Microsoft Security Update Releases Issued: May 25, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have been added to May 2017 release.

* CVE-2017-8535
* CVE-2017-8536
* CVE-2017-8537
* CVE-2017-8538
* CVE-2017-8539
* CVE-2017-8540
* CVE-2017-8541
* CVE-2017-8542

Revision Information:

CVE-2017-0223

– CVE-2017-8542 | Microsoft Malware Protection Engine Denial
of Service Vulnerability

– CVE-2017-8541 | Microsoft Malware Protection Engine Remote
Code Execution Vulnerability

– CVE-2017-8540 | Microsoft Malware Protection Engine Remote
Code Execution Vulnerability

– CVE-2017-8539 | Microsoft Malware Protection Engine Denial
of Service Vulnerability

– CVE-2017-8538 | Microsoft Malware Protection Engine Remote
Code Execution Vulnerability

– CVE-2017-8537 | Microsoft Malware Protection Engine Denial
of Service Vulnerability

– CVE-2017-8536 | Microsoft Malware Protection Engine Denial
of Service Vulnerability

– CVE-2017-8535 | Microsoft Malware Protection Engine Denial
of Service Vulnerability

– »portal.msrc.microsoft.co ··· guidance
– Version: 1.0
– Reason for Revision: Microsoft is releasing this out-of-band CVE
information to announce that a security update is available for
the Microsoft Malware Protection Engine. Microsoft recommends
that customers verify that the update is installed, and if
necessary, take steps to install the update. For more information
see the FAQ section
– Originally posted: May 25, 2017
– Aggregate CVE Severity Rating: Critical
– Version: 1.0

Microsoft Security Update Releases Issued: May 19, 2017

Security Updates / Bulletins / Advisories No Comments »

Summary

The following CVE has undergone a major revision increment.

* CVE-2017-0223

Revision Information:

CVE-2017-0223

– Title: CVE-2017-0223 | Microsoft Edge Elevation of Privilege
Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: This CVE was addressed by KB4016871, but was
inadvertently omitted from the May 2017 Security Updates. This is
an informational change only.
– Originally posted: May 19, 2017
– Updated: May 19, 2017
– CVE Severity Rating: Important
– Version: 1.0

Microsoft Security Advisory Notification Issued: May 11, 2017

Security Updates / Bulletins / Advisories No Comments »
Security Advisories Released or Updated Today

* Microsoft Security Advisory 4021279
– Title: Vulnerabilities in .NET Core, ASP.NET Core Could Allow
Elevation of Privilege
– »technet.microsoft.com/li ··· 279.aspx
– Reason for Revision: Advisory revised to include a table of
issue CVEs and their descriptions. This is an informational
change only.
– Originally posted: May 9, 2017
– Updated: May 11, 2017
– Bulletin Severity Rating: N/A
– Version: 1.1

Microsoft May 2017 Security Updates

Security Updates / Bulletins / Advisories No Comments »

Release Date: May 09, 2017

 The May security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • NET Framework
  • Adobe Flash Player

Please note the following information regarding the security updates:

  • Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article,  Further simplifying servicing models forWindows 7 and Windows 8.1.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features

Note As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99

Microsoft Security Advisory Notification Issued: May 8, 2017

Security Updates / Bulletins / Advisories No Comments »

Security Advisories Released or Updated Today

* Microsoft Security Advisory 4022344
– Title: Security Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/library/security/4022344.aspx
– Reason for Revision: Microsoft is releasing this security advisory
to inform customers that an update to the Microsoft Malware
Protection Engine addresses a security vulnerability that was
reported to Microsoft.
– Originally posted: May 8, 2017
– Updated: N/A
– Version: 1.0

Get Started with Security Update Guide – new portal for security updates

News, Security Updates / Bulletins / Advisories No Comments »

Traditionally, Information about the vulnerabilities and security updates (a.k.a Security Patches) had been published on the Microsoft Security Bulletin website. We have been asked for better access to security update information, as well as easier ways to customize their view to serve a diverse set of needs.

Now, Microsoft released a new destination for security vulnerability information, the Security Update Guide.

Get Started with Security Update Guide – new portal for security updates

Microsoft Security Bulletin Releases Issued: April 11, 2017

Security Updates / Bulletins / Advisories No Comments »

Summary

The following bulletins have undergone a major revision increment.

* MS16-037 – Critical
* MS17-013 – Critical
* MS17-014 – Important
* MS17-021 – Important

* MS16-APR
* MS17-MAR

Bulletin Information:

MS16-037

– Title: Cumulative Security Update for Internet Explorer (3148531)
https://technet.microsoft.com/library/security/ms16-037.aspx
– Reason for Revision: Bulletin revised to announce the release
of a new Internet Explorer cumulative update (4014661) for
CVE-2016-0162. The update adds to the original release to
comprehensively address CVE-2016-0162. Microsoft recommends that
customers running the affected software install the security
update to be fully protected from the vulnerability described
in this bulletin. See Microsoft Knowledge Base Article 4014661
for more information.
– Originally posted: April 12, 2016
– Updated: April 11, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0

MS17-013

– Title: Security Update for Microsoft Graphics Component (4013075)
https://technet.microsoft.com/library/security/ms17-013.aspx
– Reason for Revision: Bulletin revised to announce the release of
update 4017018 for Windows Vista and Windows Server 2008. The
update replaces update 4012583 for CVE-2017-0038 only, to
comprehensively address the vulnerability. Microsoft recommends
that customers running the affected software install the security
update to be fully protected from the vulnerability described in
this bulletin. See Microsoft Knowledge Base Article 4017018 for
more information.
– Originally posted: March 14, 2017
– Updated: April 11, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0

MS17-014

– Title: Security Update for Microsoft Office (4013241)
https://technet.microsoft.com/library/security/ms17-014.aspx
– Reason for Revision: To comprehensively address CVE-2017-0027 for
Office for Mac 2011 only, Microsoft is releasing security update
3212218. Microsoft recommends that customers running Office for
Mac 2011 install update 3212218 to be fully protected from this
vulnerability. See Microsoft Knowledge Base Article 3212218 for
more information.
– Originally posted: March 14, 2017
– Updated: April 11, 2017
– Bulletin Severity Rating: Important
– Version: 2.0

MS17-021

– Title: Security Update for Windows DirectShow (4010318)
https://technet.microsoft.com/library/security/ms17-021.aspx
– Reason for Revision: Bulletin revised to announce that the security
updates that apply to CVE-2017-0042 for Windows Server 2012 are now
available. Customers running Windows Server 2012 should install
update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be
fully protected from this vulnerability. Customers running other
versions of Microsoft Windows do not need to take any further
action.
– Originally posted: March 14, 2017
– Updated: April 11, 2017
– Bulletin Severity Rating: Important
– Version: 2.0

MS16-APR

– Title: Microsoft Security Bulletin Summary for April 2016
https://technet.microsoft.com/library/security/ms16-apr.aspx
– Reason for Revision: V3.0 (April 11, 2016): For MS16-037,
Bulletin Summary revised to announce the release of a new
Internet Explorer cumulative update (4014661) for CVE-2016-0162.
The update adds to the original release to comprehensively address
CVE-2016-0162. Microsoft recommends that customers running the
affected software install the security update to be fully protected
from the vulnerability described in this bulletin. See Microsoft
Knowledge Base Article 4014661 for more information.
– Originally posted: April 12, 2016
– Updated: April 11, 2016
– Bulletin Severity Rating: Not applicable
– Version: 3.0

MS17-MAR

– Title: Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
– Reason for Revision: V2.0 (April 11, 2016): For MS17-013,
Bulletin Summary revised to announce the release of update 4017018
for Windows Vista and Windows Server 2008. The update replaces
update 4012583 for CVE-2017-0038 only, to comprehensively address
the vulnerability. Microsoft recommends that customers running the
affected software install the security update to be fully protected
from the vulnerability described in this bulletin. See Microsoft
Knowledge Base Article 4017018 for more information.

For MS17-014, to comprehensively address CVE-2017-0027 for Office for
Mac 2011 only, Microsoft is releasing security update 3212218.
Microsoft recommends that customers running Office for Mac 2011
install update 3212218 to be fully protected from this vulnerability.
See Microsoft Knowledge Base Article 3212218 for more information.

For MS17-021, security updates that apply to CVE-2017-0042 for
Windows Server 2012 are now available. Customers running Windows Server
2012
should install update 4015548 (Security Only) or 4015551 (Monthly
Rollup)
to be fully protected from this vulnerability. Customers running other
versions of Microsoft Windows do not need to take any further action.
– Originally posted: March 14, 2017
– Updated: April 11, 2016
– Bulletin Severity Rating: Not applicable
– Version: 2.0

Microsoft April 2017 Security Updates

Security Updates / Bulletins / Advisories No Comments »

Release Date: April 11, 2017

 The April security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Visual Studio for Mac
  • .NET Framework
  • Silverlight
  • Adobe Flash Player

Please note the following information regarding the security updates:

  • Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article,  Further simplifying servicing models forWindows 7 and Windows 8.1.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features

Note As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

Known Issues

4015549

4015546

4015550

4015547

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99

Microsoft Security Bulletin Minor Revision Issued: March 24, 2017

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Minor Revision Issued: March 24, 2017
Summary

The following bulletin has undergone a minor revision increment.

* MS17-013

Bulletin Information:

MS17-013

– Title: Security Update for Microsoft Graphics Component
– »technet.microsoft.com/li ··· 013.aspx
– Reason for Revision: Changed supersedence on package 3178688
affecting Microsoft Office 2010 Service Pack 2 (32 and 64 bit
editions) from 3115131 in MS16-097 to 2889841 in MS16-148.
– Originally posted: March 14, 2017
– Updated: March 24, 2017
– Bulletin Severity Rating: Critical
– Version: 1.1

Microsoft Security Bulletin Minor Revisions Issued: February 23, 2017

Security Updates / Bulletins / Advisories Comments Off on Microsoft Security Bulletin Minor Revisions Issued: February 23, 2017

Summary

The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-084
* MS16-JUL

Bulletin Information:

MS16-084

– Title: Cumulative Security Update for Internet Explorer
– »technet.microsoft.com/li ··· 084.aspx
– Reason for Revision: Removed CVE-2016-3276 from the
Vulnerability Severity Ratings and Impact table and from
the Vulnerability Information because Internet Explorer 9,
Internet Explorer 10, and Internet Explorer 11 are not
affected by this vulnerability. This is an informational
change only.
– Originally posted: July 12, 2016
– Updated: March 17, 2017
– Bulletin Severity Rating: Critical
– Version: 1.1

MS16-JUL

– Title: Microsoft Security Bulletin Summary for July 2016
– »technet.microsoft.com/li ··· JUL.aspx
– Reason for Revision: V1.2 (March 17, 2017): For MS16-084,
removed CVE-2016-3276 from the Exploitability Index because
Internet Explorer 9, Internet Explorer 10, and Internet
Explorer 11 are not affected. This is an informational change
only.
– Originally posted: July 12, 2016
– Updated: March 17, 2017
– Bulletin Severity Rating: Not applicable
– Version: 1.2


© 2017 DP's Bits & Bytes.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in