SlideShare a Scribd company logo

January2017 patchtuesdayshavlik

Download as PPTX, PDF
LANDESK
LANDESK

This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The document then summarizes the key updates being released, including updates for Windows 10, Office, Adobe Flash Player, Acrobat, and security updates for other products. It concludes by listing resources for getting Shavlik content updates, attending future webinars, and watching previous webinar recordings.

1 of 18
Patch Tuesday Webinar Wednesday, January 11th, 2017• Sara Otremba • Ryan Worlton Dial In: 1-855-749-4750 (US) Attendees: 929 872 712
Agenda January 2017 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
Industry News What is our name? Sorry but you will have to wait a bit longer. The name will be revealed shortly. LANDESK and HEAT are joining forces! . Remember this is the last Patch Tuesday that Microsoft will be using Security Bulletins. After January 10th, Microsoft will switch to using the Security Updates Guide. For more info, see the FAQ here https://technet.microsoft.com/en-us/security/mt791750 Blog Post from Microsoft: https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/ Don’t worry, 2017 will not be boring. We have a new president about to be sworn in and a “new friendly” relationship with Russia! We have already invested in our architecture allowing us to deliver common content across multiple products. This allows us to gain efficiencies and increase innovation in the endpoint security space. http://www.landesk.com/company/press-releases/2017/landesk-heat-software-clearlake-capital/
CSWU-045: Cumulative update for Windows 10: January, 2017  Maximum Severity: Critical  Affected Products: Windows 10, Edge  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-001, MS17-003  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 13 vulnerabilities: CVE-2017-0002, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017- 2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937  Restart Required: Requires Restart
MS17-002: Security Update for Microsoft Office (3214291)  Maximum Severity: Critical  Affected Products: Office, Office Services and Office WebApps  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerability:  CVE-2017-0003  Restart Required: May Require Restart
MS17-003: Security Update for Adobe Flash Player (3214628)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE- 2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017- 2936, CVE-2017-2937  Restart Required: Requires Restart
APSB17-01: Security Updates for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (Windows and Mac)  Description: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues.  Impact: Remote Code Execution  Fixes 29 vulnerabilities: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017- 2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017- 2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017- 2966, CVE-2017-2967 • Restart Required: Requires Restart
APSB17-02: Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player (Windows, Macintosh, Linux and Chrome OS)  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 13 vulnerabilities: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017- 2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938  Restart Required: Requires Restart
SB17-001: January, 2017 Security Only Update (3216771)  Maximum Severity: Important  Affected Products: Windows  Description: This update is the Security Only Quality Update for Windows 7: MS17-004  Impact: Denial of Service  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
CR17-001: January, 2017 Security Monthly Quality Update (3216771)  Maximum Severity: Important  Affected Products: Windows  Description: This update is the Security Only Quality Update for Windows 7: MS17-004  Impact: Denial of Service,  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)  Maximum Severity: Important  Affected Products: Windows Vista  Description: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. MS17-004 addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests  Impact: Denial of Service,  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
MS17-001: Security Update for Microsoft Edge (3214288)  Maximum Severity: Important  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Elevation of Privilege  Fixes 1 vulnerability:  CVE-2017-0002(Publicly Disclosed)  Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: TortoiseHG, Adobe PhotoShop CC 2015, Nmap, TortoiseGit, Apple iCloud, Java Development Kit 8.0 Security Updates: Firefox (1), Skype (1), Opera (1), Adobe (3), SeaMonkey (1), Microsoft (5), Foxit Reader (1), Wireshark (1), Adobe PhotoShop CC 2015 (1), Thunderbird (1), Java Development Kit 8.0 (1), Apple iCloud (1), KeePass Pro (1), Non-Security Updates: Adobe (1), Dropbox (1), GoodSync (2), Microsoft (36), TortoiseHG (1), TeamViewer (1), Xmind (1), CoreFTP (1), IRFanView (1), LibreOffice (1), Nmap (2), TortoiseGit (1), GoToMeeting (2), Java Development Kit 8.0 (1), NitroPro (1), TeamViewer (1), CDBurnerXP (1), Malwarebytes (1) Security Tools: Software Distribution:
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

Recommended

December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
LANDESK
 
April 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiApril 2017 patch tuesday ivanti
April 2017 patch tuesday ivanti
Chris Goettl
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016
LANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016
Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016
Ivanti
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016
Ivanti
 

Recommended

December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
LANDESK
 
April 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiApril 2017 patch tuesday ivanti
April 2017 patch tuesday ivanti
Chris Goettl
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016
LANDESK
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016
Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016
Ivanti
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016
Ivanti
 
Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017
Ivanti
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016
Ivanti
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
LANDESK
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
Ivanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday Ivanti
Ivanti
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015
Ivanti
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015
Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016
Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
Ivanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
Ivanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
Ivanti
 
Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - Ivanti
Erica Azad
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016
Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016
Ivanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch Tuesday
Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
Ivanti
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016
Ivanti
 

More Related Content

What's hot

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017
Ivanti
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016
Ivanti
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
LANDESK
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
Ivanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday Ivanti
Ivanti
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015
Ivanti
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015
Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016
Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
Ivanti
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
Ivanti
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
Ivanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
Ivanti
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
Ivanti
 

What's hot (15)

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday Ivanti
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
 
October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018October Patch Tuesday Analysis 2018
October Patch Tuesday Analysis 2018
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
 
There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806There's more to third-party patching than SCCM 1806
There's more to third-party patching than SCCM 1806
 

Similar to January2017 patchtuesdayshavlik

Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - Ivanti
Erica Azad
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016
Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016
Ivanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch Tuesday
Ivanti
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
Ivanti
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
Ivanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivanti
Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015
Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016
Ivanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
Ivanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
Ivanti
 

Similar to January2017 patchtuesdayshavlik (20)

Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - Ivanti
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch Tuesday
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 

January2017 patchtuesdayshavlik

  • 1. Patch Tuesday Webinar Wednesday, January 11th, 2017• Sara Otremba • Ryan Worlton Dial In: 1-855-749-4750 (US) Attendees: 929 872 712
  • 2. Agenda January 2017 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
  • 4.
  • 5. Industry News What is our name? Sorry but you will have to wait a bit longer. The name will be revealed shortly. LANDESK and HEAT are joining forces! . Remember this is the last Patch Tuesday that Microsoft will be using Security Bulletins. After January 10th, Microsoft will switch to using the Security Updates Guide. For more info, see the FAQ here https://technet.microsoft.com/en-us/security/mt791750 Blog Post from Microsoft: https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/ Don’t worry, 2017 will not be boring. We have a new president about to be sworn in and a “new friendly” relationship with Russia! We have already invested in our architecture allowing us to deliver common content across multiple products. This allows us to gain efficiencies and increase innovation in the endpoint security space. http://www.landesk.com/company/press-releases/2017/landesk-heat-software-clearlake-capital/
  • 6. CSWU-045: Cumulative update for Windows 10: January, 2017  Maximum Severity: Critical  Affected Products: Windows 10, Edge  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-001, MS17-003  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 13 vulnerabilities: CVE-2017-0002, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017- 2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937  Restart Required: Requires Restart
  • 7. MS17-002: Security Update for Microsoft Office (3214291)  Maximum Severity: Critical  Affected Products: Office, Office Services and Office WebApps  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerability:  CVE-2017-0003  Restart Required: May Require Restart
  • 8. MS17-003: Security Update for Adobe Flash Player (3214628)  Maximum Severity: Critical  Affected Products: Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE- 2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017- 2936, CVE-2017-2937  Restart Required: Requires Restart
  • 9. APSB17-01: Security Updates for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (Windows and Mac)  Description: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues.  Impact: Remote Code Execution  Fixes 29 vulnerabilities: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017- 2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017- 2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017- 2966, CVE-2017-2967 • Restart Required: Requires Restart
  • 10. APSB17-02: Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player (Windows, Macintosh, Linux and Chrome OS)  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 13 vulnerabilities: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017- 2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938  Restart Required: Requires Restart
  • 11. SB17-001: January, 2017 Security Only Update (3216771)  Maximum Severity: Important  Affected Products: Windows  Description: This update is the Security Only Quality Update for Windows 7: MS17-004  Impact: Denial of Service  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
  • 12. CR17-001: January, 2017 Security Monthly Quality Update (3216771)  Maximum Severity: Important  Affected Products: Windows  Description: This update is the Security Only Quality Update for Windows 7: MS17-004  Impact: Denial of Service,  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
  • 13. MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)  Maximum Severity: Important  Affected Products: Windows Vista  Description: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. MS17-004 addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests  Impact: Denial of Service,  Fixes 1 vulnerability: CVE-2017-0004  Restart Required: Requires Restart
  • 14. MS17-001: Security Update for Microsoft Edge (3214288)  Maximum Severity: Important  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Elevation of Privilege  Fixes 1 vulnerability:  CVE-2017-0002(Publicly Disclosed)  Restart Required: Requires Restart
  • 15. Between Patch Tuesdays New Product Support: TortoiseHG, Adobe PhotoShop CC 2015, Nmap, TortoiseGit, Apple iCloud, Java Development Kit 8.0 Security Updates: Firefox (1), Skype (1), Opera (1), Adobe (3), SeaMonkey (1), Microsoft (5), Foxit Reader (1), Wireshark (1), Adobe PhotoShop CC 2015 (1), Thunderbird (1), Java Development Kit 8.0 (1), Apple iCloud (1), KeePass Pro (1), Non-Security Updates: Adobe (1), Dropbox (1), GoodSync (2), Microsoft (36), TortoiseHG (1), TeamViewer (1), Xmind (1), CoreFTP (1), IRFanView (1), LibreOffice (1), Nmap (2), TortoiseGit (1), GoToMeeting (2), Java Development Kit 8.0 (1), NitroPro (1), TeamViewer (1), CDBurnerXP (1), Malwarebytes (1) Security Tools: Software Distribution:
  • 16.
  • 17. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Editor's Notes

  1. NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
  2. https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/
  3. Windows 10 and Windows Server 2016 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Please note that effective December 13, 2016, Windows 10 and Windows Server 2016 details for the Cumulative Updates will be documented in Release Notes. Please refer to the Release Notes for OS Build numbers, Known Issues, and affected file list information. MS17-001 (CVE-2017-0002 for Edge) is publicly disclosed but not yet exploited. 12 of the 13 CVEs are for Flash ***** https://www.techpowerup.com/229501/windows-10-kb3213986-update-cripples-multi-monitor-gaming "Users may experience delayed or clipped screens while running 3D rendering apps (such as games) on systems with more than one monitor," the change-log for the KB3213986 update reads. "To work around this issue please consider the following options: 1. Running the application in Windows mode (not full screen), or 2. Starting the application with only one monitor connected," it adds.
  4. Shavlik Priority: Critical because of the Remote Code Execution impact (even though Microsoft has it listed as important) CVE-2017-0003 – Deals with a memory corruption issue in office Security Update for Microsoft Office (3214291) This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities Security Update for Adobe Flash Player (3214628) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  * See the slide for Adobe APSB17-02 for more details on the actual vulnerabilities
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. https://helpx.adobe.com/security/products/acrobat/apsb17-01.html CVE-2017-2962 – resolves a type confusion vulnerability that could lead to code execution CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961 These updates resolve use-after-free vulnerabilities that could lead to code execution. CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966 These updates resolve heap buffer overflow vulnerabilities that could lead to code execution. CVE-2017-2948, CVE-2017-2952 These updates resolve buffer overflow vulnerabilities that could lead to code execution. CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954, CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2967 These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2017-2947 This update resolves a security bypass vulnerability Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. Vulnerability Details These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937). These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).
  8. Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. The Security Only Update is marked as Patch Type Security. This update only includes one update and is not cumulative. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
  9. Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. The Security Quality Update is marked as Patch Type Non-Security. It includes both security and non-security updates. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
  10. Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. This bulletin is applicable to Windows Vista. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
  11. Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. Security Update for Microsoft Edge (3214288)  This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerability could elevate privileges in affected versions of Microsoft Edge. The update addresses the vulnerability by assigning a unique origin to top-level windows that navigate to Data URLs.
  12. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/