Microsoft & Non-Microsoft Patch Tuesday – May 2017

Microsoft Patch Tuesday

Microsoft Patch Tuesday released and has 56 CVE’s for the May 2017 which includes 15 CVEs rated “Critical”, 40 CVE’s rated “Important” and one rated “Moderate”. These updates affect software and services like Internet Explorer, Microsoft Edge Browser, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps,.NET Framework, Adobe Flash Player.

Summary :

  • No more Windows Vista patches.
  • Last few Windows 10 RTM release updates, Microsoft won’t be supported any more updates onwards.
  • Updates were released for all supported client and server versions of Windows.
  • Other Microsoft products with patches are Internet Explorer, Microsoft Edge, Microsoft Office, the Microsoft NET Framework, and Adobe Flash Player.

Microsoft also published Security Advisory 4010323 which says they will now deprecate SSL\TLS for IE11 and Edge Browser will no longer load sites with such certificates, you should upgrade from SHA-1 to SHA-2 to avoid warning messages and get the full-fledged use of it.

Microsoft Update: This change will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. Enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2 based certificates.

Security Update List

Cumulative Update for Windows 10 Version 1703 (KB4016871)
Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 (KB4019472)
Cumulative Update for Windows 10 Version 1511 (KB4019473)
Cumulative Update for Windows 10 (KB4019474)
Security Update for Windows Server 2008 (KB4018196)
Cumulative Security Update for Internet Explorer (KB4018271)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4018466)
Security Update for WES09 and POSReady 2009 (KB4018490)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4018556)
Security Update for Windows Server 2008 (KB4018821)
Security Update for Windows Server 2008 (KB4018885)
Security Update for Windows Server 2008 (KB4018927)
May 2017 Security Only Update for.NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard
7, Windows 7, and Windows Server 2008 R2 (KB4019108)
May 2017 Security Only Update for.NET Framework 2.0 on Windows Server 2008 (KB4019109)
May 2017 Security Only Update for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and
Windows Server 2012 (KB4019110)
May 2017 Security Only Update for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows
Server 2012 R2 (KB4019111)
May 2017 Security and Quality Rollup for.NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded
Standard 7, Windows 7, and Windows Server 2008 R2 (KB4019112)
May 2017 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded 8
Standard and Windows Server 2012 (KB4019113)
May 2017 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows
RT 8.1, and Windows Server 2012 R2 (KB4019114)
May 2017 Security and Quality Rollup for.NET Framework 2.0 on Windows Server 2008 (KB4019115)
Security Update for Windows Server 2008 (KB4019149)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4019204)
Security Update for WES09 and POSReady 2009 and Windows Server 2008 (KB4019206)
2017-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4019213)
2017-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4019214)
2017-05 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
(KB4019215)
2017-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4019216)
2017-05 Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
(KB4019263)
2017-05 Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
(KB4019264)
2017-05 Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server
2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB4020821)

Non-Security Update List:

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3173424)
Dynamic Update for Windows 10 Version 1703 (KB4020007)
Update for Windows 10 Version 1703 (KB4020008)
Update for Windows Server 2008 and Windows XP Embedded (KB4020535)
Windows Malicious Software Removal Tool – May 2017 (KB890830)

Adobe Patches:

Adobe has released small updates consist of 2 updates. The Critical Updates for flash fixes 7 CVEs (CVE-2017-3068, CVE-2017- 3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074 ) and being listed as priority 1 and under active attack. It is highly recommended to fix all the updates as soon as possible. The other update Security updates for Adobe Experience Manager(AEM) and not being reported as under an active attack so far.

Intel Patches:

Recent few updates have been released from processor giant. There are two ways this vulnerability may be accessed.

1) An unprivileged network attacker could gain system privileges to provisioned Intel manageability.
2) An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability.

Critical severity rating CVE-2017-5689 allow an elevation of privilege vulnerability in AMT portion of the chipset. AMT provides managed client systems through the web interface, AMT is enabled in the BIOS but not provisioned. Neither remotely nor locally can be connected and nor the traffic ports 16992-16995 will be listening. And if you have enabled or using AMT then your system might be in a state of vulnerable.

Once configured, Intel AMT is a network service awaiting an authenticated and authorized request”. Traffic on ports 16992-16995 are directly intercepted by Intel AMT within the chipset before being passed to the host operating system… once Intel AMT is in a configured and accessible state.

Why Must Intel AMT Be Configured, and What is Required?

For more details visit here

Download Excel sheet: Security Update – MAY-2017

Advertisements

One thought on “Microsoft & Non-Microsoft Patch Tuesday – May 2017

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s