Patch Tuesday Updates for October 2016

Web browser updates for Internet Explorer and Microsoft Edge resolve severe vulnerabilities and exploits, which include remote code execution from a specially crafted page, designed to gain user access. Microsoft video and graphics components both receive patches for vulnerabilities found that could allow an attacker to exploit and run arbitrary code. Microsoft Office, the company’s productivity suite, which includes, Word, Excel and PowerPoint gets an update, which resolves an Office RTF remote code execution vulnerability; when the Office software fails to properly handle RTF files. Several updates affect components in Windows at the kernel level, which is the heart of Windows, each of which grants elevation of user privileges. Other areas include the Windows Registry and Diagnostics hub. The Microsoft Internet Messaging API utilized by applications such as Lync and Skype gets an update for a vulnerability found in how objects in memory are handled. If you still use Flash, there is also an update for that too. Since Windows 8, Microsoft started bundling the fading web technology. A security update is available that resolves vulnerabilities found. Affected platforms include Windows 8/8.1/RT, Server 2012/R2 and Windows 10. Today’s Patch Tuesday, sees the first introduction of a new rollup methodology for patching Microsoft operating systems and products going forward. The new servicing model applies to Windows 7 Service Pack 1 and later versions, which primarily affects how IT admins responsible for deploying updates to a fleet of PCs in an organization.

Although some may say — “Wow Microsoft, that’s a lot of security issues. What’s wrong with your software!”, I have a different perspective. All software has bugs including security exploits. No exception. I personally appreciate both the transparency and investment Microsoft has put into its robust security research, update, communication and of course updates. It really does make the world a better place when you consider the billions of users who are running Microsoft products. So, for these latest updates, the best way to get them if you’re reading this from a business machine is to remind your local IT admins to please approve all these updates on their patching system (AKA WSUS, SCCM or GFI etc…). If you’re a home user, good news is Windows Updates has probably already downloaded the patches and applied them. If you want to check, feel free to update manually by Clicking Start Menu > Settings > Update and Security. If updates are available, you will be prompted to install them. Finally, if you are still experiencing issues upgrading to Windows 10 or the Anniversary Update; Microsoft released a comprehensive and handy piece of documentation with details for troubleshooting upgrade errors. For example, try to have a Validation group in WSUS or SCCM which makes up 10-15% of your global environment. It’s best if this is a cross between all types of users and systems so you can sniff out any issues with the updates and your environment prior to mass deploy. This is what we do (at my day job) and it’s been very successful. So, stay tuned! -S gP A conscious decision, in which, all programs are documented, prior to the upate’s release. Does Microsoft use a program, programmed, to register the model, and any versions, of all, and every, possible conflict of code, that could be fixed? Thus, could this program translate codes, from one model, or version, to another, to reflect the update(s)? Would an adaptive program, solve issues prior to, post of, and after an update? I personally built a small site to track all updates from Microsoft – http://www.microsoftpost.com/ Might search there also. -Steve groovyPost It will list out all the latest Cumulative Updates for each of the Office products, Office 2010 included. Just follow the links and you will be able to grab the latest rollup. You should be golden! This one is probably the one you want (FYI) https://support.microsoft.com/en-us/kb/2881030 Hope this helps! -S https://www.bu.edu/tech/2016/08/01/2016-august-patch-list/ Comment

Δ