November brings a slightly mild sequence of updates from Microsoft. We see a go back to shape, with Microsoft liberating every other vital replace to Adobe Flash and a number of other vital patches to Microsoft Web Explorer (IE) and Edge. Workplace and Home windows platforms (desktop and server) have much less serious reported exposures and not using a reported vital updates for November. Sadly, there are already a couple of reported deployment problems with the Home windows updates, with the observe patch-related Wisdom Base (KB) problems reported through Microsoft:
- 4048958, 4048961 (Home windows eight.x and Server 2012) : Customers might see an error conversation that signifies that an utility exception has befell when final some packages. This will impact packages that use mshtml.dll to load internet content material.
- 4048957 , 4048960 (Home windows 7 SP1 and Server 2008 SP1) : Customers might see an error conversation that signifies that an utility exception has befell when final some packages. This will impact packages that use mshtml.dll to load internet content material. Web Explorer 11 customers who use SQL Server Reporting Services and products (SSRS) would possibly not have the ability to scroll via a drop-down menu the usage of the scroll bar.
This Patch Tuesday impacts the next platforms:
- Browsers (Microsoft IE and Edge)
- Microsoft Home windows
- Microsoft Workplace (Together with Internet Apps)
- Microsoft ASP.NET Core, .NET Core and Chakra Core
- Adobe Flash Participant
For this month’s replace to the Microsoft Home windows desktop and server platforms, Microsoft has addressed 15 vulnerabilities rated as vital or average – and not using a vital updates for this month. The possible safety situations vary from safety bypass to spoofing. Not like the prospective problems with Microsoft Edge, none of those vulnerabilities had been publicly disclosed or reported as exploited. You probably have upgraded to the most recent free up of Home windows 10 (1709) you’ll have the least publicity of all Home windows (desktop and server) platforms this month. If ever there used to be a robust trade want for holding present with Microsoft patches, this month is it. Upload your Home windows updates this month in your same old patch deployment agenda.
Microsoft has addressed 20 reported vulnerabilities in each browser platforms with 16 rated as vital. Oddly, we don’t see any vital updates for IE nine or IE 10. As a substitute, this month the focal point is IE 11 and Edge with two publicly reported vulnerabilities CVE-2017-11848 and CVE-2017-11827) that would result in faraway execution situations. If you’re operating older methods (Home windows 7 SP1), upload your browser patches in your same old replace agenda. If you’re operating IE 11 and Edge, this can be a “Patch Now” replace from Microsoft.
This month’s Microsoft Workplace replace features a unmarried safety advisory ADV170020 that addresses various “defence intensive” problems for all supported variations of Microsoft Workplace. This advisory isn’t in particular giant, however it does come with various information that experience led to problems with Microsoft Outlook previously. You’ll be able to in finding out extra in regards to the record (WWLIB.DLL) and the prospective replace problems right here. Along with this advisory. Microsoft has addressed seven reported vulnerabilities rated as vital. Given those issues and average exploit vulnerabilities, upload this replace in your same old Workplace deployment agenda.
Microsoft ASP.NET Core, .NET Core and Chakra Core
Adobe Flash Participant
Microsoft has posted a safety advisory (ADV170019) for Adobe Flash Participant (APSB17-33) that makes an attempt to unravel 5 vital memory-related safety vulnerabilities. This replace impacts all variations of Home windows desktops (together with the most recent Home windows 10 1709 free up) and each Microsoft browsers (IE and Edge). It is a precedence 2 replace from Adobe and this can be a “Patch Now” replace for all Microsoft desktop platforms. The only caveat for this Flash Participant replace, is that in case you set up a language pack, you should re-install this patch. You’ll be able to learn extra about this factor right here.
This text is revealed as a part of the IDG Contributor Community. Wish to Sign up for?