Patch Tuesday WebinarWednesday, January 11th, 2017• Sara Otremba

• Ryan WorltonDial In: 1-855-749-4750 (US)

Attendees: 929 872 712

Agenda

January 2017 Patch Tuesday Overview

Known Issues

Bulletins

Q & A

1

2

3

4

Best Practices

Privilege Management Mitigates Impact of many exploits

High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.

User Targeted – Whitelisting and Containerization mitigate

Industry News

What is our name? Sorry but you will have to wait a bit longer. The name will be revealed shortly.

LANDESK and HEAT are joining forces! .

Remember this is the last Patch Tuesday that Microsoft will be using Security Bulletins. After January 10th, Microsoft will switch to using the Security Updates Guide. For more info, see the FAQ here https://technet.microsoft.com/en-us/security/mt791750Blog Post from Microsoft: https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/

Don’t worry, 2017 will not be boring. We have a new president about to be sworn in and a “new friendly” relationship with Russia!

We have already invested in our architecture allowing us to deliver common content across multiple products. This allows us to gain efficiencies and increase innovation in the endpoint security space.http://www.landesk.com/company/press-releases/2017/landesk-heat-software-clearlake-capital/

CSWU-045: Cumulative update for Windows 10: January, 2017

Maximum Severity: Critical Affected Products: Windows 10, Edge Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS17-001, MS17-003Impact: Remote Code Execution, Elevation of Privilege, Fixes 13 vulnerabilities:

CVE-2017-0002, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937

Restart Required: Requires Restart

MS17-002: Security Update for Microsoft Office (3214291) 

Maximum Severity: CriticalAffected Products: Office, Office Services and Office WebAppsDescription: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.Impact: Remote Code ExecutionFixes 1 vulnerability:

CVE-2017-0003Restart Required: May Require Restart

MS17-003: Security Update for Adobe Flash Player (3214628)

Maximum Severity: CriticalAffected Products: Windows, Adobe Flash PlayerDescription: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.Impact: Remote Code ExecutionFixes 12 vulnerabilities:

CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937

Restart Required: Requires Restart

APSB17-01: Security Updates for Adobe Acrobat and Reader

Maximum Severity: CriticalAffected Products: Adobe Acrobat and Reader (Windows and Mac)Description: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues.Impact: Remote Code ExecutionFixes 29 vulnerabilities:

CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967

Restart Required: Requires Restart

APSB17-02: Adobe Flash Player

Maximum Severity: CriticalAffected Products: Adobe Flash Player (Windows, Macintosh, Linux and Chrome OS)Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.Impact: Remote Code ExecutionFixes 13 vulnerabilities:

CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938

Restart Required: Requires Restart

SB17-001: January, 2017 Security Only Update (3216771)Maximum Severity: Important Affected Products: WindowsDescription: This update is the Security Only Quality Update for Windows 7: MS17-004Impact: Denial of Service Fixes 1 vulnerability:

CVE-2017-0004Restart Required: Requires Restart

CR17-001: January, 2017 Security Monthly Quality Update (3216771)Maximum Severity: Important Affected Products: WindowsDescription: This update is the Security Only Quality Update for Windows 7: MS17-004Impact: Denial of Service, Fixes 1 vulnerability:

CVE-2017-0004Restart Required: Requires Restart

MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)

Maximum Severity: Important Affected Products: Windows VistaDescription: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. MS17-004 addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requestsImpact: Denial of Service, Fixes 1 vulnerability:

CVE-2017-0004Restart Required: Requires Restart

MS17-001: Security Update for Microsoft Edge (3214288)  

Maximum Severity: Important Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.Impact: Elevation of PrivilegeFixes 1 vulnerability:

CVE-2017-0002(Publicly Disclosed)Restart Required: Requires Restart

Between Patch Tuesdays New Product Support: TortoiseHG, Adobe PhotoShop CC 2015, Nmap, TortoiseGit, Apple iCloud, Java Development Kit 8.0 Security Updates: Firefox (1), Skype (1), Opera (1), Adobe (3), SeaMonkey (1), Microsoft (5), Foxit Reader (1), Wireshark (1), Adobe PhotoShop CC 2015 (1), Thunderbird (1), Java Development Kit 8.0 (1), Apple iCloud (1), KeePass Pro (1), Non-Security Updates: Adobe (1), Dropbox (1), GoodSync (2), Microsoft (36), TortoiseHG (1), TeamViewer (1), Xmind (1), CoreFTP (1), IRFanView (1), LibreOffice (1), Nmap (2), TortoiseGit (1), GoToMeeting (2), Java Development Kit 8.0 (1), NitroPro (1), TeamViewer (1), CDBurnerXP (1), Malwarebytes (1)Security Tools:Software Distribution:

Resources and Webinars

Get Shavlik Content Updates

Get Social with Shavlik

Sign up for next months Patch Tuesday Webinar

Watch previous webinars and download presentation.

Thank you