Jump to content


Photo

MS Security Updates - Oct 2017


  • Please log in to reply
2 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,971 posts

Posted 11 October 2017 - 07:01 AM

FYI...

October 2017 security update release
- https://blogs.techne...update-release/
Oct 10, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

- https://portal.msrc....e2-000d3a32fc99
Oct 10, 2017 - "The October security release consists of security updates for the following software:
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• Skype for Business and Lync
• Chakra Core ...

Known issues:
- https://support.micr...us/help/4041691
- https://support.micr...us/help/4042895
- https://support.micr...us/help/4041676
- https://support.micr...us/help/4041681
"... Microsoft is working on a resolution and will provide an update in an upcoming release."

Security Update Summary
> https://portal.msrc....uidance/summary
10/10/2017
___

October 2017 Office Update Release
- https://blogs.techne...update-release/
Oct 10, 2017 - "... This month, there are 26 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4043461*.
A new version of Office 2013 Click-To-Run is available: 15.0.4971.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7189.5001

* https://support.micr...icrosoft-office
Last Review: Oct 10, 2017 - Rev: 10
___

Additional information:
- http://www.securityt....com/id/1039526
- http://www.securityt....com/id/1039527
- http://www.securityt....com/id/1039528
- http://www.securityt....com/id/1039529
- http://www.securityt....com/id/1039530

- http://www.securityt....com/id/1039532
- http://www.securityt....com/id/1039533
- http://www.securityt....com/id/1039534
- http://www.securityt....com/id/1039535
- http://www.securityt....com/id/1039536

- http://www.securityt....com/id/1039537
- http://www.securityt....com/id/1039538
- http://www.securityt....com/id/1039539
- http://www.securityt....com/id/1039540
- http://www.securityt....com/id/1039541

- http://www.securityt....com/id/1039542
___

ghacks.net: https://www.ghacks.n...r-2017-release/
Oct 10, 2017 - "... Our monthly series provides you with information on Microsoft's Patch Day. It features an overview of all security and non-security updates that Microsoft released since the last Patch day in September 2017. The monthly guide lists how different versions of Windows -- client and server -- and Microsoft's browsers Edge and Internet Explorer are affected. It features links to resources, direct download links for cumulative Windows updates, new and updated security advisories, and information on how to download the updates to Windows machines...
 Windows 7: 20 vulnerabilities of which 5 are rated critical, 15 important
 Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 17 important
 Windows 10 version 1607: 29 vulnerabilities, 6 critical, 23 important
 Windows 10 version 1703: 29 vulnerabilities of which 6 are rated critical, 23 important ..."
(More detail at the URL above.)

Qualys analysis: https://blog.qualys....vulnerabilities
Oct 10, 2017 - "Today Microsoft released patches covering 62 vulnerabilities as part of August’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild. Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.
Also of note are two vulnerabilities in the Windows font library, CVE-2017-11762 and CVE-2017-11763, that can be exploited through a browser or malicious file, as well as a vulnerability in DNSAPI, CVE-2017-11779, that could allow a malicious DNS server to execute code on a client system.
A vulnerability in certain TPM chips is addressed by ADV170012. This vulnerability is in the TPM chip itself, and not in Windows, but could result in weak cryptographic keys. These keys are used for BitLocker, Biometric auth, and other areas of Windows. The updates provide a workaround for the weak keys leveraging additional logging and an option to use software-derived keys. Full remediation requires a firmware update from the device manufacturer.
As with several of the last Patch Tuesdays, the majority of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser..."
___

- https://www.us-cert....ecurity-Updates
Oct 10, 2017
 

:ninja: :ninja: :ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,971 posts

Posted 12 October 2017 - 06:45 AM

FYI...

Microsoft 'Patch Tuesday' problems ...
... It's been less than a day since the Patch Tuesday patches rolled out, and we're already seeing lots of complaints – and a few unexpected explanations
- https://www.computer...y-problems.html
Oct 11, 2017

... Every version of Windows gets patched, as well as Edge, IE, Skype for Business and Office. Pay special attention to the Word zero-day, the DNS security problem, and the TPM patching madness....
- https://www.computer...veral-bugs.html
Oct 10, 2017
___

Microsoft patch problems persist...
... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computer...s-and-more.html
Oct 12, 2017
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 12 October 2017 - 02:38 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,971 posts

Posted 14 October 2017 - 08:14 AM

FYI...

Microsoft Dynamics 365 for Outlook is unable to render webpages after installing the October 2017 Microsoft Outlook security update
- https://support.micr...-webpages-after
Last Review: Oct 13, 2017 - Rev: 5

Fixes or workarounds for recent issues in Outlook for Windows
Applies To: Outlook 2016 Outlook 2013
- https://support.offi...&rs=en-US&ad=US
Last updated: October 2017
___

- https://askwoody.com/ms-defcon-system/
"... Current Microsoft patches are causing havoc. Don’t patch."

... Blue screens, bungled releases, stealthy .NET upgrades, CRM blocks and complex manual fixes
- https://www.computer...s-and-more.html
Oct 12, 2017
___

> https://askwoody.com...ates-and-krack/
Oct 17, 2017 - "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

Excel, Access, external DB driver errors linked to this month’s patches
... If you’re seeing new “Unexpected error from external database driver” error messages, chances are good you recently installed KB 4041681 (Win7), KB4041676 (Win10 1703), or any of this month's Windows security patches
- https://www.computer...-s-patches.html
Oct 17, 2017
___

Windows 7 SP1 and Windows Server 2008 R2 SP1
Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...pdate-kb4041681
Oct 17, 2017 - "... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 17

Windows 7 SP1 and Windows Server 2008 R2 SP1
October 17, 2017—KB4041686 (Preview of Monthly Rollup)
- https://support.micr...pdate-kb4041686
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
Last Review: Oct 17, 2017 - Rev: 10
___

MS ADV170018 | October Flash Security Update
> https://portal.msrc....isory/ADV170018
10/17/2017
___

Announcing the .NET Framework 4.7.1
- https://blogs.msdn.m...ramework-4-7-1/
October 17, 2017

Windows 10 release information
- https://technet.micr...lease-info.aspx
Latest revision date - 10/17/2017 - 'Microsoft recommends'
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, Yesterday, 03:52 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





3 user(s) are reading this topic

1 members, 2 guests, 0 anonymous users


Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!