In order to protect users from possible security holes in their operating system or other products, Microsoft launches the second Tuesday of each month a series of security bulletins, now known only as “patches”, with which to solve All the failures detected during the last month and gradually make their systems and products become more and more secure and robust in the face of computer attacks.
Yesterday was the second Tuesday in January and, as is customary in Microsoft, is the day in which the company releases its new security patches with which to solve all kinds of problems, especially related to security, in its operating system and the Other products.
While last December, 2016, the company released a total of 12 security bulletins, 6 of which were critical, coming to publish a total of 154 security bulletins throughout the year, it seems Microsoft has started the new 2017 on the right foot, at least in terms of safety, publishing a total of four bulletins, of which only two are “critical”, and one of them is the corresponding complement of Adobe Flash Player.
- Vista and 7 – 1 patch important safety feature
- Windows 10 and Server 2016 – A major security patch and one critical.
- Server 2008 – A major security patch.
- Office 2016 – critical security patch.
The rest of Microsoft products, this time, have not been affected by security problems and, therefore, do not receive new security patches. Undoubtedly, January 2017 is one of the months that least vulnerabilities have affected Microsoft products in recent years.
As we say, in this first “Tuesday of patches” the company has only published 4 security patches, of which only two have been considered critical and, besides, none of them directly affect Windows. These 4 security patches are:
MS17-001 – This first 2017 security patch affects Microsoft Windows 10 browser Edge and focuses on solving a fault (CVE-2017-0002) allowing elevation of privilege when visiting malicious web pages created for this purpose.
MS17-002 – This patch critical is focused on solving a vulnerability (CVE-2017-0003) in Microsoft Office that could allow an attacker to execute code in memory with administrative permissions.
MS17-003 – This update critical fixes 13 vulnerabilities in the multimedia complement Adobe Flash Player .
MS17-004 – This fourth patch is focused on solving a security flaw (CVE-2017-0004) that could allow an attacker to generate Denial of Service, DoS, in the LSASS (Local Security Authority Subsystem Service) tool Windows .
Windows Security patches January 2017
As we can see, these 4 bulletins only solve 15 vulnerabilities, 12 of which belong to bulletin MS17-003 Adobe Flash Player , so you could say that Microsoft, this month, has only fixed three vulnerabilities, one of which critical (Office 2016). Microsoft has also taken the opportunity to launch a series of additional non-security patches with which to fix several errors in Windows 10, upgrading the system to build 14393.693.
These updates will reach all users of the operating system through Windows Update, and although it has been a good month for the company, it is advisable to install them to prevent hackers from conducting targeted attacks that exploit any of these bugs.
Have you already installed the new Microsoft security patches? Have you had trouble doing this?