This month’s Patch Tuesday is a “double whammy”. It includes patches that where skipped in February, as well as newly released patches for March 2017.
Microsoft had skipped February’s Patch Tuesday because of a hiccup with one of the updates. The new update model pushes all updates out as a single update, meaning that instead of being able to skip the bad update, all had to be skipped. Rather than releasing the updates later in the month, Microsoft kept the updates back while they worked on a solution.
Updates cover a range of Microsoft Products, including Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Windows, Adobe Flash Player, and other critical Windows Components.
Of these updates, 8 are marked Critical and can lead to remote code execution. The remaining 9 updates are marked important, and can lead to elevation of privilege and information disclosure.
The vulnerabilities in Internet Explorer and Edge can both be exploited by an attacker who can trick a user into visiting a specially crafted website. There are known exploits for the vulnerability in Internet Explorer so this is especially important to patch.
The vulnerability in Microsoft Graphics Component, which is used by Windows, Office, Skype, and Silverlight, also has a known exploit, and can be exploited by an attacker who can trick a user into visiting a specially crafted website, or by opening a specially crafted document.
Flash Player update is marked as Critical. I recommend uninstalling flash and disabling it in your web browser. Most users will find they do not require flash on their machines. Even if Flash is disabled, the patch will need to be installed.
User of Windows Vista should really be planning an upgrade to a newer operating system sooner rather than later. After this month’s patches, Windows Vista users will only get one more lot of updates before end of support kicks in. This will leave those users running an operating system with un-patched vulnerabilities.
Running the latest software is an important factor in keeping your PC secure.
Installing Updates
- On your keyboard, hold the windows key and press R. This will display the run dialog box.
- Type in “control update” and press enter
- Click “Check for Updates”. This may take some time as Windows Update searches for the latest patches.
- Click on Install Updates, update will install, after which Windows will need to restart.
More information regarding patches can be found on the Microsoft Security Bulletin Website.