April 2017 – Microsoft Patch Tuesday

12 April 2017
Comments Comments Off on April 2017 – Microsoft Patch Tuesday
12 April 2017, Comments Comments Off on April 2017 – Microsoft Patch Tuesday

This month brings us, by my manual count, fixes for fifteen critical vulnerabilities, all of which are remote code execution issues. We also get a number of fixes for important and moderate vulnerabilities, which include information disclosure, denial of service, security bypass and elevation of privilege issues.

Windows 7 SP1 and Server 2008 R2 security update roll-up (KB 4015546). This update addresses multiple vulnerabilities in many different Windows components, including scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol.

Windows 8.1 and Server 2012 R2 security update roll-up (KB 4015550). This update addresses multiple vulnerabilities in many different Windows components, including Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, and the Windows Graphics component.

Windows 10 v1703 security update (KB 4015583). This update addresses multiple vulnerabilities in many different Windows components, including scripting engine, libjpeg image-processing library, Hyper-V, Windows kernel-mode drivers, Adobe Type Manager Font Driver, Internet Explorer, Graphics Component, Active Directory Federation Services, .NET Framework, Lightweight Directory Access Protocol, Microsoft Edge and Windows OLE.

Cumulative update for Internet Explorer (KB 4014661). This update for IE addresses multiple vulnerabilities in the web browser, running on Windows 10, and Server 2016, including the server core installation. The most severe of these are memory corruption issues that could result in remote code execution, thus the update is rated critical.

Security updates for Microsoft Edge. There are a number of updates issued this month to fix security issues in Microsoft Edge running on Windows 10. Both important and critical vulnerabilities are addressed. The most severe of these are memory corruption issues that could result in remote code execution, thus the update is rated critical.

Security updates for Microsoft .NET Framework. These updates address a remote code execution vulnerability that exists when Microsoft .NET Framework fails to properly validate input before loading libraries, in .NET Framework versions 2.0 SP2 through 4.7 running on all currently supported versions of the Windows client and server operating systems. It is rated critical for all.

2017-2605. This is an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released. It applies to Office 2010, 2013, 2013 RT, and 2016.

2017-3447. This is an update for Adobe Flash that addresses seven vulnerabilities in the Flash Player software, the most serious of which could result in remote code execution. It applies to Windows 10, 8.1 and RT 8.1, and Server 2016.

What next?

To discuss your patch management and system security, please call us today on 01793 295000 to speak to an expert member of our team.

Comments are closed.

Bitnami