January 2017 Security Updates Release Notes

Security Updates / Bulletins / Advisories No Comments »

Release Date: January 10, 2017

The January security release consists of security updates for the following software:

  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Servers
  • Adobe Flash Player

Please note the following information regarding the security updates:

  • There are no security fixes or quality improvements for Windows 8.1 or Windows Server 2012 R2 for release on Update Tuesday for January 2017.  As such, there is no Security Only Quality Update or Security Monthly Quality Rollup release for these platforms this month.
  • Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article,  Further simplifying servicing models forWindows 7 and Windows 8.1.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Note As a reminder, the Security Updates Guide will be replacing security bulletins as of February 2017. Please see our blog post, Furthering our commitment to security updates, for more details.

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2d46a8e-2fcd-e611-80d6-000d3a32fc99

Microsoft Security Advisory Notification Issued: January 10, 2017

Security Updates / Bulletins / Advisories No Comments »

Security Advisories Released or Updated Today

* Microsoft Security Advisory 3214296
– Title: Vulnerabilities in Identity Model Extensions Token Signing
Verification
https://technet.microsoft.com/library/security/3214296.aspx
– Reason for Revision: V1.0 (January 10, 2017): Advisory
published.
– Originally posted: January 10, 2017
– Updated: N/A
– Version: 1.0

Microsoft Security Bulletin(s) for January 10, 2017

Security Updates / Bulletins / Advisories No Comments »

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://technet.microsoft.com/library/security/ms17-jan

Critical (2)

Microsoft Security Bulletin MS17-002
Security Update for Microsoft Office (3214291)
https://technet.microsoft.com/library/security/ms17-002

Microsoft Security Bulletin MS17-003
Security Update for Adobe Flash Player (3214628)
https://technet.microsoft.com/library/security/ms17-003

Important (2)

Microsoft Security Bulletin MS17-001
Security Update for Microsoft Edge (3199709)
https://technet.microsoft.com/library/security/ms17-001

Microsoft Security Bulletin MS17-004
Security Update for Local Security Authority Subsystem Service (3216771)
https://technet.microsoft.com/library/security/ms17-004

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

Note: Microsoft states that after the January 2017 Update Tuesday release, they will only publish update information to the https://portal.msrc.microsoft.com/en-us/

Microsoft Security Bulletin Releases Issued: December 19, 2016

Security Updates / Bulletins / Advisories No Comments »

Summary

The following bulletins have undergone a major revision increment.

* MS16-155 – Important

 

Bulletin Information:

MS16-155

– Title: Security Update for .NET Framework (3205640)
https://technet.microsoft.com/library/security/ms16-155.aspx
– Reason for Revision: Revised bulletin to announce that Security
and Quality Rollup updates 3210142 and 3205402 have been
rereleased with a detection change for WSUS customers that
removes a supersedence relationship between these and previously
released October Security-Only updates 3188736 and 3188730,
respectively. These are detection changes only. There were no
changes to the update files. Customers who have already
successfully installed any of these updates do not need to take
any action. For more information, see the Microsoft Knowledge
Base article for the respective update.

In addition, revised bulletin to announce that update 3210142 is
available for Windows Server 2008 for Itanium-based Systems
Service Pack 2, and that update 3205402 is available for Windows
Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers
should apply the applicable updates to be protected from the
vulnerabilities discussed in this bulletin. The majority of
customers have automatic updating enabled and will not need to
take any action because the updates will be downloaded and
installed automatically.

– Originally posted: December 13, 2016
– Updated: December 19, 2016
– Bulletin Severity Rating: Important
– Version: 2.0

Microsoft Security Bulletin(s) for December 13, 2016

Security Updates / Bulletins / Advisories No Comments »

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://technet.microsoft.com/library/security/ms16-dec

Critical (6)

Microsoft Security Bulletin MS16-144
Cumulative Security Update for Internet Explorer (3204059)
https://technet.microsoft.com/library/security/ms16-144

Microsoft Security Bulletin MS16-145
Cumulative Security Update for Microsoft Edge (3204062)
https://technet.microsoft.com/library/security/ms16-145

Microsoft Security Bulletin MS16-146
Security Update for Microsoft Graphics Component (3204066)
https://technet.microsoft.com/library/security/ms16-146

Microsoft Security Bulletin MS16-147
Security Update for Microsoft Uniscribe (3204063)
https://technet.microsoft.com/library/security/ms16-147

Microsoft Security Bulletin MS16-148
Security Update for Microsoft Office (3204068)
https://technet.microsoft.com/library/security/ms16-148

Microsoft Security Bulletin MS16-154
Security Update for Microsoft Office (3204068)
https://technet.microsoft.com/library/security/ms16-154

Important (6)

Microsoft Security Bulletin MS16-149
Security Update for Microsoft Windows (3205655)
https://technet.microsoft.com/library/security/ms16-149

Microsoft Security Bulletin MS16-150
Security Update for Secure Kernel Mode (3205642)
https://technet.microsoft.com/library/security/ms16-150

Microsoft Security Bulletin MS16-151
Security Update for Windows Kernel-Mode Drivers (3205651)
https://technet.microsoft.com/library/security/ms16-151

Microsoft Security Bulletin MS16-152
Security Update for Windows Kernel (3199709)
https://technet.microsoft.com/library/security/ms16-152

Microsoft Security Bulletin MS16-153
Security Update for Common Log File System Driver (3207328)
https://technet.microsoft.com/library/security/ms16-153

Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)
https://technet.microsoft.com/library/security/ms16-155

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

Microsoft Security Bulletin Minor Revisions Issued: November 23, 2016

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Minor Revisions Issued: November 23, 2016

Summary

The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-130
* MS16-140

Bulletin Information:

MS16-130

– Title: Security Update for Microsoft Windows (3199172)
https://technet.microsoft.com/library/security/ms16-130.aspx
– Reason for Revision: Updated the vulnerability description for
CVE-2016-7222. This is an informational change only.
– Originally posted: November 8, 2016
– Updated: November 23, 2016
– Bulletin Severity Rating: Critical
– Version: 1.1

MS16-140

– Title: Security Update for Boot Manager (3193479)
https://technet.microsoft.com/library/security/ms16-140.aspx
– Reason for Revision: Revised bulletin to announce a detection
change for certain servers running Windows Servers 2012,
Windows Server 2012 R2, and Windows Server 2016. Affected
servers will not automatically receive the security update.
For more information about the servers affected by this detection
change, see Knowledge Base Article 3193479.
– Originally posted: November 8, 2016
– Updated: November 23, 2016
– Bulletin Severity Rating: Important
– Version: 1.1

Microsoft Security Bulletin Minor Revisions Issued: November 8, 2016

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Minor Revisions Issued: November 8, 2016
Summary

The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035
* MS16-091
* MS16-101

Bulletin Information:

MS16-035

– Title: Security Update for .NET Framework to Address
Security Feature Bypass (3141780)
– »technet.microsoft.com/li ··· 035.aspx
– Reason for Revision: Revised bulletin to
announce that a detection change was made to account for
.NET Framework 4.6.1 hotfix rollup customers who were not being
properly offered security updates applicable to
.NET Framework 4.6.1.
– Originally posted: March 8, 2016
– Updated: November 8, 2016
– Bulletin Severity Rating: Important
– Version: 2.6

MS16-091

– Title: Security Update for .NET Framework (3170048)
– »technet.microsoft.com/li ··· 091.aspx
– Reason for Revision: Revised bulletin to announce that a
detection change was made to account for .NET Framework 4.6.1
hotfix rollup customers who were not being properly offered
security updates applicable to the .NET Framework 4.6.1
– Originally posted: July 12, 2016
– Updated: November 8, 2016
– Bulletin Severity Rating: Important
– Version: 1.1

MS16-120

– Title: Security Update for Microsoft Graphics
Component (3192884)
– »technet.microsoft.com/li ··· 120.aspx
– Reason for Revision: Revise bulletin to announce a detection
change to address an issue in supersedence, specifically in
WSUS environments where various updates applicable to
Windows 7 SP1 and Windows Server 2008 R2 SP1 were incorrectly
marked as being superseded. This is a detection change only.
There were no changes to the update files. Customers who
have already successfully installed the update do not need
to take any action.
– Originally posted: October 11, 2016
– Updated: November 8, 2016
– Bulletin Severity Rating: Critical
– Version: 1.1

Microsoft Security Bulletin(s) for November 8, 2016

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin(s) for November 8, 2016
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/techne ··· security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/li ··· ms16-nov

Critical (6)

Microsoft Security Bulletin MS16-129
Cumulative Security Update for Microsoft Edge (3199057)
»technet.microsoft.com/li ··· ms16-129

Microsoft Security Bulletin MS16-130
Security Update for Microsoft Windows (3199172)
»technet.microsoft.com/li ··· ms16-130

Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)
»technet.microsoft.com/li ··· ms16-131

Microsoft Security Bulletin MS16-132
Security Update for Microsoft Graphics Component (3199120)
»technet.microsoft.com/li ··· ms16-132

Microsoft Security Bulletin MS16-141
Security Update for Adobe Flash Player (3202790)
»technet.microsoft.com/li ··· ms16-141

Microsoft Security Bulletin MS16-142
Cumulative Security Update for Internet Explorer (3198467)
»technet.microsoft.com/li ··· ms16-142

Important (8)

Microsoft Security Bulletin MS16-133
Security Update for Microsoft Office (3199168)
»technet.microsoft.com/li ··· ms16-133

Microsoft Security Bulletin MS16-0134
Security Update for Common Log File System Driver (3193706)
»technet.microsoft.com/li ··· ms16-134

Microsoft Security Bulletin MS16-135
Security Update for Windows Kernel-Mode Drivers (3199135)
»technet.microsoft.com/li ··· ms16-135

Microsoft Security Bulletin MS16-136
Security Update for SQL Server (3199641)
»technet.microsoft.com/li ··· ms16-136

Microsoft Security Bulletin MS16-137
Security Update for Windows Authentication Methods (3199173)
»technet.microsoft.com/li ··· ms16-137

Microsoft Security Bulletin MS16-138
Security Update to Microsoft Virtual Hard Disk Driver (3199647)
»technet.microsoft.com/li ··· ms16-138

Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)
»technet.microsoft.com/li ··· ms16-139

Microsoft Security Bulletin MS16-140
Security Update for Boot Manager (3193479)
»technet.microsoft.com/li ··· ms16-140

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

Microsoft Security Bulletin Summary for October 2016 Issued: October 27, 2016

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Summary for October 2016 Issued: October 27, 2016

This is a notification of an out-of-band security bulletin that was
added to the October Security Bulletin Summary on October 27, 2016.

The full version of the Microsoft Security Bulletin Summary for
October 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-oct>.

Critical Security Bulletin (added to summary on October 27)

MS16-128

– Affected Software:
– Windows 8.1 for 32-bit Systems:
– Adobe Flash Player
– Windows 8.1 for x64-based Systems:
– Adobe Flash Player
– Windows Server 2012:
– Adobe Flash Player
(Windows Server 2012 Server Core installation not affected)
– Windows Server 2012 R2:
– Adobe Flash Player
(Windows Server 2012 R2 Server Core installation not affected)
– Windows RT 8.1:
– Adobe Flash Player
– Windows 10 for 32-bit Systems:
– Adobe Flash Player
– Windows 10 for x64-based Systems:
– Adobe Flash Player
– Windows 10 Version 1511 for 32-bit Systems:
– Adobe Flash Player
– Windows 10 Version 1511 for x64-based Systems:
– Adobe Flash Player
– Windows 10 Version 1607 for 32-bit Systems:
– Adobe Flash Player
– Windows 10 Version 1607 for x64-based Systems:
– Adobe Flash Player
– Impact: Remote Code Execution
– Version Number: 1.0

Microsoft Security Bulletin Minor Revisions Issued: October 12, 2016

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Minor Revisions Issued: October 12, 2016

Summary

The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-121

Bulletin Information:

 MS16-121

– Title: Security Update for Office (3194063)
https://technet.microsoft.com/library/security/ms16-121.aspx
– Reason for Revision: V1.1 (October 12, 2016): This bulletin has
been revised to change the severity to Critical. This is an
informational change only.
– Originally posted: October 11, 2016
– Updated: October 12, 2016
– Bulletin Severity Rating: Critical
– Version: 1.1


© 2017 DP's Bits & Bytes.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in