April, 2017: Patch Tuesday: Vista Support No More

Welcome to this April Patch Tuesday Bulletin. This month is very interesting for Microsoft. First it is the last time that updates will be available for Vista. Hopefully everyone has migrated from Vista but if you have not then now is the time. Second, it is the first month that we have not had the traditional Microsoft Security bulletin. We have mentioned the transition to the new Microsoft Security Update Guide in the past but this is the first month where patch info was exclusively delivered using this new guide. We apologize for the late deliver of our Patch Tuesday Bulletin but we are still adjusting to the new format. Due to the nature of the new cumulative updates we have also removed “Randy’s Recommendations” from the chart. These cumulative updates contain a rollup of patches which includes critical, important, exploited, and vulnerabilities with workarounds but with cumulative updates the decision has changed to patch or do not patch… and you know what our recommendation will be! Besides the changes to format we had a few vulnerabilities that are actively being attacked this month which includes a privilege escalation CVE-2017-0210 in Internet Explorer and remote execution vulnerability CVE-2017-0199 in Microsoft Office. Pay close attention to CVE-2017-0199 since it affects office and it is being actively used to attack end users and execute malicious code.

Compared to March Patch Tuesday, Apriol will be a light drizzle! Join Ivanti as they talk about April Patch Tuesday and Oracle’s Quarterly CPU on this month’s Ivanti Patch Tuesday Webinar:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

Patch data provided by:

 

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-0201

CVE-2017-0202

**CVE-2017-0210

*Workaround: No

**Exploited: Yes

Remote Code Execution

Elevation of Privilege

Edge

Microsoft Edge

Critical

CVE-2017-0093

CVE-2017-0200

CVE-2017-0203

CVE-2017-0205

CVE-2017-0208

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Windows

Windows 10

Windows 8.1

Windows RT 8.1

Windows 7

Windows Vista

Server 2008/2008 R2

Sever 2012/2012 R2

 

Critical

CVE-2013-6629,

CVE-2017-0058

CVE-2017-0155

CVE-2017-0156

CVE-2017-0158

CVE-2017-0159

CVE-2017-0162

CVE-2017-0163

CVE-2017-0164

CVE-2017-0165

CVE-2017-0166

CVE-2017-0167

CVE-2017-0168

CVE-2017-0169

CVE-2017-0178

CVE-2017-0179

CVE-2017-0180

CVE-2017-0181

CVE-2017-0182

CVE-2017-0183

CVE-2017-0184

CVE-2017-0185

CVE-2017-0186

CVE-2017-0188

CVE-2017-0189

CVE-2017-0191

CVE-2017-0192

**CVE-2017-0199

CVE-2017-0211

*Workaround: No

**Exploited: Yes

Remote Code Execution

Denial of Service

Elevation of Privilege

Information Disclosure

Microsoft Office and Microsoft Office Services and Web Apps

Office 2016, 2013, 2010

Excel 2010

OneNote 2010, 2007

Outlook 2016,  2013, 2010 2007

Office Web Apps Server 2013, 2010

 

Critical

CVE-2017-0106

CVE-2017-0194

CVE-2017-0195

CVE-2017-0197

**CVE-2017-0199

CVE-2017-0204

CVE-2017-0207

*Workaround: No

**Exploited: Yes

Remote Code Execution

Information Disclosure

Elevation of Privilege

Security Feature Bypass

Spoofing

.NET

.NET Framework

3.5.1, 3.5, 4.5.2, 4.6, 4.6.2, 2.0, 4.6,4.6.1, 4.7

Critical

CVE-2017-0160

*Workaround: No

**Exploited: No

Remote Code Execution

Adobe Flash

Flash Player 25.0.0.127

and earlier

Critical

2017-3447

*Workaround: No

**Exploited: No

Remote Code Execution

Silverlight

Silverlight 5 Microsoft

Important

CVE-2013-6629

*Workaround: No

**Exploited: No

Information Disclosure


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.