Tuesday, April 11, 2017

Microsoft Security Updates for April, 2017

Today marks a red letter day for Microsoft updates.  In addition to security updates, sparking the most attention is the official release of the Windows 10 Creators Update (see the Windows Experience Blog post, What’s new in the Windows 10 Creators Update).

Of lesser interest to many is the official "End of Life_ for Windows Vista.

Also of note is the security guidance, Defense-in-Depth Update for Microsoft Office:
"Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released.

Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871."

April Security Update Details:

The April Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

Microsoft has completed the change replacing security bulletins with the new Security Updates Guide.  The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates. For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Reminder:  Windows Vista Reaching End of Live (EoL)
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: