exchange..."
* https://portal.msrc....y/CVE-2017-8589

.


Edited by AplusWebMaster, 12 July 2017 - 05:19 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,859 posts

Posted 15 July 2017 - 02:03 PM

FYI...

Patch Watch: July’s releases fix June’s Issues
> http://windowssecret...x-junes-issues/
July 13, 2017
"... Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply."
___

> https://www.askwoody.com/
"Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 15 July 2017 - 02:41 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,859 posts

Posted 17 July 2017 - 09:42 AM

FYI... MS yanks bad Outlook patches...

Outlook 2010 (KB4011042)
- https://support.micr...-2010-kb4011042
Last Review: Jul 11, 2017 - Rev: 17
"Notice: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2013 (KB3191849)
- https://support.micr...-2013-kb3191849
Last Review: Jul 11, 2017 - Rev: 19
"Notice: Update 3191849 for Microsoft Outlook 2013 that was released on June 27, 2017, is not currently available. This article will be updated as soon as the update is available again..."

Outlook 2016 (KB3213654)
- https://support.micr...-2016-kb3213654
Last Review: Jul 11, 2017 - Rev: 21
"Notice: Update 3213654 for Microsoft Outlook 2016 that was released on June 30, 2017, is not currently available. This article will be updated as soon as the update is available again..."

... as of July 17, 2017
___

Win7 SP1 and Windows Server 2008 R2 SP1
... 2017 July monthly rollup
- https://support.micr...pdate-kb4025341
Last Review: Jul 14, 2017 - Rev: -40-
___

- https://www.askwoody...3213654-401042/
July 15, 2017
- http://www.computerw...654-401042.html
July 15, 2017 - "... earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook."
___

Win10: https://blogs.msmvps...ms-another-way/
July 17, 2017 - "Next way to get 1703 on systems – again go back to that download page:

- https://www.microsof...nload/windows10
and use the download tool to make the iso/media. Park the iso on a network share and expand it out.
Next use the command switches noted in this blog post:
https://blogs.techne...-line-switches/
Specifically you want to ensure that you do -not- trigger a 'clean install' but an upgrade."

Tracking known issues with Win10 1703:
> https://techcommunit...1703/td-p/67122
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, Today, 07:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!