Tuesday, May 09, 2017

Microsoft Security Updates for May, 2017

After today, Windows 10 devices running version 1507 will no longer receive security and quality updates.  Instructions on how to update to the latest Windows 10 version are available in this Microsoft support article.

May Security Update Details:

The May Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.

However, to actually have a better understanding about the updates released today, see Zero Day Initiative — The May 2017 Security Update Review by Dustin Childs.

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Adobe Flash Player Critical Update

      Adobe Flashplayer

      Adobe has released Version of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

      These updates address critical vulnerabilities including a use-after-free vulnerability that could lead to code execution and memory corruption vulnerabilities that could lead to code execution.

      Release date:  May 9 11, 2017
      Vulnerability identifier: APSB17-15
      CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-30744
      Platform: Windows, Macintosh, Linux and Chrome OS


      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Monday, May 08, 2017

        Security Update for Microsoft Malware Protection Engine

        Microsoft released Security Advisory 4022344 about an update to the Microsoft Malware Protection Engine.  The update addresses a security vulnerability that was reported to Microsoft.

        The vulnerability addressed in the update could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. According to the Advisory,
        "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."

        An updated MSRT will be included with the Security Updates on May 9.  Windows Defender will automatically update or can be manually launched and checked for updates.


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...