Microsoft Security Update Minor Revisions Issued: October 18, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following advisory and CVE have been revised in the October 2017
Security Updates.

* ADV170012
* CVE-2017-13080

Revision Information:

ADV170012

– Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
– »portal.msrc.microsoft.co ··· guidance
– Reasons for Revision: The following revisions added under Step 4:
Apply applicable firmware updates are informational only: * Added list
of affected Microsoft Surface devices. * Added link for Acer to the
table of OEM information.
– Originally posted: October 10, 2017
– Updated: October 18, 2017
– CVE Severity Rating: Critical
– Version: 1.4

CVE-2017-13080

– Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reasons for Revision: Corrected FAQ 4 to clarify that the security
updates released on October 10 fully address CVE-2017-13080.
– Originally posted: October 10, 2017
– Updated: October 18, 2017
– CVE Severity Rating: Important
– Version: 1.2

Google Releases Security Updates for Chrome

News, Security Updates / Bulletins / Advisories No Comments »

Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases (link is external) page and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2017/10/18/Google-Releases-Security-Updates-Chrome

Microsoft Security Update Minor Revisions Issued: October 17, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following advisory has been revised in the October 2017 Security
Updates.

* ADV170012

Revision Information:

ADV170012

– Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
– »portal.msrc.microsoft.co ··· guidance
– Reasons for Revision: v1.3: The following revisions are
informational changes only: * Added CVE number and vulnerability
name. * Added links for OEM information for HPE and Toshiba to the
table under Step 4: Apply applicable firmware updates. * Added
information for MSA to the table under Step 5: Remediate services
based on your particular use cases.
– Originally posted: October 10, 2017
– Updated: October 17, 2017
– CVE Severity Rating: Critical
– Version: 1.3

Microsoft Security Update Releases Issued: October 17, 2017

Security Updates / Bulletins / Advisories No Comments »

Summary

The following CVE has undergone a major revision increment.

* ADV170018

CVE Revision Information:

CVE-2017-13080

– Title: ADV170018 | October 2017 Flash Update
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: The October Adobe Flash Security Update is
available for installation. See »support.microsoft.com/
en-us/help/4049179 for more information.
– Originally posted: October 17, 2017
– Updated: N/A
– CVE Severity Rating: Critical
– Version: 1.0

Microsoft Security Update Releases Issued: October 16, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVE has undergone a major revision increment.

* CVE-2017-13080 CVE

Revision Information:

CVE-2017-13080

Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability »portal.msrc.microsoft.co ··· guidance
Reason for Revision: CVE-2017-13080 has been added to the October 2017 security release in lieu of ADV170016, which has been deprecated. CVE-2017-13080 was released as part of a multi-vendor coordinated disclosure. Please see the FAQ for more information.
Originally posted: October 16, 2017 – Updated: N/A – CVE Severity Rating: Important – Version: 1.0

Microsoft Security Update Minor Revisions Issued: October 11, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following advisory has been revised in the October 2017 Security
Updates.

* ADV170012

Revision Information:

ADV170012

– Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
– »portal.msrc.microsoft.co ··· guidance
– Reasons for Revision: v1.1: To keep the information in the advisory
up-to-date, made several corrections: corrected link to HP OEM site,
added link to Lenovo OEM site, added note that failure to run the
PowerShell script as an administrator will return incorrect results.
These are all informational changes only.
v1.2: Added information about how to use the PowerShell script to
remotely check devices for affected TPMs. Clarified that BitLocker
protection is affected only if the TPM firmware version is 1.2.
These are informational changes only.
– Originally posted: October 10, 2017
– Updated: October 11, 2017
– CVE Severity Rating: Critical
– Version: 1.2

Microsoft Security Update Minor Revisions Issued: October 10, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVE has been revised in the October 2017 Security
Updates.

* CVE-2017-11774

Revision Information:

CVE-2017-11774

– Title: CVE-2017-11774 | Microsoft Outlook Security Feature Bypass
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Corrected the affected Microsoft Office
component in the CVE description. This is an informational change
only.
– Originally posted: October 10, 2017
– Updated: October 10, 2017
– CVE Severity Rating: Important
– Version: 1.1

Microsoft Security Bulletin(s) for October 2017

Security Updates / Bulletins / Advisories No Comments »

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99

Release Notes

October 2017 Security Updates

Release Date: October 10, 2017

The October security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Skype for Business and Lync
  • Chakra Core

Please note the following information regarding the security updates:

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the excecption of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.

Known Issues
4041691
4042895
4041676
4041681

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

Microsoft Security Update Releases Issued: October 4, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVE has undergone a major revision increment.

* CVE-2017-8695

CVE Revision Information:

CVE-2017-8695

– Title: CVE-2017-8695 | Graphics Component Information Disclosure
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Removed security update 3213568 for Microsoft
Lync Basic 2013 Service Pack 1 (32-bit), Microsoft Lync Basic 2013
Service Pack 1 (64-bit), Microsoft Lync 2013 Service Pack 1 (32-bit),
and Microsoft Lync 2013 Service Pack 1 (64-bit) from the Affected
Products table because it is not required to address CVE-2017-8695.
Customers running these affected versions of Microsoft Lync who have
already successfully installed the September Security Updates do not
need to take any further action.
– Originally posted: September 12, 2017
– Updated: October 4, 2017
– CVE Severity Rating: Important
– Version: 2.0

Microsoft Security Update Minor Revisions Issued: October 3, 2017

Security Updates / Bulletins / Advisories No Comments »
Summary

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8759

Revision Information:

CVE-2017-8759

– Title: CVE-2017-8759 | .NET Framework Remote Code Execution
Vulnerability
– »portal.msrc.microsoft.co ··· guidance
– Reason for Revision: Corrected links to the Monthly Rollup KB
articles for Microsoft .NET Framework 4.5.2 and Microsoft .NET
Framework 4.6 installed on Windows Server 2008, and added a link
to the 4041085 monthly rollup for Microsoft .NET Framework
4.6/4.6.1/4.6.2/4.7 installed on Windows RT 8.1. This is an
informational change only. Customers who have successfully
installed the updates do not need to take any further action.
– Originally posted: September 12, 2017
– Updated: October 3, 2017
– CVE Severity Rating: Important
– Version: 1.2


© 2017 DP's Bits & Bytes.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in