Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today

Microsoft released the patch for MS017-005 today, to patch a remote code execution vulnerability in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  The MS Bulletin is posted here: https://technet.microsoft.com/en-us/library/security/MS17-005, but is not yet posted on the main feed (https://technet.microsoft.com/en-us/security/bulletins.aspx)

The matching Adobe technote is APSB17-04, found here: https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

This is a remote code execution issue, so it's a definite "PATCH NOW" issue.

** Update: the Microsoft feed has caught up now with the patch release, https://technet.microsoft.com/en-us/security/bulletins.aspx is now correct.

===============
Rob VandenBrink
Compugen

Rob VandenBrink

443 Posts
ISC Handler
The Windows Software Malicious Removal Tool for February 2017 was just released as well. I have been doing well with my Windows 7 Network(s) by not having to rely on updates for Adobe Flash Player and was able to update Adobe Flash Player manually when it was released on February 14, 2017. The SMB 3.x vulnerability will not be patched for Windows 8.x and Windows 10.x until March 14, 2017. Windows 7 users are okay as far as this concern because the operating system does not include this extra layer of software because it only goes up to SMB 2.x. The server equivalents of Windows are affected as well being Server 2012 R2 and Server 2016. https://www.kb.cert.org/vuls/id/867968
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!