Tuesday, September 12, 2017

Microsoft Security Updates for September, 2017

The September security release consists of 81 security updates for the following software in which 26 are listed as Critical, 53 are rated Important, and two are Moderate in severity. 
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Adobe Flash Player
  • Skype for Business and Lync
  • .NET Framework
  • Microsoft Exchange Server
    The updates address Remote Code Execution, Spoofing, "Defense in Depth", Information Disclosure and Elevation of Privilege. "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    A few of the CVEs addressed by Microsoft this month that deserve some extra attention are discussed in Zero Day Initiative — The September 2017 Security Update Review by Dustin Childs.

      Additional Update Notes

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Adobe Flash Player Critical Security Updates

        Adobe Flashplayer

        Adobe has released Version of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

        These updates address vulnerabilities could lead to remote code execution.

        Release date:  September 12, 2017
        Vulnerability identifier: APSB17-28
        CVE Numbers:   CVE-2017-11281, CVE-2017-3106
        Platform: Windows, Macintosh, Linux and Chrome OS


        *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

          Verify Installation

          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

          Do this for each browser installed on your computer.

          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Wednesday, August 30, 2017

          Adobe Acrobat and Reader Security Bulletin APSB17-24 Updated


          Adobe Security Bulletin APSB17-24 for Adobe Acrobat and Reader has been updated to include the availability of new updates as of August 29. 

          From the blog post:
          "The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223.  This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.
          At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.
          [0] Hotfix for 2017.012.20093
          [1] Hotfix for 2017.011.30059
          [2] Hotfix for 2015.006.30352"
          Version 11.0.22 is available at 11.0.22 Out of cycle update, August 22, 2017 — Acrobat and Adobe Reader Release Notes.   


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...