Patch Tuesday Analysis - January 2017
Download as PPTX, PDF1 like549 views
This document summarizes an upcoming webinar about the January 2017 Patch Tuesday updates. The webinar will provide an overview of the January Patch Tuesday bulletins, known issues, best practices for deploying updates, and industry news. The summary also outlines several critical updates released by Microsoft to address remote code execution vulnerabilities in Windows, Office, Edge, and Adobe Flash Player. Additional updates are mentioned for Adobe Acrobat and Reader.
Patch Tuesday Analysis - January 2017
- 1. Patch Tuesday Webinar Wednesday, January 11th, 2017• Sara Otremba • Ryan Worlton Dial In: 1-855-749-4750 (US) Attendees: 929 872 712
- 2. Agenda January 2017 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
- 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
- 5. Industry News What is our name? Sorry but you will have to wait a bit longer. The name will be revealed shortly. LANDESK and HEAT are joining forces! . Remember this is the last Patch Tuesday that Microsoft will be using Security Bulletins. After January 10th, Microsoft will switch to using the Security Updates Guide. For more info, see the FAQ here https://technet.microsoft.com/en-us/security/mt791750 Blog Post from Microsoft: https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/ Don’t worry, 2017 will not be boring. We have a new president about to be sworn in and a “new friendly” relationship with Russia! We have already invested in our architecture allowing us to deliver common content across multiple products. This allows us to gain efficiencies and increase innovation in the endpoint security space. http://www.landesk.com/company/press-releases/2017/landesk-heat-software-clearlake-capital/
- 6. CSWU-045: Cumulative update for Windows 10: January, 2017 Maximum Severity: Critical Affected Products: Windows 10, Edge Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-001, MS17-003 Impact: Remote Code Execution, Elevation of Privilege, Fixes 13 vulnerabilities: CVE-2017-0002, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017- 2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937 Restart Required: Requires Restart
- 7. MS17-002: Security Update for Microsoft Office (3214291) Maximum Severity: Critical Affected Products: Office, Office Services and Office WebApps Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 1 vulnerability: CVE-2017-0003 Restart Required: May Require Restart
- 8. MS17-003: Security Update for Adobe Flash Player (3214628) Maximum Severity: Critical Affected Products: Windows, Adobe Flash Player Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. Impact: Remote Code Execution Fixes 12 vulnerabilities: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE- 2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017- 2936, CVE-2017-2937 Restart Required: Requires Restart
- 9. APSB17-01: Security Updates for Adobe Acrobat and Reader Maximum Severity: Critical Affected Products: Adobe Acrobat and Reader (Windows and Mac) Description: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues. Impact: Remote Code Execution Fixes 29 vulnerabilities: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017- 2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017- 2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017- 2966, CVE-2017-2967 • Restart Required: Requires Restart
- 10. APSB17-02: Adobe Flash Player Maximum Severity: Critical Affected Products: Adobe Flash Player (Windows, Macintosh, Linux and Chrome OS) Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Impact: Remote Code Execution Fixes 13 vulnerabilities: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017- 2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938 Restart Required: Requires Restart
- 11. SB17-001: January, 2017 Security Only Update (3216771) Maximum Severity: Important Affected Products: Windows Description: This update is the Security Only Quality Update for Windows 7: MS17-004 Impact: Denial of Service Fixes 1 vulnerability: CVE-2017-0004 Restart Required: Requires Restart
- 12. CR17-001: January, 2017 Security Monthly Quality Update (3216771) Maximum Severity: Important Affected Products: Windows Description: This update is the Security Only Quality Update for Windows 7: MS17-004 Impact: Denial of Service, Fixes 1 vulnerability: CVE-2017-0004 Restart Required: Requires Restart
- 13. MS17-004: Security Update for Local Security Authority Subsystem Service (3216771) Maximum Severity: Important Affected Products: Windows Vista Description: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. MS17-004 addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests Impact: Denial of Service, Fixes 1 vulnerability: CVE-2017-0004 Restart Required: Requires Restart
- 14. MS17-001: Security Update for Microsoft Edge (3214288) Maximum Severity: Important Affected Products: Edge Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. Impact: Elevation of Privilege Fixes 1 vulnerability: CVE-2017-0002(Publicly Disclosed) Restart Required: Requires Restart
- 15. Between Patch Tuesdays New Product Support: TortoiseHG, Adobe PhotoShop CC 2015, Nmap, TortoiseGit, Apple iCloud, Java Development Kit 8.0 Security Updates: Firefox (1), Skype (1), Opera (1), Adobe (3), SeaMonkey (1), Microsoft (5), Foxit Reader (1), Wireshark (1), Adobe PhotoShop CC 2015 (1), Thunderbird (1), Java Development Kit 8.0 (1), Apple iCloud (1), KeePass Pro (1), Non-Security Updates: Adobe (1), Dropbox (1), GoodSync (2), Microsoft (36), TortoiseHG (1), TeamViewer (1), Xmind (1), CoreFTP (1), IRFanView (1), LibreOffice (1), Nmap (2), TortoiseGit (1), GoToMeeting (2), Java Development Kit 8.0 (1), NitroPro (1), TeamViewer (1), CDBurnerXP (1), Malwarebytes (1) Security Tools: Software Distribution:
- 17. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
- 18. Thank you
Editor's Notes
- #6: NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
- #10: https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/
- #11: Windows 10 and Windows Server 2016 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Please note that effective December 13, 2016, Windows 10 and Windows Server 2016 details for the Cumulative Updates will be documented in Release Notes. Please refer to the Release Notes for OS Build numbers, Known Issues, and affected file list information. MS17-001 (CVE-2017-0002 for Edge) is publicly disclosed but not yet exploited. 12 of the 13 CVEs are for Flash ***** https://www.techpowerup.com/229501/windows-10-kb3213986-update-cripples-multi-monitor-gaming "Users may experience delayed or clipped screens while running 3D rendering apps (such as games) on systems with more than one monitor," the change-log for the KB3213986 update reads. "To work around this issue please consider the following options: 1. Running the application in Windows mode (not full screen), or 2. Starting the application with only one monitor connected," it adds.
- #12: Shavlik Priority: Critical because of the Remote Code Execution impact (even though Microsoft has it listed as important) CVE-2017-0003 – Deals with a memory corruption issue in office Security Update for Microsoft Office (3214291) This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- #13: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities Security Update for Adobe Flash Player (3214628) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. * See the slide for Adobe APSB17-02 for more details on the actual vulnerabilities
- #14: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. https://helpx.adobe.com/security/products/acrobat/apsb17-01.html CVE-2017-2962 – resolves a type confusion vulnerability that could lead to code execution CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961 These updates resolve use-after-free vulnerabilities that could lead to code execution. CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966 These updates resolve heap buffer overflow vulnerabilities that could lead to code execution. CVE-2017-2948, CVE-2017-2952 These updates resolve buffer overflow vulnerabilities that could lead to code execution. CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954, CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2967 These updates resolve memory corruption vulnerabilities that could lead to code execution CVE-2017-2947 This update resolves a security bypass vulnerability Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
- #15: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. Vulnerability Details These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937). These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).
- #16: Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. The Security Only Update is marked as Patch Type Security. This update only includes one update and is not cumulative. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
- #17: Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. The Security Quality Update is marked as Patch Type Non-Security. It includes both security and non-security updates. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
- #18: Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. This bulletin is applicable to Windows Vista. CVE-2017-0004 (Publicly Disclosed) but not yet exploited Security Update for Local Security Authority Subsystem Service (3216771) A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests
- #19: Shavlik Priority: Shavlik rates this bulletin as Important. However since this is publicly disclosed, it is still recommended that the this patch be applied sooner than later. Security Update for Microsoft Edge (3214288) This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerability could elevate privileges in affected versions of Microsoft Edge. The update addresses the vulnerability by assigning a unique origin to top-level windows that navigate to Data URLs.
- #22: Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/