4. Intel vPro Vulnerability
An oldie but goodie
Allows remote access with AMT enabled
AMT disabled limits access to local system
Ivanti solution
Deploy our configuration management package
Disables AMT
No word yet from OEMs on a fix
5. From our Friends at Microsoft
A vulnerable malware protection engine?
MS MRT allows code execution upon special file scan
Researcher revers to vulnerability as ‘crazy bad’
MS releasing a fix; should update within 48 hours
Processor limitations coming for Windows 10
Kaby Lake processors will cause WU to block updates on OSs
Older than Win 10
Future updates will not support older processors
Installation restrictions in the update engine itself
6. Phishing for Google Docs
Phishing is alive and well this month
Google docs phishing scam
Email with a request to share some documents
Limited defense against this sort of attack
Enable two-factor authentication on your account
Education is the key
9. MS17-05-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player if it's
installed on any supported edition of Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version
1607, Windows 8.1, or Windows RT 8.1. This bulletin is refers to a single KB article.
Impact: Remote Code Execution
Fixes 7 vulnerabilities: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017-
3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074
Restart Required: Requires Application Restart
10. MS17-05-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: This security update resolves several reported vulnerabilities in Internet
Explorer. The most severe of these vulnerabilities could allow remote code execution if
a user views a specially crafted webpage in Internet Explorer. The security fixes that
are listed in the Security Monthly Quality Rollup KB4019215 are also included in the
May 2017 Security-Only Quality Update, KB4019213, except for the security fixes for
Internet Explorer. Those are instead included in the Cumulative Security Update for
Internet Explorer KB4018271. This bulletin references 7 KB articles.
Impact: Remote Code Execution
Fixes 6 vulnerabilities: CVE-2017-0064, CVE-2017-0222, CVE-2017-0226, CVE-
2017-0228, CVE-2017-0231, CVE-2017-0238
Restart Required: Requires Browser Restart
11. MS17-05-OFF: Security Updates for Microsoft Office
Maximum Severity: Critical
Affected Products: Microsoft Office 2007-2016 for Windows and Mac
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
references 25 KB articles.
Impact: Remote Code Execution
Fixes 7 vulnerabilities: CVE-2017-0254, CVE-2017-0261, CVE-2017-0262, CVE-2017-0264,
CVE-2017-0265, CVE-2017-0281, CVE-2017-0290
Restart Required: Requires Restart
12. MS17-05-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 1507, 1511, 1607, and 1703, Server 2016,
Microsoft Edge, and IE
Description: This bulletin references 11 KB articles.
Impact: Full range of impacts including Remote Code Execution
Fixes 42 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-
0190, CVE-2017-0212, CVE-2017-0213, CVE-2017-0214, CVE-2017-0221, CVE-2017-0222, CVE-
2017-0224, CVE-2017-0226, CVE-2017-0227, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,
CVE-2017-0231, CVE-2017-0233, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, CVE-2017-
0238, CVE-2017-0240, CVE-2017-0241, CVE-2017-0246, CVE-2017-0258, CVE-2017-0259, CVE-
2017-0263, CVE-2017-0266, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270,
CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-
0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
Restart Required: Requires Restart
13. MS17-05-2K8: Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008
Description: A denial of service vulnerability exists in Windows DNS Server if the
server is configured to answer version queries. Several vulnerabilities lead to
information disclosure or remote code execution. This bulletin references 9 KB articles.
Impact: Remote Code Execution, Elevation of Privilege, Denial of Service, Information
Disclosure
Fixes 27 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0175, CVE-2017-
0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0242, CVE-2017-0244, CVE-
2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268,
CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-
0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-
2017-0280
Restart Required: Requires Restart
14. MS17-05-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Security updates to Microsoft Graphics Component, Windows COM,
Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.
This bulletin is based on KB4019263.
Impact: Remote Code Execution
Fixes 27 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0175, CVE-2017-
0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0242, CVE-2017-0244, CVE-
2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268,
CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-
0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-
2017-0280
Restart Required: Requires Restart
15. MS17-05-SO8: Security-only Update Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: Security updates to Microsoft Graphics Component, Windows COM,
Windows Server, Windows Kernel and Microsoft Windows DNS. Does not include
security fixes for Internet Explorer. This bulletin is based on KB4019214.
Impact: Remote Code Execution
Fixes 24 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-
0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-
2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271,
CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-
0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
Restart Required: Requires Restart
16. MS17-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1 and Server 2012 R2
Description: Security updates to Microsoft Graphics Component, Microsoft Windows
DNS, Windows COM, Windows Server and Windows kernel. This bulletin is based on
KB4019213.
Impact: Remote Code Execution
Fixes 23 vulnerabilities: CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-
0213, CVE-2017-0214, CVE-2017-0246, CVE-2017-0258, CVE-2017-025, CVE-2017-0263, CVE-
2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272,
CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-
0278, CVE-2017-0279, CVE-2017-0280
Restart Required: Requires Restart
17. MS17-05-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB4015552 (released April 18, 2017). This bulletin includes updates for IE.
This bulletin is based on KB4019264.
Impact: Remote Code Execution
Fixes 33 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-
0175, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-
2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238, CVE-2017-0242, CVE-2017-0244,
CVE-2017-0245, CVE-2017-0246, CVE-2017-0258, CVE-2017-0263, CVE-2017-0267, CVE-2017-
0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-
2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279,
CVE-2017-0280,
Restart Required: Requires Restart
18. MS17-05-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: This security update includes improvements and fixes that were a part of
update KB4015554 (released April 18, 2017). This bulletin includes updates for IE. This
bulletin is based on KB4019216.
Impact: Remote Code Execution
Fixes 30 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-
0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0226, CVE-
2017-0228, CVE-2017-0231, CVE-2017-0238 CVE-2017-0245, CVE-2017-0246, CVE-2017-0258,
CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-
0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-
2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280
Restart Required: Requires Restart
19. MS17-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB4015553 (released April 18, 2017). This bulletin includes updates for IE.
This bulletin is based on KB4019215.
Impact: Remote Code Execution
Fixes 29 vulnerabilities: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-
0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-
2017-0231, CVE-2017-0238, CVE-2017-0246, CVE-2017-0258, CVE-2017-025, CVE-2017-0263,
CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-
0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-
2017-0278, CVE-2017-0279, CVE-2017-0280
Restart Required: Requires Restart
20. APSB17-15: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could potentially allow an attacker to take control of the affected
system.
Impact: Remote Code Execution
Fixes 7 vulnerabilities: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017-
3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074
Restart Required: Application Restart Required
21. MS17-05-SONET: Security-only Update for Microsoft .Net
Maximum Severity: Important
Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7
Sub-bulletins: MS17-05-SONET-4019108, 4019109, 4019110, 4019111
These are four separate bulletins for the four operating systems
Description: This update resolves a vulnerability where the Microsoft .NET
Framework (and .NET Core) components do not completely validate certificates
resulting in a security feature bypass.
Impact: Security Feature Bypass
Fixes 1 vulnerability: CVE-2017-0248
Restart Required: Requires Restart
22. MS17-05-SONET: Monthly Rollup for Microsoft .Net
Maximum Severity: Important
Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7
Sub-bulletins: MS17-05-MRNET-4019112, 4019113, 4019114, 4019115
These are four separate bulletins for the four operating systems
Description: This update resolves a vulnerability where the Microsoft .NET
Framework (and .NET Core) components do not completely validate certificates
resulting in a security feature bypass.
Impact: Security Feature Bypass
Fixes 1 vulnerability: CVE-2017-0248
Restart Required: Requires Restart
23. Other Releases
PDF-Xchange
Bulletin: PDFX-008
Release 6.0.322.0
Feature and maintenance update (non-security)
Google Chrome
Bulletin: Chrome-195
Release 58.0.3029.110
Windows, MacOS, Linux
Stability, performance, and security
Unanswered questions:
When will OEMs release driver updates?
How far back will the driver updates go?
If they don’t go far enough back you will need to supplement with additional mitigation steps for systems not covered.
Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.
Verify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781. For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.10701.0 or later.
CVE-2017-0064 was publically disclosed and CVE-2017-0222 is known to be exploited. A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
This update contains a fix for CVE-2017-261 which is known to be exploited. This vulnerability is exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution.
This bulletin includes all 3 publically disclosed and all 2 exploited vulnerabilities. All except the Office vulnerability.
This update contains a fix for CVE-2017-263 which is known to be exploited. This vulnerability exists in Win32k systems and allows a memory exploit to gain additional privileges.
Known issue with this update - If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.
Known issue - If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.