SlideShare a Scribd company logo

April 2017 patch tuesday ivanti

Download as PPTX, PDF
C
Chris Goettl

Ivanti Patch Tuesday Webinar

Technology
1 of 28
Patch Tuesday Webinar Wednesday, April 12th, 2017Chris Goettl Dial In: 1-877-668-4490 (US) Attendees: 801 814 091
Agenda April 2017 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Industry News • Windows 10 1703 released! And has its first round of patches… • Windows 10 1507 set to EoL in May 2017. start upgrading to a later branch if you are not running and LTSB • IIS 6.0 Zero Day will not be patched. Over 600k public facing web servers discovered running WebDAV and vulnerable. Do you have one? • The importance of removing or securing EoLed software • Microsoft resolved the Word Zero Day!
Shavlik.com goes offline https://www.ivanti.com/blog/shavlik-com-went-offline-held-funeral-thats-right-funeral-website/
Ivanti.Com Patch Tuesday Pages • Blog for Patch Tuesday Forecast and Patch Tuesday Analysis https://www.ivanti.com/blog/category/patch-tuesday/ • Patch Tuesday Page https://www.ivanti.com/en-US/resources/patch-tuesday • Webinars https://www.ivanti.com/en-US/webinars
Ivanti Interchange 2017
Microsoft gets rid of Bulletins!!! https://portal.msrc.microsoft.com/en-us/security-guidance
MS17-W10-04: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 1507, 1511, 1607, and 1703, IE, Edge  Description: This bulletin contains a total of 15 unique KB articles.  Impact: Remote Code Execution  Fixes 32 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017- 0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0164, CVE-2017-0165, CVE- 2017-0166, CVE-2017-0167, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180, CVE-2017-0181, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017- 0188, CVE-2017-0189, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211, CVE-2017-0201, CVE- 2017-0202, CVE-2017-0210 (Disclosed Exploited), CVE-2017-0093, CVE-2017-0200, CVE-2017- 0203 (Disclosed), CVE-2017-0205, CVE-2017-0208  Restart Required: Requires Restart
MS17-SO7-04: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: This security update resolves security vulnerabilities in scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 9 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017-0156, CVE-2017-0158, CVE-2017-0166, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199  Restart Required: Requires Restart
MS17-SO8-04: Security-only Update Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: This security update resolves security vulnerabilities in Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0158, CVE-2017- 0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0169, CVE-2017-0180, CVE-2017-0182, CVE- 2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017-0188, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199, CVE-2017-0211  Restart Required: Requires Restart
MS17-SO81-04: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1 and Server 2012 R2  Description: This security update resolves security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to several quality improvements. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 24 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017- 0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0165, CVE-2017-0166, CVE- 2017-0167, CVE-2017-0168, CVE-2017-0169, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017- 0188, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211  Restart Required: Requires Restart
MS17-IE-04: Security Update for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 8, 9, 10 and 11  Description: This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. The fixes included in this Security Update for Internet Explorer 4014661 are also included in the April 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved with this update. This bulletin contains a total of 7 KB articles.  Impact: Remote Code Execution  Fixes 3 vulnerabilities: CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Browser Restart
MS17-MR7-04: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2 and IE  Description: This security update includes improvements and fixes that were a part of update KB4012218 (released March 21, 2017), and also resolves the following security vulnerabilities in Windows: scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol. This bulletin contains a total of 18 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017- 0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE- 2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
MS17-MR8-04: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: This security update includes improvements and fixes that were a part of update KB4012220 (released March 21, 2017) and also resolves security vulnerabilities in Internet Explorer, Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE- 2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE- 2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
MS17-MR81-04: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1 and Server 2012 R2  Description: This security update includes improvements and fixes that were a part of update KB4012219 (released March 21, 2017) and resolves the security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to several quality improvements. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE- 2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE- 2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
MS17-NET-04: Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7  Description: This update resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution when the .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploit this vulnerability could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0160  Restart Required: Requires Restart
MS17-OFF-04: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Microsoft Office 2007-2016, Excel, Outlook, OneNote, Other  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin contains a total of 22 KB articles.  Impact: Remote Code Execution  Fixes 8 vulnerabilities: CVE-2013-6629, CVE-2017-0106, CVE-2017-0194, CVE- 2017-019, CVE-2017-0197, CVE-2017-0199, CVE-2017-204, CVE-2017-0207  Restart Required: Requires Restart
MS17-AFP-04: Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player if it's installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE- 2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064  Restart Required: Requires Application Restart
MS17-2K8-04: Windows Vista and Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Vista and Server 2008  Description: Security update for the libjpeg information disclosure vulnerability and Microsoft Office remote code execution vulnerability in Windows Vista and Windows Server 2008. This bulletin contains a total of 11 unique KB articles.  Impact: Remote Code Execution and Information Disclosure  Fixes 11 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE- 2017-0184, CVE-2017-0192, CVE-2017-0199  Restart Required: Requires Restart
APSB17-10: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE- 2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064  Restart Required: Application Restart Required
MS17-SLV-04: Security Update for Microsoft Silverlight  Maximum Severity: Important  Affected Products: Microsoft Silverlight 5  Description: This security update addresses an information disclosure vulnerability within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause information to be disclosed that could allow for bypassing the ASLR security feature that protects users from a broad class of vulnerabilities. This bulleting is based on a single KB article.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2013-6629  Restart Required: Requires Restart
APSB17-09: Security Update for Adobe Campaign  Maximum Severity: Important  Affected Products: Adobe Campaign  Description: Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database.  Impact: Information Disclosure and Modification  Fixes 1 vulnerability: CVE-2017-2989  Restart Required: Application Restart Required
APSB17-11: Security Update for Adobe Acrobat and Reader  Maximum Severity: Important  Affected Products: Acrobat DC (Continuous and Classic) Acrobat Reader DC (Continuous and Classic), Acrobat XI, and Reader XI  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution and Memory Address Leak  Fixes 47 vulnerabilities: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE- 2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017- 3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE- 2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017- 3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE- 2017-3056, CVE-2017-3057, CVE-2017-3065  Restart Required: Application Restart Required
APSB17-12: Security Update for Adobe Photoshop CC  Maximum Severity: Recommended  Affected Products: Photoshop CC 2017 and 2015.5  Description: Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution. These updates also resolve an unquoted search path vulnerability in Photoshop on Windows.  Impact: Remote Code Execution  Fixes 2 vulnerabilities: CVE-2017-3004, CVE-2017-3005  Restart Required: Requires Application Restart
APSB17-13: Security Update for Adobe CC Desktop Applications  Maximum Severity: Recommended  Affected Products: Creative Cloud 3.9.5 and earlier  Description: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an important vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. This update also resolves a vulnerability related to the directory search path used to find resources.  Impact: Remote Code Execution  Fixes 2 vulnerabilities: CVE-2017-3006, CVE-2017-3007  Restart Required: Requires Application Restart as well as Logout/Login by Users
Thank You

Recommended

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Ivanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiIvanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivantiIvanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiIvanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch TuesdayIvanti
 
Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiErica Azad
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 

Recommended

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Ivanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiIvanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivantiIvanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiIvanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch TuesdayIvanti
 
Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiErica Azad
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday AnalysisIvanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019Ivanti
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Ivanti
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Ivanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 

More Related Content

What's hot

November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday AnalysisIvanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019Ivanti
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch TuesdayIvanti
 

What's hot (16)

November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlik
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 

Similar to April 2017 patch tuesday ivanti

Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Ivanti
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Ivanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch TuesdayIvanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch TuesdayIvanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Ivanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesdayIvanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchIvanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch TuesdayIvanti
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Ivanti
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisIvanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Ivanti
 

Similar to April 2017 patch tuesday ivanti (20)

Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016
 
May 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday AnalysisMay 2018 Patch Tuesday Analysis
May 2018 Patch Tuesday Analysis
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016
 

Recently uploaded

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

April 2017 patch tuesday ivanti

  • 1. Patch Tuesday Webinar Wednesday, April 12th, 2017Chris Goettl Dial In: 1-877-668-4490 (US) Attendees: 801 814 091
  • 2. Agenda April 2017 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3. Industry News • Windows 10 1703 released! And has its first round of patches… • Windows 10 1507 set to EoL in May 2017. start upgrading to a later branch if you are not running and LTSB • IIS 6.0 Zero Day will not be patched. Over 600k public facing web servers discovered running WebDAV and vulnerable. Do you have one? • The importance of removing or securing EoLed software • Microsoft resolved the Word Zero Day!
  • 5. Ivanti.Com Patch Tuesday Pages • Blog for Patch Tuesday Forecast and Patch Tuesday Analysis https://www.ivanti.com/blog/category/patch-tuesday/ • Patch Tuesday Page https://www.ivanti.com/en-US/resources/patch-tuesday • Webinars https://www.ivanti.com/en-US/webinars
  • 7. Microsoft gets rid of Bulletins!!! https://portal.msrc.microsoft.com/en-us/security-guidance
  • 8.
  • 9. MS17-W10-04: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 1507, 1511, 1607, and 1703, IE, Edge  Description: This bulletin contains a total of 15 unique KB articles.  Impact: Remote Code Execution  Fixes 32 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017- 0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0164, CVE-2017-0165, CVE- 2017-0166, CVE-2017-0167, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180, CVE-2017-0181, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017- 0188, CVE-2017-0189, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211, CVE-2017-0201, CVE- 2017-0202, CVE-2017-0210 (Disclosed Exploited), CVE-2017-0093, CVE-2017-0200, CVE-2017- 0203 (Disclosed), CVE-2017-0205, CVE-2017-0208  Restart Required: Requires Restart
  • 10. MS17-SO7-04: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: This security update resolves security vulnerabilities in scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 9 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017-0156, CVE-2017-0158, CVE-2017-0166, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199  Restart Required: Requires Restart
  • 11. MS17-SO8-04: Security-only Update Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: This security update resolves security vulnerabilities in Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0158, CVE-2017- 0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0169, CVE-2017-0180, CVE-2017-0182, CVE- 2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017-0188, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199, CVE-2017-0211  Restart Required: Requires Restart
  • 12. MS17-SO81-04: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1 and Server 2012 R2  Description: This security update resolves security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to several quality improvements. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 24 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0156, CVE-2017- 0158, CVE-2017-0159, CVE-2017-0162, CVE-2017-0163, CVE-2017-0165, CVE-2017-0166, CVE- 2017-0167, CVE-2017-0168, CVE-2017-0169, CVE-2017-0178, CVE-2017-0179, CVE-2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, CVE-2017-0186, CVE-2017- 0188, CVE-2017-0191, CVE-2017-0192, CVE-2017-0211  Restart Required: Requires Restart
  • 13. MS17-IE-04: Security Update for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 8, 9, 10 and 11  Description: This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. The fixes included in this Security Update for Internet Explorer 4014661 are also included in the April 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved with this update. This bulletin contains a total of 7 KB articles.  Impact: Remote Code Execution  Fixes 3 vulnerabilities: CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Browser Restart
  • 14. MS17-MR7-04: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2 and IE  Description: This security update includes improvements and fixes that were a part of update KB4012218 (released March 21, 2017), and also resolves the following security vulnerabilities in Windows: scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol. This bulletin contains a total of 18 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE-2017- 0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE- 2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE-2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
  • 15. MS17-MR8-04: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: This security update includes improvements and fixes that were a part of update KB4012220 (released March 21, 2017) and also resolves security vulnerabilities in Internet Explorer, Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE- 2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE- 2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
  • 16. MS17-MR81-04: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1 and Server 2012 R2  Description: This security update includes improvements and fixes that were a part of update KB4012219 (released March 21, 2017) and resolves the security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to several quality improvements. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 18 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0156, CVE-2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE- 2017-0180, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0191, CVE- 2017-0192, CVE-2017-0199, CVE-2017-0201, CVE-2017-0202, CVE-2017-0210 (Disclosed Exploited)  Restart Required: Requires Restart
  • 17. MS17-NET-04: Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7  Description: This update resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution when the .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploit this vulnerability could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This bulletin contains a total of 8 unique KB articles.  Impact: Remote Code Execution  Fixes 1 vulnerability: CVE-2017-0160  Restart Required: Requires Restart
  • 18. MS17-OFF-04: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Microsoft Office 2007-2016, Excel, Outlook, OneNote, Other  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin contains a total of 22 KB articles.  Impact: Remote Code Execution  Fixes 8 vulnerabilities: CVE-2013-6629, CVE-2017-0106, CVE-2017-0194, CVE- 2017-019, CVE-2017-0197, CVE-2017-0199, CVE-2017-204, CVE-2017-0207  Restart Required: Requires Restart
  • 19. MS17-AFP-04: Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player if it's installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1. This bulletin is based on a single KB article.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE- 2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064  Restart Required: Requires Application Restart
  • 20. MS17-2K8-04: Windows Vista and Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Vista and Server 2008  Description: Security update for the libjpeg information disclosure vulnerability and Microsoft Office remote code execution vulnerability in Windows Vista and Windows Server 2008. This bulletin contains a total of 11 unique KB articles.  Impact: Remote Code Execution and Information Disclosure  Fixes 11 vulnerabilities: CVE-2013-6629, CVE-2017-0058, CVE-2017-0155, CVE- 2017-0158, CVE-2017-0163, CVE-2017-0166, CVE-2017-0168, CVE-2017-0180, CVE- 2017-0184, CVE-2017-0192, CVE-2017-0199  Restart Required: Requires Restart
  • 21. APSB17-10: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE- 2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064  Restart Required: Application Restart Required
  • 22. MS17-SLV-04: Security Update for Microsoft Silverlight  Maximum Severity: Important  Affected Products: Microsoft Silverlight 5  Description: This security update addresses an information disclosure vulnerability within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause information to be disclosed that could allow for bypassing the ASLR security feature that protects users from a broad class of vulnerabilities. This bulleting is based on a single KB article.  Impact: Information Disclosure  Fixes 1 vulnerability: CVE-2013-6629  Restart Required: Requires Restart
  • 23. APSB17-09: Security Update for Adobe Campaign  Maximum Severity: Important  Affected Products: Adobe Campaign  Description: Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database.  Impact: Information Disclosure and Modification  Fixes 1 vulnerability: CVE-2017-2989  Restart Required: Application Restart Required
  • 24. APSB17-11: Security Update for Adobe Acrobat and Reader  Maximum Severity: Important  Affected Products: Acrobat DC (Continuous and Classic) Acrobat Reader DC (Continuous and Classic), Acrobat XI, and Reader XI  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution and Memory Address Leak  Fixes 47 vulnerabilities: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE- 2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017- 3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE- 2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017- 3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE- 2017-3056, CVE-2017-3057, CVE-2017-3065  Restart Required: Application Restart Required
  • 25. APSB17-12: Security Update for Adobe Photoshop CC  Maximum Severity: Recommended  Affected Products: Photoshop CC 2017 and 2015.5  Description: Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution. These updates also resolve an unquoted search path vulnerability in Photoshop on Windows.  Impact: Remote Code Execution  Fixes 2 vulnerabilities: CVE-2017-3004, CVE-2017-3005  Restart Required: Requires Application Restart
  • 26. APSB17-13: Security Update for Adobe CC Desktop Applications  Maximum Severity: Recommended  Affected Products: Creative Cloud 3.9.5 and earlier  Description: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an important vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. This update also resolves a vulnerability related to the directory search path used to find resources.  Impact: Remote Code Execution  Fixes 2 vulnerabilities: CVE-2017-3006, CVE-2017-3007  Restart Required: Requires Application Restart as well as Logout/Login by Users
  • 27.

Editor's Notes

  1. Public Disclosure (CVE-2017-0203) Public Disclosure (CVE-2017-0210) Exploited (CVE-2017-0210) Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
  2. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  3. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  4. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  5. Public Disclosure (CVE-2017-0210) Exploited (CVE-2017-0210) Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in.
  6. Public Disclosure (CVE-2017-0210) Exploited (CVE-2017-0210) Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  7. Public Disclosure (CVE-2017-0210) Exploited (CVE-2017-0210) Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  8. Public Disclosure (CVE-2017-0210) Exploited (CVE-2017-0210) Another vulnerability that has been actively exploited is CVE-2017-0210, a privilege escalation weakness affecting Internet Explorer. Microsoft said the flaw exists due to the lack of proper enforcement of cross-domain policies, and it can be exploited by tricking the targeted user into accessing a specially crafted web page. However, the company has not shared any information about the attacks it has been exploited in. Known Issue: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.Microsoft is working on a resolution and will provide an update in an upcoming release.
  9. Public Disclosure (CVE-2017-0199) Exploited (CVE-2017-0199) One of the zero-days patched by Microsoft this month is CVE-2017-0199, an Office and WordPad vulnerability that can be exploited for remote code execution. The security hole has been exploited in the wild by malicious actors to deliver various pieces of malware, including Dridex, WingBird, Latentbot and Godzilla.