Microsoft Office Updates for March 2017

Microsoft is currently rolling out its monthly updates for its Office products as normal. We’ll have to wait another week to see if the company can find its way to delivering security updates for March 2017, after skipping February.

Here’s what’s rolling out now:

Office 2013

  • Update for Microsoft Office 2013 (KB3162058)
  • Update for Microsoft Office 2013 (KB3162039)
  • Update for Microsoft OneDrive for Business (KB3178645)
  • Update for Microsoft Project 2013 (KB3178650)
  • Update for Microsoft Visio 2013 (KB3172437)

Office 2016

  • Update for Microsoft Access 2016 (KB3128054)
  • Update for Microsoft Office 2016 (KB3141452)
  • Update for Microsoft OneDrive for Business (KB3141458)
  • Update for Microsoft Office 2016 (KB3178661)
  • Update for Microsoft Office 2016 (KB3178663)
  • Update for Microsoft Office 2016 (KB3178668)
  • Update for Microsoft Office 2016 (KB3178660)
  • Update for Microsoft Office 2016 (KB3178655)
  • Update for Microsoft PowerPoint 2016 (KB3178657)
  • Update for Microsoft Project 2016 (KB3178669)
  • Update for Microsoft Publisher 2016 (KB3128047)
  • Update for Microsoft Visio 2016 (KB3178654)

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

ACROS Security Takes Up Slack Left by Absent Microsoft with Zero Day Patch

Its best to be very wary of any non-vendor patches for specific vendor flaws. But, this is just another effect of what Microsoft has caused due to skipping an entire month of security patches in February 2017 while zero-day flaws in its operating systems continue to be reported. If skipping patching platform security isn’t bad enough, the company has failed to communicate in any meaningful way about why it skipped a month.

ACROS Security has developed a patch for the recently communicated flaw in gdi32.dll and talks about it in the following blog: 0patching a 0-day: Windows gdi32.dll memory disclosure (CVE-2017-0038)

According to the ACROS site…

ACROS, located in Slovenia, is a family owned, self-funded company. An equal-opportunity employer with extremely low staff turnover, it employs trusted local security experts and helps them achieve excellence on a global scale.

A leading provider of security research, the company does work for financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.

Should you apply this patch? No. But, Microsoft should be aware of the ripple that both not patching and not properly communicating with customers can cause.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

February’s Flash Security Update on the Wires from Microsoft

Microsoft decided to at least deliver one security patch this month, this one for a critical Adobe Flash vulnerability.

The update is available now over Windows Update.

Associated KB article: MS17-005: Security update for Adobe Flash Player: February 21, 2017

This security update resolves vulnerabilities in Adobe Flash Player if Flash Player is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1.

Microsoft has promised to resume normal Patch Tuesday operations in March. Customers are hoping the March updates will plug a couple zero-day holes. One was partially fixed last year, and the other has yet to receive an update thought its been known for 90 days or more.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Download Microsoft Security Bulletin History

Microsoft has made available free, downloadable Excel spreadsheets that detail security bulletin history from 2008 to the present. The plan is to update this information regularly.

What’s available:

  1. Excel files that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins. BulletinSearch.xlsx contains bulletin information from November 2008 to the present. BulletinSearch1998-2008.xlsx has all of the rest of the historical data.
  2. A zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)

 

Download: Microsoft Security Bulletin Data


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Microsoft Delays February’s Patches

UPDATE: Microsoft Skips February’s Patch Tuesday Altogether


Microsoft today has announced that it will delay its release of February 2017 updates.

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

MSRC


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

MS16-135 is the Fix for the Google-outed Windows Flaw

Much to Microsoft’s chagrin, Google recently publicly outed a major Windows vulnerability just 10 days after disclosing it to Microsoft. The flaw affects all currently supported versions of Windows including Windows 10 and Windows Server 2016. Amid this month’s Patch Tuesday updates, Microsoft has delivered a fix for this reported flaw.

Bulletin: Microsoft Security Bulletin MS16-135

KB Article: Security Update for Windows Kernel-Mode Drivers (3199135)


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Best Resources for Patch Management Discussion and Support

Are you tasked with keeping your organization’s systems up-to-date, secure, and performing well through management of updates?

Here’s a few of the best ways to obtain support and connect with people tasked with the same responsibilities.

Know of additional resources you count on that should be added here? Let us know in the comments, on Twitter (@myITforum).


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Cumulative Update KB3200970 Fails Installation for Some

Another month of updates, another round of reported problems. Microsoft may not have set its own goal to ever deliver an error-free updates release, but customers continue to hope for it.

We told you yesterday that the latest CU for Windows 10 is available, and while the reports are few right now, there is a growing concern that the update is failing to install and sending the PC/device into a reboot/install/reoffer loop.

There are a normal set of solutions that Microsoft offers in this case, which include shutting down antivirus, rebooting first before initial installation (if possible), and clearing out Windows Update cache through repair using the Windows Update Troubleshooter.

Are you having problems? If you’re experiencing installation problems with KB3200970, let us know in the comments, in the Monthly Patching forum, or on Twitter (@myITforum).


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

November 2016’s Public Update Releases Available for Office Today, Too

Its a big day for Microsoft updates and updates news…

And, now, the November 2016 Public Update releases for Office are now also available. This month’s Office release is represented by 25 security updates (1 bulletin) and 39 non-security updates.

All of the security and non-security updates for November are listed in KB article 3200802.

Additionally, expect click-to-run updates for Office 2013 (15.0.4875.1001), Office 2010 (14.0.7176.5000), and Office 365.


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Microsoft Launches Preview of Its Security Updates Guide, Replaces Bulletins in January 2017

Today Microsoft has announced a new, consolidated database served by a web site to help customers locate security vulnerability information.

…customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs.

This month we released a preview of our new single destination for security vulnerability information, the Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.

Using the new portal you can:

  • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
  • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
  • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

Security update information will be published as bulletins and on the Security Updates Guide until January 2017. After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide.

Have feedback on the new portal? Send it directly to: portalfback@microsoft.com


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

14 Security Patches Ready for Voting/Patch Tuesday

It’s not enough that the US is embroiled in voting for its next president, but today is also Patch Tuesday courtesy of Microsoft.

Full bulletin:  https://technet.microsoft.com/library/security/ms16-nov

Here’s what to expect to stick into your test labs today…

MS16-129 Cumulative Security Update for Microsoft Edge (3199057) Critical
Remote Code Execution
Requires restart ——— Microsoft Windows,
Microsoft Edge
MS16-130 Security Update for Microsoft Windows (3199172) Critical
Remote Code Execution
Requires restart ——— Microsoft Windows
MS16-131 Security Update for Microsoft Video Control (3199151)
Critical
Remote Code Execution
Requires restart ——— Microsoft Windows
MS16-132 Security Update for Microsoft Graphics Component (3199120) Critical
Remote Code Execution
Requires restart ——— Microsoft Windows
MS16-133 Security Update for Microsoft Office (3199168)
Important
Remote Code Execution
May require restart ——— Microsoft Office,
Microsoft Office Services and Web Apps
MS16-134 Security Update for Common Log File System Driver (3193706)
Important
Elevation of Privilege
Requires restart ——— Microsoft Windows
MS16-135 Security Update for Windows Kernel-Mode Drivers (3199135)
Important
Elevation of Privilege
Requires restart ——— Microsoft Windows
MS16-136 Security Update for SQL Server (3199641)
Important
Elevation of Privilege
May require restart ——— Microsoft SQL Server
MS16-137 Security Update for Windows Authentication Methods (3199173)
Important
Elevation of Privilege
Requires restart ——— Microsoft Windows
MS16-138 Security Update to Microsoft Virtual Hard Disk Driver (3199647)
Important
Elevation of Privilege
Requires restart ——— Microsoft Windows
MS16-139 Security Update for Windows Kernel (3199720)
Important
Elevation of Privilege
Requires restart ——— Microsoft Windows
MS16-140 Security Update for Boot Manager (3193479)
Important
Security Feature Bypass
Requires restart ——— Microsoft Windows
MS16-141 Security Update for Adobe Flash Player (3202790)
Critical
Remote Code Execution
Requires restart ——— Microsoft Windows,
Adobe Flash Player
MS16-142 Cumulative Security Update for Internet Explorer (3198467)
Critical
Remote Code Execution
Requires restart ——— Microsoft Windows,
Internet Explorer

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Cumulative Update KB3200970 Rolling Out Now

Rolling out now, the November 2016 CU for Windows 10 is available through Windows Update.

This update includes quality improvements and security updates. No new operating system features are being introduced in this update.

Key changes for Anniversary Update

  • Improved the reliability of multimedia audio, Remote Desktop, and Internet Explorer 11.
  • Addressed issue that prevents users from connecting to a virtual private network (VPN).
  • Addressed issue with a scheduled task that doesn’t run in Task Scheduler after reenabling.
  • Addressed issue to update the Access Point Name (APN) database.
  • Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
  • Addressed issue with the system tray showing no Wi-Fi connection even when Wi-Fi is present.
  • Addressed issue with Windows devices that disconnect from the Internet prematurely before users can complete their paid Wi-Fi purchase.
  • Addressed issue to update the new Belarusian ruble symbol to Br and the new ISO 4217 code to BYN.
  • Addressed additional issues with multimedia, Windows kernel, packaging release management, authentication, Microsoft Edge, Internet Explorer 11, Remote Desktop, Active Directory, wireless networking, Windows shell, graphics, enterprise security, and Microsoft HoloLens.
  • Security updates to Boot Manager, Windows operating system, kernel-mode drivers, Microsoft Edge, Internet Explorer 11, Microsoft Virtual Hard Drive, Common Log File System driver, Microsoft Video Control, Common Log File System driver, Windows authentication methods, Windows File Manager, and the Microsoft Graphics Component.

Key changes for 1511

  • Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11.
  • Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
  • Addressed issue with systems that randomly stop applying UNC Hardening group policy, leaving systems vulnerable until restarted.
  • Addressed issue with proxy authentication that causes Windows Update downloads to fail.
  • Addressed issue that prevents users from accessing network resources after logon after they’ve installed KB3185614.
  • Addressed issue with point rendering in Internet Explorer 11 and Microsoft Edge.
  • Addressed issue where users can’t navigate to Internet sites when a network is configured to use Web Proxy Auto Discovery (WPAD).
  • Addressed issue where users can’t access Microsoft Store in an authenticated proxy environment.
  • Addressed additional issues with enterprise security, Internet Explorer 11, Remote Desktop, datacenter networking, Windows shell, filter driver, the Access Point Name (APN) database, and wireless networking.
  • Security updates to the Windows operating system, kernel-mode drivers, Microsoft Edge, Boot Manager, Internet Explorer 11, Common Log File System driver, Microsoft Virtual Hard Drive, Microsoft Video Control, Windows authentication methods, Windows File Manager, OpenType, and the Microsoft Graphics Component.

Key changes for 1507

  • Addressed issue to update the Access Point Name (APN) database.
  • Addressed issue with deadlocks occurring after a user password reset.
  • Addressed issue with point rendering in Internet Explorer 11 and Microsoft Edge.
  • Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
  • Addressed additional issues with filter drivers, enterprise security, Windows shell, and Internet Explorer 1.
  • Security updates to the Windows OS, Microsoft Edge, Internet Explorer 11, Windows File Manager, Microsoft Graphics Component, Windows authentication methods, kernel-mode drivers, Microsoft Virtual Hard Drive, Microsoft Video Control, OpenType, and the Common Log File System driver.
For more information about the complete list of affected files, see KB3200970.

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections