IIS Worker Role (WSUS) Causing HIGH CPU Utilization 100%

Problem Statment: Client failed to Scan for updates and WSUS server CPU utilization (w3wp.exe) process explode to 99%/100%. Some Clients pass through, few have failed the root cause is Windows 10 Client getting a cumulative update, or example, KB4022723, KB4022715, KB4025339, etc. See here for the list of Windows 10 1607 updates.

Microsoft is aware of the known issue with KB4034658 and currently investigating to provide the hotfix.

Symptoms :

  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool.
  • WSUSPool worker process (w3wp.exe) high memory utilization.
  • Constant recycling of the W3wp.exe hosting the WsusPool
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs

Remediation :

1) Stop the WSUS service and go to IIS manager\application pools and then open the advanced settings on the WSUSPool.

2)Set CPU memory limits to 50% (You can move it up to 70\80 once your CPU usage has stopped hitting 100% for a couple days).

3) Private Memory Limit: Set to 10 GB, minimum of 8 GB recommended by Microsoft.
Set to 0 for unlimited, depends on your current environment.

4) Queue length is kept at 15000 but it depends on how many clients its supporting at your site, however increasing this can help.

5) Now if you are having connection errors when connecting to the WSUS console you need to get onto the SUS_DB.

6) Add Server memory and CPU’s for virtual environments. If you have hotplug enable for your VM’s you can do it directly else have change control to get it done.

7) Clean WSUS obsolete updates :
Run the store procedure “spGetObsoleteUpdatesToCleanup” to gather the amount of obsolete updates. If you haven’t cleaned by past 1 year you could have WSUS DB nearly to 1000+ updates.
Note: It’s highly recommended to clean WSUS on a timely basis, every year should be better in my opinion.

8) Now run the following script to delete them:

DECLARE @var1 INT
DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

DECLARE WC Cursor
FOR
SELECT Col1 FROM #results

OPEN WC
FETCH NEXT FROM WC
INTO @var1
WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = ‘Deleting ‘ + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
FETCH NEXT FROM WC INTO @var1 END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results

9) Run WSUS Server Cleanup Wizard to remove “Superseded and Expired Updates ” as well.

10) After Cleanup is finished , we need to re-index WSUS database , run below script

Download here . For more details how to Cleanup WSUS click here.

Microsoft is working to provide hotfix ASAP for this open issue, till then follow above steps to keep your WSUS environment healthy.

Microsoft & Non-Microsoft Patch Tuesday – Aug 2017 and MS Patch Known Issues

Microsoft Patch Tuesday

Microsoft Patch Tuesday has released 48 CVE’s for the August 2017 which included 25 CVE’s rated “Critical”, 21 CVE’s rated “Important” and 2 CVE’s rated “Moderate”. These updates affect software Microsoft Edge Browser, Hyper-V, Internet Explorer, Microsoft Scripting Engine, Remote Desktop Protocol, SQL Server and Adobe Flash player. We have come across few known issues with Patch Tuesday related to Windows 10 1703, Windows 10 1607 & Windows 8.1 will discuss below.

Microsoft has also released the patch for Adobe Flash player ADV170010.

Critical CVE’s

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-0250 Microsoft JET Database Engine Remote Code Execution Vulnerability

CVE-2017-8591 Windows IME Remote Code Execution Vulnerability

CVE-2017-8622 Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2017-8634 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8635 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8636 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8638 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8639 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8640 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8641 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8645 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8647 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8653 Microsoft Browser Memory Corruption Vulnerability

CVE-2017-8655 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8656 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8657 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8661 Microsoft Edge Memory Corruption Vulnerability

CVE-2017-8669 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8670 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8671 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8672 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8674 Scripting Engine Memory Corruption Vulnerability

Important CVE’s

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8633 Windows Error Reporting Elevation of Privilege Vulnerability

CVE-2017-0174 Windows NetBIOS Denial of Service Vulnerability

CVE-2017-8503 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8516 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

CVE-2017-8593 Win32k Elevation of Privilege Vulnerability

CVE-2017-8623 Windows Hyper-V Denial of Service Vulnerability

CVE-2017-8624 Windows CLFS Elevation of Privilege Vulnerability

CVE-2017-8625 Internet Explorer Security Feature Bypass Vulnerability

CVE-2017-8637 Scripting Engine Security Feature Bypass Vulnerability

CVE-2017-8642 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8644 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8652 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8654 Microsoft Office SharePoint XSS Vulnerability

CVE-2017-8659 Scripting Engine Information Disclosure Vulnerability

CVE-2017-8662 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8664 Windows Hyper-V Remote Code Execution Vulnerability

CVE-2017-8666 Win32k Information Disclosure Vulnerability

CVE-2017-8668 Volume Manager Extension Driver Information Disclosure Vulnerability

CVE-2017-8673 Windows Remote Desktop Protocol Denial of Service Vulnerability

CVE-2017-8691 Express Compressed Fonts Remote Code Execution Vulnerability

Moderate CVE’s

CVE-2017-8650 Microsoft Edge Security Feature Bypass Vulnerability

CVE-2017-8651 Internet Explorer Memory Corruption Vulnerability

Known Issues Patch Tuesday – Aug 2017 

1) 2017-08 Cumulative Update for Windows 10 Version 1703 (KB4034674)

Installing this KB (4034674) may change Czech and Arabic languages to English for Microsoft Edge and other applications. Microsoft is working on the resolution of this open issue.

2) 2017-08 Security Monthly Quality Rollup for Windows 8.1 (KB4034681)

NPS authentication may break, and wireless clients may fail to connect.

On the server, set the following DWORD registry key’s value to = 0: SYSTEM\CurrentControl Set\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck

3) 2017-08 Delta Update for Windows 10 Version 1607(KB4034658)

a) Update History” does not list previously installed updates – As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”

b) Updates that were previously hidden may be offered after installing this update. Updates that were previously hidden can be hidden again.

c) WSUS servers will exhibit increased CPU, memory, and network utilization when Windows Update clients perform their first scan after installing KB4034658.

Microsoft is investigating the issue and provide updates ASAP.

Reference link:

https://support.microsoft.com/en-hk/help/4034674/windows-10-update-kb4034674
https://support.microsoft.com/en-us/help/4034681/windows-8-1-windows-server-2012-r2-update-kb4034681
https://support.microsoft.com/en-us/help/4034658/windows-10-update-kb4034658

Adobe Patches:

Adobe released two critical rated update and security bulletins for Adobe Flash Player APSB17-23, Adobe Experience Manager APSB17-26, Adobe Digital Edition APSB17-27, Adobe Acrobat Reader APSB17-24.

The vulnerability impact Windows, Linux, Mac, and ChromeOS run flash version 26.0.x. APSB17-23 has been listed as priority 1 and under active attack, Adobe recommends users update their product installations to the latest versions using the instructions or solution referenced in the relevant bulletin. Affected Version for specific products and version info for each product.

Abode will be ending Flash support by 2020.

For more updates and known issues with MS Patch Tuesday – August 2017 please tune to my blog, feel free to update known issues in the comment section below 🙂

Download Excel sheet: Security Update – AUG – 2017

 

 

 

 

Non-Security Office Update – August 2017

Microsoft has released it’s Auguster 2017 non-security updates for office products. By past few months, Microsoft publishes non-security updates for Office by First Tuesday of every month and they continue to release security and other updates for all MS products by Second Tuesday of every month i.e. Patch Tuesday. We have found many bugs on June 2017 and few on July 2017 Patch Tuesday release. Let’s see how it goes for this month.

If anyone address issue with their Office update do let us know in the comments section. Stay tuned to this blog for all updates and if any issue will be addressed.

Office 2013

Update for Microsoft Excel 2013 (KB4011080)

Update for Microsoft Office 2013 (KB3172443)

Update for Microsoft Office 2013 (KB4011070)

Update for Microsoft Office 2013 (KB4011077)

Update for Microsoft Project 2013 (KB4011084)

Update for Microsoft SharePoint Server 2013 Client Components SDK (KB3213571)

Update for Microsoft Word 2013 (KB4011045)

Update for Skype for Business 2015 (KB4011046)

Office 2016

Update for Microsoft Office 2016 (KB3203472)

Update for Microsoft Office 2016 (KB3213650)

Update for Microsoft Office 2016 (KB4011037)

Update for Microsoft Office 2016 (KB4011051)

Update for Microsoft Office 2016 Language Interface Pack (KB3191930)

Update for Microsoft OneDrive for Business (KB3178707)

Update for Microsoft OneNote 2016 (KB4011030)

Update for Microsoft Project 2016 (KB4011034)

Update for Microsoft Publisher 2016 (KB3178696)

Update for Microsoft Visio 2016 (KB4011033)

Reference : August 2017 Non-Security Office Update Release

GoodBye Flash – Support End by 2020

FlashEndAdobe has finally declared they are going to kill flash by 2020. Adobe stated they will stop development, support or any improvement to Flash until then they will continue to support any security patches.

Adobe Flash has long faced criticism for its buggy behavior and vulnerable to hacking, but the other side of the coin it has also leveraged the internet a better back when I recall in the year 2005 where it helps to better user experience in graphics, online gaming, animation, online video and other application.

Adobe said they will collaborate with their technology partner for a smooth transition to prepare for death.

“Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft, and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.”

Adobe said in a statement they choose to end Flash because they believe open standards like HTML5, WebGL and WebAssembly have matured over the past several years.

In 2010, former Apple CEO Steve Jobs killed Flash Support, continuing with Flash highly compromises the risk to Apple devices and as well Flash security holes(bugs) are the primary reason for Mac machines crash. Google Chrome (63 or above version) likely to remove flash as default to load and run the web content. As per Google blog, it states HTML is faster, safer and efficient than Flash. In the past 3 years, there has been an 80 % decline of Chrome users visit sites and content over flash. Only 17% users use Flash and the decline continues further.

chrome

Most of the technology partner has come out with official stated they will align with Adobe to kill the Flash, we need to wait and watch how early and sooner. Are they killing support before 2020? Google and Mozilla, mostly expected to end the support for Flash by before or end of 2018. Where Microsoft says it will plan to end support for Microsoft Edge by mid or late 2019.

HTML5 standards will be implemented across all the browser and hopefully, this will improve security and battery life of devices (as flash assumed the culprit to consume more memory especially with Google Chrome and other browsers).

“Adobe will also remain at the forefront of leading the development of new web standards and actively participate in their advancement. This includes continuing to contribute to the HTML5 standard and participating in the WebAssembly Community Group. And we’ll continue to provide best in class animation and video tools such as Animate CC, the premier web animation tool for developing HTML5 content, and Premiere Pro CC.”

Microsoft Patch Tuesday – July 2017

Microsoft Patch Tuesday

Microsoft Patch Tuesday has released 54 CVE’s for July 2017 which includes 19 CVE’s rated “Critical”, 32 CVE’s rated “Important” and 3 CVE’s rated “Moderate” with an important fix for Windows NTLM. These updates impact products include Edge,.NET Framework, IE , Office, Exchange. Adobe’s got a new version of Adobe Flash Player that address three vulnerabilities.

Across all of these vulnerabilities, security updates for software and services include:

Adobe Flash Player
Microsoft Windows
Microsoft Scripting Engine
Microsoft Edge Browser
Internet Explorer
Microsoft Office
WordPad
Kerberos
HTTP.sys
.NET Framework
HoloLens

Microsoft Office CVE’s listed in July Patch and rated as “Important” including multiple remote code execution vulnerabilities. Windows Powershell and WordPad also expose to Remote Execution vulnerabilities. It is highly recommended to apply all the patches ASAP to avoid any vulnerability attack.

According to Qualys Guard latest blog post:

” Top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.

Aside from CVE-2017-8589, patching for workstations and multi-user systems should focus on CVE-2017-8463, which is a vulnerability in Windows Explorer, as well as multiple browser vulnerabilities in Internet Explorer and Edge. Exploitation of these vulnerabilities require user interaction, but can easily become targets for Exploit Kits. “

Critical CVEs

July Flash Security Update
ADV170009
Remote Code Execution

Windows Explorer Remote Code Execution Vulnerability
CVE-2017-8463
Remote Code Execution

HoloLens Remote Code Execution Vulnerability
CVE-2017-8584
Remote Code Execution

Windows Search Remote Code Execution Vulnerability
CVE-2017-8589
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
CVE-2017-8594
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2017-8595
Remote Code Execution

Microsoft Edge Memory Corruption Vulnerability
CVE-2017-8596
Remote Code Execution

Microsoft Edge Remote Code Execution Vulnerability
CVE-2017-8617
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2017-8598, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8609, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619
Remote Code Execution

Important CVEs

Microsoft Office Remote Code Execution Vulnerability
CVE-2017-0243
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
CVE-2017-8467
Elevation of Privilege

Win32k Information Disclosure Vulnerability
CVE-2017-8486
Information Disclosure

Kerberos SNAME Security Feature Bypass Vulnerability
CVE-2017-8495
Security Feature Bypass

Microsoft Office Memory Corruption Vulnerability
CVE-2017-8501, CVE-2017-8502
Remote Code Execution

Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2017-8556
Elevation of Privilege

Windows System Information Console Information Disclosure Vulnerability
CVE-2017-8557
Information Disclosure

Microsoft Exchange Cross-Site Scripting Vulnerability
CVE-2017-8559, CVE-2017-8560
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
CVE-2017-8561
Elevation of Privilege

Windows ALPC Elevation of Privilege Vulnerability
CVE-2017-8562
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2017-8563
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2017-8564
Information Disclosure

Windows PowerShell Remote Code Execution Vulnerability
CVE-2017-8565
Remote Code Execution

Windows IME Elevation of Privilege Vulnerability
CVE-2017-8566
Elevation of Privilege

SharePoint Server XSS Vulnerability
CVE-2017-8569
Elevation of Privilege

Office Remote Code Execution Vulnerability
CVE-2017-8570
Remote Code Execution

Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2017-8573, CVE-2017-8574
Elevation of Privilege

Win32k Elevation of Privilege Vulnerability
CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581
Elevation of Privilege

Https.sys Information Disclosure Vulnerability
CVE-2017-8582
Information Disclosure

.NET Denial of Service Vulnerability
CVE-2017-8585
Denial of Service

Windows Explorer Denial of Service Vulnerability
CVE-2017-8587
Denial of Service

WordPad Remote Code Execution Vulnerability
CVE-2017-8588
Remote Code Execution

Windows CLFS Elevation of Privilege Vulnerability
CVE-2017-8590
Elevation of Privilege

Microsoft Browser Security Feature Bypass
CVE-2017-8592
Security Feature Bypass

Microsoft Edge Security Feature Bypass Vulnerability
CVE-2017-8599
Security Feature Bypass

Microsoft Browser Spoofing Vulnerability
CVE-2017-8602
Spoofing

Moderate CVEs

Windows Performance Monitor Information Disclosure Vulnerability
CVE-2017-0170
Information Disclosure

Microsoft Edge Spoofing Vulnerability
CVE-2017-8611
Spoofing

Microsoft Exchange Open Redirect Vulnerability
CVE-2017-8621
Spoofing

For Complete List of software impacted by July 2017 Patch Tuesday, download the excel sheet:  Security Update – JULY-2017

Known Issues:  As we all are aware Microsoft Patch Tuesday – June 2017 has addressed many issues with respect to Internet Explorer and Office Outlook.

Currently, we have not addressed with major issues but we have one open issue with Internet Explorer for Windows 7 x32 OS Version, after installing KB4025252 the issue addressed was IE not able to start 😦

Reference:https://support.microsoft.com/en-us/help/4025252/cumulative-security-update-for-internet-explorer-july-11-2017

For more updates and known issues with MS Patch Tuesday – July 2017 please tune to my blog, feel free to update known issues in the comment section.

Thanks for reading 🙂

Microsoft & Non-Microsoft Patch Tuesday – May 2017

Microsoft Patch Tuesday

Microsoft Patch Tuesday released and has 56 CVE’s for the May 2017 which includes 15 CVEs rated “Critical”, 40 CVE’s rated “Important” and one rated “Moderate”. These updates affect software and services like Internet Explorer, Microsoft Edge Browser, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps,.NET Framework, Adobe Flash Player.

Summary :

  • No more Windows Vista patches.
  • Last few Windows 10 RTM release updates, Microsoft won’t be supported any more updates onwards.
  • Updates were released for all supported client and server versions of Windows.
  • Other Microsoft products with patches are Internet Explorer, Microsoft Edge, Microsoft Office, the Microsoft NET Framework, and Adobe Flash Player.

Microsoft also published Security Advisory 4010323 which says they will now deprecate SSL\TLS for IE11 and Edge Browser will no longer load sites with such certificates, you should upgrade from SHA-1 to SHA-2 to avoid warning messages and get the full-fledged use of it.

Microsoft Update: This change will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. Enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2 based certificates.

Security Update List

Cumulative Update for Windows 10 Version 1703 (KB4016871)
Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 (KB4019472)
Cumulative Update for Windows 10 Version 1511 (KB4019473)
Cumulative Update for Windows 10 (KB4019474)
Security Update for Windows Server 2008 (KB4018196)
Cumulative Security Update for Internet Explorer (KB4018271)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4018466)
Security Update for WES09 and POSReady 2009 (KB4018490)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4018556)
Security Update for Windows Server 2008 (KB4018821)
Security Update for Windows Server 2008 (KB4018885)
Security Update for Windows Server 2008 (KB4018927)
May 2017 Security Only Update for.NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard
7, Windows 7, and Windows Server 2008 R2 (KB4019108)
May 2017 Security Only Update for.NET Framework 2.0 on Windows Server 2008 (KB4019109)
May 2017 Security Only Update for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and
Windows Server 2012 (KB4019110)
May 2017 Security Only Update for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows
Server 2012 R2 (KB4019111)
May 2017 Security and Quality Rollup for.NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded
Standard 7, Windows 7, and Windows Server 2008 R2 (KB4019112)
May 2017 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded 8
Standard and Windows Server 2012 (KB4019113)
May 2017 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows
RT 8.1, and Windows Server 2012 R2 (KB4019114)
May 2017 Security and Quality Rollup for.NET Framework 2.0 on Windows Server 2008 (KB4019115)
Security Update for Windows Server 2008 (KB4019149)
Security Update for Windows Server 2008 and Windows XP Embedded (KB4019204)
Security Update for WES09 and POSReady 2009 and Windows Server 2008 (KB4019206)
2017-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4019213)
2017-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4019214)
2017-05 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
(KB4019215)
2017-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4019216)
2017-05 Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
(KB4019263)
2017-05 Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
(KB4019264)
2017-05 Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server
2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB4020821)

Non-Security Update List:

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3173424)
Dynamic Update for Windows 10 Version 1703 (KB4020007)
Update for Windows 10 Version 1703 (KB4020008)
Update for Windows Server 2008 and Windows XP Embedded (KB4020535)
Windows Malicious Software Removal Tool – May 2017 (KB890830)

Adobe Patches:

Adobe has released small updates consist of 2 updates. The Critical Updates for flash fixes 7 CVEs (CVE-2017-3068, CVE-2017- 3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074 ) and being listed as priority 1 and under active attack. It is highly recommended to fix all the updates as soon as possible. The other update Security updates for Adobe Experience Manager(AEM) and not being reported as under an active attack so far.

Intel Patches:

Recent few updates have been released from processor giant. There are two ways this vulnerability may be accessed.

1) An unprivileged network attacker could gain system privileges to provisioned Intel manageability.
2) An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability.

Critical severity rating CVE-2017-5689 allow an elevation of privilege vulnerability in AMT portion of the chipset. AMT provides managed client systems through the web interface, AMT is enabled in the BIOS but not provisioned. Neither remotely nor locally can be connected and nor the traffic ports 16992-16995 will be listening. And if you have enabled or using AMT then your system might be in a state of vulnerable.

Once configured, Intel AMT is a network service awaiting an authenticated and authorized request”. Traffic on ports 16992-16995 are directly intercepted by Intel AMT within the chipset before being passed to the host operating system… once Intel AMT is in a configured and accessible state.

Why Must Intel AMT Be Configured, and What is Required?

For more details visit here

Download Excel sheet: Security Update – MAY-2017

Intel Firmware Vulnerability

VulnerabilityIntel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review Intel Security Advisory INTEL-SA-00075 and updated mitigations and tools:

Users and administrators are encouraged to review Vulnerability Note VU#491375 and the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.

Note :  INTEL-SA-00075 Detection Guide , Detection Tool , Intel mitigation document 

References: 

https://www.us-cert.gov/ncas/current-activity/2017/05/07/Intel-Firmware-Vulnerability

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

https://www.kb.cert.org/vuls/id/491375