Microsoft Security Updates: October 2017

Microsoft Patch notes

File Attachment: October-2017 Updates

Microsoft has released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.

Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” and is actively being exploited in the wild.

Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.

Also of note are two vulnerabilities in the Windows font library, CVE-2017-11762 and CVE-2017-11763, that can be exploited through a browser or malicious file, as well as a vulnerability in DNSAPI, CVE-2017-11779, that could allow a malicious DNS server to execute code on a client system.

A vulnerability in certain TPM chips is addressed by ADV170012. This vulnerability is in the TPM chip itself, and not in Windows, but could result in weak cryptographic keys. These keys are used for BitLocker, Biometric auth, and other areas of Windows. The updates provide a workaround for the weak keys leveraging additional logging and an option to use software-derived keys. Full remediation requires a firmware update from the device manufacturer.

As with several recent Patch Tuesdays, the majority of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.

Adobe has not released any security patches for this Patch Tuesday.

Executive Summary
• Windows 10 version 1511, the November Update, won’t receive security updates anymore. Refer to link for details: https://support.microsoft.com/en-us/help/4035050/windows-10-version-1511-will-no-longer-receive-security-updates
• Microsoft released security patches for all versions of Windows.
• Security updates were also released for Internet Explorer, Microsoft Edge, Skype for Business and Lync, and Microsoft Office.

Operating System Distribution
Windows 7: 20 vulnerabilities of which 5 are rated critical, 15 important
Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 17 important
Windows 10 version 1607: 29 vulnerabilities, 6 critical, 23 important
Windows 10 version 1703: 29 vulnerabilities of which 6 are rated critical, 23 important

Windows Server products:
Windows Server 2008 R2: 18 vulnerabilities, of which 3 are rated critical, 15 important
Windows Server 2012 and 2012 R2: 23 vulnerabilities, of which 6 are rated critical, and 17 important
Windows Server 2016: 29 vulnerabilities of which 6 are rated critical, 23 important

Other Microsoft Products
Internet Explorer 11: 5 vulnerabilities, 4 critical, 1 important
Microsoft Edge: 16 vulnerabilities, 14 critical, 2 important

 

Direct Update Downloads

Windows 7 SP1 and Windows Server 2008 R2 SP
KB4041681— 2017-10 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
KB4041678 — 2017-10 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2
KB4041693 — 2017-10 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
KB4041687 — 2017-10 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10 (version 1511)
KB4041689 — Windows 10 Version 1511 — End of Support after this update.

Windows 10 and Windows Server 2016 (version 1607)
KB4041691— 2017-10 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 and Windows Server 2016 (version 1703)
KB4041676 — 2017-10 Cumulative Update for Windows 10 Version 1703

ProVal Technologies, Inc

ProVal Technologies, Inc

Categories

Get in touch today for MSP NOC Services!
Contact Us

ProVal Technologies, Inc

498 Palm Springs Drive, Ste. 130
Altamonte Springs, FL 32701
United States
Phone: 407-588-0101

Facebook Twitter Instagram Linkedin Youtube
SOC 2 Certified Logo
Form CTA

©2023 ProVal Technologies, Inc All Rights Reserved.

Privacy Policy Disclaimer

Microsoft Security Updates: October 2017

Microsoft Patch notes

I truly view ProVal as a partner and extension of my team, not as one of my vendors

When our NOC Manager left last fall we wanted to replace the position with an outsourced NOC to reduce headcount, and bring in an expert to both Labtech and our backup solutions. Bringing in ProVal Technologies was one of the best decisions we made last year and has paid for itself.During our first few monthly recurring Labtech admin meetings the ProVal team discovered incorrect settings and policies that were not applying correctly in our Labtech server. Things that we thought were automated and working were not. For example, there were multiple scripts and policies running but set to do nothing such as disk cleanup scripts. Cisco Umbrella was not configured correctly. Server alerting was not set right and the list went on.The backup team sends daily and weekly reports and updates that reduce my technicians time that we used to spend on backup or antivirus tickets that took forever and were tedious.ProVal also brings in great insights to our business and really cares about our success. They will frequently mention to me in meetings what new scripts they can import to make us more efficient or will schedule upgrades to our backups, Labtech, etc so I don’t have to worry. I truly view ProVal as a partner and extension of my team not as one of my vendors.

Chris-Warnick-Headshot
Chris Warnick
Vision Computer Solutions
Northville, MI

They will quickly become an extension of your team and your ROI will reflect the results

We have been a long time user of Labtech and had tried for many years to manage the product internally with no real success at the level we needed to make our solutions more efficient for our customers. Once we hired Vikram and his team at ProVal, it solved all our pain points with the product and we really felt like we were leveraging the tool as it was designed. If this sounds like you and it’s keeping you up at night, then you need these guys. They will quickly become an extension of your team and your ROI will reflect the results.

Bryan-Wolff-Headshot
Bryan Wolff
CEO, Wolff Logics LT Managed & Admin Services
Cedar Park, Texas

They work well, fast and on budget

We met Vikram from ProVal Tech at Gary Pica’s Shnizzfest a year ago. Vikram explained the advantage of having trained, certified personnel take care of our recent Automate implementation. Even though we had taken an implementation package from ConnectWise to start up the program, we felt many custom configurations we needed for our business were lacking. We hired ProVal Tech after Automate was installed to help us with this task. From sales to technicians everyone was professional and knowledgeable. Onboarding was simple, and well documented. Tools on the web were supplied while we did the work, and they allowed us to track what was done, and see the improvements in the environment. It was easy to reach any of the team members, for any concern or question – all answered with courtesy and smile. Once the work was finished, we were given some training and explanations, add to that documentation, about the work and the scripts and features added to the program. We have been happily working with Automate since then. We can only recommend this efficient team of people for any work into Automate: they work well, fast and on budget.

Ben-Prevost-Headshot
Ben Prevost
FarWeb IT
Sherbrooke, Canada