Category Archives: patch tuesday

Windows Updates April 2017

The second Tuesday for April 2017 has arrived, meaning it’s ‘Patch Tuesday’ and time to install this months Windows Updates.

This months patch Tuesday also marks the release of ‘Creators Update’ for Windows 10. It is the third major update to Windows 10 since its release in July 2015.

It also marks the end of support for Windows Vista. Those still running Vista should consider an upgrade to a modern and secure operating system as soon as possible.

This months patches vulnerabilities in a range of Microsoft Products including: Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, Visual Studio, .NET Framework, Silverlight, and also includes updates for Adobe Flash Player.

Updates should install automatically, but I recommend manually checking to ensure you stay secure. Steps to check for Windows Updates can be found below.

Installing Updates

  1. On your keyboard, hold the windows key and press R. This will display the run dialog box.
  2. Type in “control update” and press enter
    windows-updates-march-2017
  3. Click “Check for Updates”. This may take some time as Windows Update searches for the latest patches.
  4. Click on Install Updates, update will install, after which Windows will need to restart.

Windows Updates March 2017

This month’s Patch Tuesday is a “double whammy”. It includes patches that where skipped in February, as well as newly released patches for March 2017.

Microsoft had skipped February’s Patch Tuesday because of a hiccup with one of the updates. The new update model pushes all updates out as a single update, meaning that instead of being able to skip the bad update, all had to be skipped. Rather than releasing the updates later in the month, Microsoft kept the updates back while they worked on a solution.

Updates cover a range of Microsoft Products, including Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Windows, Adobe Flash Player, and other critical Windows Components.

Of these updates, 8 are marked Critical and can lead to remote code execution. The remaining 9 updates are marked important, and can lead to elevation of privilege and information disclosure.

The vulnerabilities in Internet Explorer and Edge can both be exploited by an attacker who can trick a user into visiting a specially crafted website. There are known exploits for the vulnerability in Internet Explorer so this is especially important to patch.

The vulnerability in Microsoft Graphics Component, which is used by Windows, Office, Skype, and Silverlight, also has a known exploit, and can be exploited by an attacker who can trick a user into visiting a specially crafted website, or by opening a specially crafted document.

Flash Player update is marked as Critical. I recommend uninstalling flash and disabling it in your web browser. Most users will find they do not require flash on their machines. Even if Flash is disabled, the patch will need to be installed.

User of Windows Vista should really be planning an upgrade to a newer operating system sooner rather than later. After this month’s patches, Windows Vista users will only get one more lot of updates before end of support kicks in. This will leave those users running an operating system with un-patched vulnerabilities.

Running the latest software is an important factor in keeping your PC secure.


Installing Updates

  1. On your keyboard, hold the windows key and press R. This will display the run dialog box.
  2. Type in “control update” and press enter
    windows-updates-march-2017
  3. Click “Check for Updates”. This may take some time as Windows Update searches for the latest patches.
  4. Click on Install Updates, update will install, after which Windows will need to restart.

More information regarding patches can be found on the Microsoft Security Bulletin Website.

 

Flash Player Update February 2017

As mentioned previously, Microsoft has delayed February’s ‘Patch Tuesday’ and will release those updates as part of March’s monthly patch cycle.

I found it unusual that updates for Flash Player – which are usually included in the monthly patch cycle – were not released. Especially so that Flash Player version 24.0.0.221, released on 14th of February, patched 13 security vulnerabilities.

Occasionally Microsoft will have two Patch Tuesday’s in a month. This is not common practice, but if updates of importance need releasing before the next patch cycle, Microsoft will release them on the fourth Tuesday of the month (or the Wednesday following the fourth Tuesday for us Aussies).

Microsoft include Flash Player as a part of Internet Explorer and Microsoft Edge and manage the updates to ensure users are running the latest version. Most users will find that they do not require flash player on their devices. I have written a post previously on how to remove or disable flash player. 

If you require Flash Player, ensure you are running the latest version, if not, Install the latest version from the Adobe website or via Windows Updates.