Jump to content


MS Security Updates - Sept 2017

  • Please log in to reply
2 replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 10,936 posts

Posted 12 September 2017 - 12:26 PM


- https://blogs.techne...update-release/
Sep 12, 2017 - "... we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

- https://portal.msrc....dd-000d3a32fc99
Sep 12, 2017 - "The September security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Adobe Flash Player
    Skype for Business and Lync
    .NET Framework
    Microsoft Exchange Server ..."

> https://portal.msrc....uidance/summary
Total items: 96 - Page: 1/1

Sept 2017 Office Update Release
- https://blogs.techne...update-release/
Sep 12, 2017 - "... This month, there are -45- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4040279*.
* https://support.micr...icrosoft-office
Last Review: Sep 12, 2017 - Rev: 9

A new version of Office 2013 Click-To-Run is available: 15.0.4963.1002

A new version of Office 2010 Click-To-Run is available: 14.0.7188.5002"

Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.micr...ices-changes-in
Last Review: Sep 12, 2017 - Rev: 125

Additional info:
- http://www.securityt....com/id/1039320
- http://www.securityt....com/id/1039322
- http://www.securityt....com/id/1039323
- http://www.securityt....com/id/1039324
- http://www.securityt....com/id/1039325

- http://www.securityt....com/id/1039326
- http://www.securityt....com/id/1039327
- http://www.securityt....com/id/1039328
- http://www.securityt....com/id/1039329
- http://www.securityt....com/id/1039330

- http://www.securityt....com/id/1039331
- http://www.securityt....com/id/1039333
- http://www.securityt....com/id/1039337
- http://www.securityt....com/id/1039338
- http://www.securityt....com/id/1039339

- http://www.securityt....com/id/1039340
- http://www.securityt....com/id/1039341
- http://www.securityt....com/id/1039342
- http://www.securityt....com/id/1039343
- http://www.securityt....com/id/1039344

- http://www.securityt....com/id/1039352
- http://www.securityt....com/id/1039369

Qualys analysis: https://blog.qualys....l-adobe-patches
Sep 12, 2017 - "Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering -27- of these vulnerabilities are labeled as -Critical- and -39- can result in Remote Code Execution (RCE).  According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.
Out of the 26 vulnerabilities that are both Critical and RCE, -22- of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser. Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp."

ghacks.net: https://www.ghacks.n...r-2017-release/
Sep 12, 2017 - "... Executive Summary:
Microsoft released security patches for all versions of Windows. Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.
Operating System Distribution:
- Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
- Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
- Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important
Windows Server products:
- Windows Server 2008 R2: 23  vulnerabilities, of which 3 are rated critical, 20 important
- Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
- Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important
Other Microsoft Products:
- Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
- Microsoft Edge: 28 vulnerabilities, 19 critical,  7 important, 2 moderate..."

- https://www.us-cert....ecurity-Updates
Sep 12, 2017

:ninja: :ninja:

Edited by AplusWebMaster, 16 September 2017 - 08:29 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

#2 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 10,936 posts

Posted 19 September 2017 - 07:54 AM


MS Sep 2017 patch issues
> https://www.askwoody.com/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

Outlook security patches intentionally break custom forms
> https://www.computer...stom-forms.html
Sep 19, 2017 - "... Those of you who have installed any of this month’s Outlook security patches:
Outlook 2007 KB 4011086:
> https://support.micr...eptember12-2017
Outlook 2010 KB 4011089:
> https://support.micr...eptember12-2017
Outlook 2013 KB 4011090:
> https://support.micr...eptember12-2017
Outlook 2016 KB 4011091:
> https://support.micr...eptember12-2017
... will have to dive into the Registry if you want to enable any custom form scripts, including the VBScript printing capability. It’s complicated, and the method varies, depending on which version of Office you’re using... Of course, Microsoft didn’t tell us about the change when it released the security patches. To this date, there’s no notice in the associated KB articles either. The change is intended to make it harder for bad guys to break into your computer. That’s a noble goal, but it sure could’ve been communicated in a much better way..."
>> https://www.slipstic...-form-security/
Sep 18, 2017

Ongoing list of problems with this month’s Win10 Creators Update cumulative update KB 4038788
- https://www.askwoody...ate-kb-4038788/
Sep 19, 2017
> https://support.micr...pdate-kb4038788
Last Review: Sep 18, 2017 - Rev: 40 - See: "Known issues in this update... Microsoft is working on a resolution and will provide an update in an upcoming release..."

Some OEM factory images causing devices to black screen
- https://support.micr...us/help/4043345
Last Review: Sep 18, 2017 - Rev: 8 - "After installing a Windows Store application update, some users may experience a black screen on their device for 5-10 minutes upon rebooting the OS.
Cause: Some OEM factory images create incorrect registry keys during image creation. These registry keys conflict with the app readiness service. After 5-10 minutes of black screen the user will regain use of their device. This issue is triggered on every reboot.
Resolution: Microsoft is working on a resolution and will provide an update in an upcoming release..."

Outlook.com was out for 18 hours in Europe
> https://www.askwoody...ours-in-europe/
Sep 19, 2017
- http://www.reuters.c...e-idUSKCN1BT2FY
Sep 18, 2017

Outlook outage map
>> http://downdetector....ms/outlook/map/

Skype messaging and connecting issues
- https://heartbeat.sk...connecting.html
Sep 18, 2017

Report of KB 4038777 breaking activation on Dell machines
- https://www.askwoody...-dell-machines/
Sep 18, 2017
> https://support.micr...pdate-kb4038777
Last Review: Sep 14, 2017 - Rev: 19

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.
Apparently there was no reboot testing on SP3 with the latest Win10 beta, and the SP3 bricks on reboot. Some SP4 owners have complained, too.
- https://www.computer...-shut-down.html
Sep 18, 2017

Outlook 2007 and 2010 security patches scramble languages, break printing on custom forms
> https://www.askwoody...n-custom-forms/
Sep 15, 2017

Outlook 2010 Tower of Babel patch KB 4011089 breaks VBScript print
In the second significant bug in Outlook security patches this month, installing the September Outlook 2010 security patch disables the VBScript print function in custom forms.
> https://www.computer...ript-print.html

> https://www.computer...ty-patches.html
Sep 14, 2017

> https://marc.info/?l...=1&b=201709&w=2

>> https://www.ghacks.n...ssues-overview/
2017-09-16 - "... it appears that the updates have caused quite a -large- number of issues that users and administrators experience when they install or try to install these patches..."

> https://portal.msrc....isory/ADV170015
Last Updated : 09/19/2017

Description of the security update for Outlook 2007
>> https://support.micr...eptember19-2017
Last Review: Sep 19, 2017 - Rev: 17
> https://www.catalog.....aspx?q=4011110

KB4038803 (Preview of Monthly Rollup)
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...pdate-kb4038803
Last Review: Sep 19, 2017 - Rev: 10

Cumulative Update 18 for Exchange Server 2013
- https://support.micr...nge-server-2013
Last Review: Sep 19, 2017 - Rev: 9

More to come?...

:ninja: :ninja: :ninja:

Edited by AplusWebMaster, 19 September 2017 - 04:22 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

#3 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 10,936 posts

Posted Yesterday, 05:26 AM


Email retrieval fails after installing Security Patch for Outlook 2010, 2013 and 2016
- https://www.veritas....ticle.000127958
2017-09-20 - "Problem: Users will not be able to retrieve emails after installing the associated Microsoft Outlook Security patch, listed below, released on September 12, 2017.
    KB4011089 for Outlook 2010
    KB4011090 for Outlook 2013
    KB4011091 for Outlook 2016
When this Microsoft Security patch for Outlook is installed on the client, users are unable to access archived emails.Upon double clicking on the shortcut it will open the shortcut only with the banner: "The item has archived by Enterprise vault. Click here to view the original link"
Outlook will become unresponsive, when clicking on the banner.
Cause: These Microsoft Office security updates have disabled scripts for custom forms. Enterprise Vault's archived item shortcuts are custom forms that require scripting for their retrieval functionality.
>> Note: Outlook clients without this patch are not affected..."

Custom form script is now disabled by default
Applies To: Outlook 2016 Outlook 2013 Outlook 2010 Outlook 2007
> https://support.offi...cc-d7cce0120e94
Last updated: Sep 19, 2017
ISSUE: Custom form script is now disabled by default and requires setting registry keys to re-enable it..."

Where we stand with messy September Windows and .NET patches
... Bugs galore — IE won’t start or looks odd, custom controls turn black, Edge goes AWOL — with Windows 10 Creators Update getting more than its fair share.
> https://www.computer...et-patches.html
Sep 21, 2017

Maintaining Windows 10 security tops list of enterprise challenges
- https://www.helpnets...ws-10-security/
Sep 21, 2017 - "Companies are experiencing significant challenges in their attempts to keep their endpoints secure. Maintaining Windows 10 security topped the list of challenges with over half of respondents to an Adaptiva survey indicating it can take a -month- or -more- for IT teams to execute Windows OS updates, which ultimately leaves systems vulnerable..."
(More detail at the helpnetsecurity URL above.)

:ninja: :ninja: :ninja:

Edited by AplusWebMaster, Yesterday, 05:39 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!