Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today

Published: 2017-02-21
Last Updated: 2017-02-21 23:55:22 UTC
by Rob VandenBrink (Version: 2)
1 comment(s)

Microsoft released the patch for MS017-005 today, to patch a remote code execution vulnerability in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.  The MS Bulletin is posted here: https://technet.microsoft.com/en-us/library/security/MS17-005, but is not yet posted on the main feed (https://technet.microsoft.com/en-us/security/bulletins.aspx)

The matching Adobe technote is APSB17-04, found here: https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

This is a remote code execution issue, so it's a definite "PATCH NOW" issue.

** Update: the Microsoft feed has caught up now with the patch release, https://technet.microsoft.com/en-us/security/bulletins.aspx is now correct.

===============
Rob VandenBrink
Compugen

Keywords:
1 comment(s)

Comments

The Windows Software Malicious Removal Tool for February 2017 was just released as well. I have been doing well with my Windows 7 Network(s) by not having to rely on updates for Adobe Flash Player and was able to update Adobe Flash Player manually when it was released on February 14, 2017. The SMB 3.x vulnerability will not be patched for Windows 8.x and Windows 10.x until March 14, 2017. Windows 7 users are okay as far as this concern because the operating system does not include this extra layer of software because it only goes up to SMB 2.x. The server equivalents of Windows are affected as well being Server 2012 R2 and Server 2016. https://www.kb.cert.org/vuls/id/867968

Diary Archives