Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

May 2017 Patch Tuesday Ivanti

1,807 views

Published on

Ivanti's monthly Patch Tuesday presentation helping prioritize and get in depth analysis of Microsoft and 3rd Party Updates

Published in: Technology
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Great information about writing! If you ever need any help with proofreading, editing or research check out Writer’s Help. They are a great resource for personal, educational or business writing needs. The website is ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

May 2017 Patch Tuesday Ivanti

  1. 1. Patch Tuesday Webinar Wednesday, May 10th, 2017Chris Goettl Todd Schell Dial In: 1-877-668-4490 (US) Attendees: 804 134 053
  2. 2. Agenda May 2017 Patch Tuesday Overview In the News Bulletins Q & A 1 2 3 4
  3. 3.  In the News
  4. 4. Intel vPro Vulnerability An oldie but goodie  Allows remote access with AMT enabled  AMT disabled limits access to local system Ivanti solution  Deploy our configuration management package  Disables AMT No word yet from OEMs on a fix
  5. 5. From our Friends at Microsoft A vulnerable malware protection engine?  MS MRT allows code execution upon special file scan  Researcher revers to vulnerability as ‘crazy bad’  MS releasing a fix; should update within 48 hours Processor limitations coming for Windows 10  Kaby Lake processors will cause WU to block updates on OSs Older than Win 10  Future updates will not support older processors  Installation restrictions in the update engine itself
  6. 6. Phishing for Google Docs Phishing is alive and well this month  Google docs phishing scam  Email with a request to share some documents  Limited defense against this sort of attack  Enable two-factor authentication on your account  Education is the key
  7. 7.  Bulletins
  8. 8. MS17-05-AFP: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player if it's installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1. This bulletin is refers to a single KB article.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017- 3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074  Restart Required: Requires Application Restart
  9. 9. MS17-05-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Microsoft Internet Explorer 9, 10 and 11  Description: This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. The security fixes that are listed in the Security Monthly Quality Rollup KB4019215 are also included in the May 2017 Security-Only Quality Update, KB4019213, except for the security fixes for Internet Explorer. Those are instead included in the Cumulative Security Update for Internet Explorer KB4018271. This bulletin references 7 KB articles.  Impact: Remote Code Execution  Fixes 6 vulnerabilities: CVE-2017-0064, CVE-2017-0222, CVE-2017-0226, CVE- 2017-0228, CVE-2017-0231, CVE-2017-0238  Restart Required: Requires Browser Restart
  10. 10. MS17-05-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Microsoft Office 2007-2016 for Windows and Mac  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin references 25 KB articles.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-0254, CVE-2017-0261, CVE-2017-0262, CVE-2017-0264, CVE-2017-0265, CVE-2017-0281, CVE-2017-0290  Restart Required: Requires Restart
  11. 11. MS17-05-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 1507, 1511, 1607, and 1703, Server 2016, Microsoft Edge, and IE  Description: This bulletin references 11 KB articles.  Impact: Full range of impacts including Remote Code Execution  Fixes 42 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017- 0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0221, CVE-2017-0222, CVE- 2017-0224, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, CVE-2017- 0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0258, CVE-2017-0259, CVE- 2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017- 0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280  Restart Required: Requires Restart
  12. 12. MS17-05-2K8: Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. Several vulnerabilities lead to information disclosure or remote code execution. This bulletin references 9 KB articles.  Impact: Remote Code Execution, Elevation of Privilege, Denial of Service, Information Disclosure  Fixes 27 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0175, CVE-2017- 0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0242, CVE-2017-0244, CVE- 2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017- 0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE- 2017-0280  Restart Required: Requires Restart
  13. 13. MS17-05-SO7: Security-only Update for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Security updates to Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS. This bulletin is based on KB4019263.  Impact: Remote Code Execution  Fixes 27 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0175, CVE-2017- 0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0242, CVE-2017-0244, CVE- 2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017- 0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE- 2017-0280  Restart Required: Requires Restart
  14. 14. MS17-05-SO8: Security-only Update Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel and Microsoft Windows DNS. Does not include security fixes for Internet Explorer. This bulletin is based on KB4019214.  Impact: Remote Code Execution  Fixes 24 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017- 0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE- 2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017- 0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280  Restart Required: Requires Restart
  15. 15. MS17-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1 and Server 2012 R2  Description: Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server and Windows kernel. This bulletin is based on KB4019213.  Impact: Remote Code Execution  Fixes 23 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017- 0213, CVE-2017-0214, CVE-2017-0246, CVE-2017-0258, CVE-2017-025, CVE-2017-0263, CVE- 2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017- 0278, CVE-2017-0279, CVE-2017-0280  Restart Required: Requires Restart
  16. 16. MS17-05-MR7: Monthly Rollup for Win 7 and Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB4015552 (released April 18, 2017). This bulletin includes updates for IE. This bulletin is based on KB4019264.  Impact: Remote Code Execution  Fixes 33 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017- 0175, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE- 2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238, CVE-2017-0242, CVE-2017-0244, CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017- 0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE- 2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280,  Restart Required: Requires Restart
  17. 17. MS17-05-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Server 2012  Description: This security update includes improvements and fixes that were a part of update KB4015554 (released April 18, 2017). This bulletin includes updates for IE. This bulletin is based on KB4019216.  Impact: Remote Code Execution  Fixes 30 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017- 0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0226, CVE- 2017-0228, CVE-2017-0231, CVE-2017-0238 CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017- 0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE- 2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280  Restart Required: Requires Restart
  18. 18. MS17-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB4015553 (released April 18, 2017). This bulletin includes updates for IE. This bulletin is based on KB4019215.  Impact: Remote Code Execution  Fixes 29 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017- 0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE- 2017-0231, CVE-2017-0238, CVE-2017-0246, CVE-2017-0258, CVE-2017-025, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017- 0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE- 2017-0278, CVE-2017-0279, CVE-2017-0280  Restart Required: Requires Restart
  19. 19. APSB17-15: Security Update for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 7 vulnerabilities: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017- 3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074  Restart Required: Application Restart Required
  20. 20. MS17-05-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7  Sub-bulletins: MS17-05-SONET-4019108, 4019109, 4019110, 4019111  These are four separate bulletins for the four operating systems  Description: This update resolves a vulnerability where the Microsoft .NET Framework (and .NET Core) components do not completely validate certificates resulting in a security feature bypass.  Impact: Security Feature Bypass  Fixes 1 vulnerability: CVE-2017-0248  Restart Required: Requires Restart
  21. 21. MS17-05-SONET: Monthly Rollup for Microsoft .Net  Maximum Severity: Important  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7  Sub-bulletins: MS17-05-MRNET-4019112, 4019113, 4019114, 4019115  These are four separate bulletins for the four operating systems  Description: This update resolves a vulnerability where the Microsoft .NET Framework (and .NET Core) components do not completely validate certificates resulting in a security feature bypass.  Impact: Security Feature Bypass  Fixes 1 vulnerability: CVE-2017-0248  Restart Required: Requires Restart
  22. 22. Other Releases  PDF-Xchange  Bulletin: PDFX-008  Release 6.0.322.0  Feature and maintenance update (non-security)  Google Chrome  Bulletin: Chrome-195  Release 58.0.3029.110  Windows, MacOS, Linux  Stability, performance, and security
  23. 23. Thank You

×