• Patch Tuesday not dire – quick recap

    Posted on September 13, 2016 at 16:55 CDT by Comment in the Forums

    Microsoft has released 14 security bulletins. According to the SANS Internet Storm Center, only two of the bulletins involve exploits that are currently in the wild – one is for Internet Explorer, the other for Flash. If you don’t use IE, there are no currently known exploits.

    There’s a weird patch for Diffie-Hellman Key Exchange in KB 3174644. (“Microsoft is providing updated support to enable administrators to configure longer Diffie-Hellman ephemeral (DHE) key shares for TLS servers.”) I call it weird because it’s included in Win7’s KB MS16-111/3175024, and if you’re running Win7, Microsoft recommends that you install 3175024, not 317644. Vista and 8.1 users get to install 3174644 separately.

    Still with me?

    Server 2008 R2 PCs get a re-run of KB3172605, which is the July 2016 update rollup for Windows 7. Go figger. UPDATE: Looks like a whole bunch of files inside the patch were updated this month. PCs are rebooting after installing the update. I have no idea what’s going on. See patchmanagement.org for details.

    Last month’s August 2016 update rollup for Windows 7, KB 3179573, is back – but this time it’s Recommended, not Optional. Looks like the list of superseded updates has changed.

    Similarly, last month’s update rollup for Win8.1 , KB 3179574, is back, Recommended this time, not Optional.

    I’d be willing to bet this is the new cumulative rollup pace we’ll see put in place in October.

    The old Windows Journal killer is back, https://support.microsoft.com/en-us/kb/3161102, as well as the version for Vista https://support.microsoft.com/en-us/kb/3185662

    As long as you aren’t running IE 11, I don’t see any reason to hurry up with the patches.

    Stay tuned.

    ER notes:

    New Adobe Flash Player security updates posted Tuesday September 13, 2016 in Adobe security bulletin APSB16-29 & Microsoft security bulletin MS16-117:

    https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

    https://technet.microsoft.com/library/security/MS16-117

    These security patches update Flash Player to version 23.

    UPDATE: Trend Micro advizes that there’s a known, exploited security hole in both IE and Edge. So, in addition to my usual advice to avoid IE, I also need to add Edge.

    But then you aren’t using Edge, are you?

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.