Patch Analysis for January 2017

Welcome to this New Year Patch Tuesday Bulletin. This first month is very light on bulletins with only 4 and only 2 of those bulletins are critical. This is also the first month in a very long time that did not include numerous vulnerabilities for Internet Explorer. Start off with MS17-002 and MS17-003 to remediate critical vulnerabilities for Adobe and Office. There are no known attacks against vulnerabilities in these software distributions but these are popular targets. Follow up with MS17-001 for Edge and MS17-004 to remediate a DoS vulnerability for LSASS.

You can't remediate the most vulnerable point on your network; your users, but you can patch the vulnerabilities commonly used to exploit them to gain a foothold in your environment. Join us for our Patch Tuesday Webinar, where we provide you with our expert led Patch Tuesday Analysis.

  • Prioritize updates from Microsoft and 3rd Party vendors
  • Identify vulnerabilities targeting users
  • Manage your virtual infrastructure with VMworld 2016 Security Gold Award winning Shavlik Protect
  • Flexible architecture to manage servers agentless and endpoints with Agents and Cloud Agents

Click here to get started with Shavlik Protect

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS17-001

3214288
Privilege elevation

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoImportant Edge
Requires restartUpdate after testing
MS17-002

3214291
Arbitrary code

/ Microsoft Office, Services, and Web Apps
Workstations
Terminal Servers
Sharepoint Servers
No/NoNoCritical SharePoint Server 2016
Microsoft Word 2016
May require restartUpdate immediately
MS17-003

3214628
Arbitrary code

/ Adobe Flash Player
Workstations
Terminal Servers
Servers
No/NoYesCritical Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate immediately
MS17-004

3216771
Denial of service

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Requires restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources