Microsoft Security Updates: September 2017

File Attachment: September-2017 Updates

Microsoft has released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.

Top priority for patching should go to CVE-2017-0161, an RCE vulnerability in NetBIOS that impacts both servers and workstations. For users of Microsoft’s DHCP server, priority should also be given to CVE-2017-8686, especially if using failover mode, due to another potential RCE.

Out of the 26 vulnerabilities that are both Critical and RCE, 22 of them impact Microsoft’s browsers. Many of these vulnerabilities involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.

Adobe has also released patches covering 5 critical vulnerabilities, 2 of which are for Flash. The other patches are for Adobe ColdFusion and RoboHelp.

Executive Summary
• Microsoft released security patches for all versions of Windows.
• Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.

Operating System Distribution
• Windows 7: 22 vulnerabilities of which 3 are rated critical, 19 important
• Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
• Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

Windows Server products:
• Windows Server 2008 R2: 23 vulnerabilities, of which 3 are rated critical, 20 important
• Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
• Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important

Other Microsoft Products
• Internet Explorer 11: 7 vulnerabilities, 5 critical, 2 important
• Microsoft Edge: 28 vulnerabilities, 19 critical, 7 important, 2 moderate

Microsoft Security Updates: September 2017

Categories

Labtech

Mac Agent Functionality Within ConnectWise Automate

ConnectWise RMM vs Automate: Should I be using CW RMM?

ConnectWise Automate on Linux – Best Practices

ConnectWise Automate Maintenance Mode Explained Best Practice

Uninstalling and Offboarding Automate Agents

How to Set Up Automate users to use ConnectWise SSO

Windows 10 Build Upgrades are Inevitable - Use Kaseya/ConnectWise Automate to Deploy

Best Practice Naming of Patching Groups

Automate 12 Patch 9 Now Available!

5 Tips for using the Report Center

Business Continuity

Proactive Maintenance

Kaseya

What Should I be Automating in Kaseya VSA 9.5?

Security Best Practices for Kaseya VSA

Kaseya VSA: Software Management vs. Patch Management

Software Management Enhancements

Two-Factor Authentication in Kaseya VSA

Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate

Kaseya Network Monitor: Benefits & Features

Kaseya Patch 9.5.0.22 and Future Updates

Kaseya's New State-of-the-Art Contemporary User Interface

Kaseya Product Release - April '19

Datto

Creating & Implementing a Disaster Recovery Plan

Disaster Recovery – Minimizing Impact of Downtime

Updating a Datto Device

Datto Agent Communication Errors

Datto

StorageCraft

Get in touch today for MSP Centralized Services