Record Patch Tuesday: We Read the Security Bulletins So You Don't Have To

Microsoft just released 18 different security bulletins. Do you need to panic over any of them? We've gone ahead and done the reading — and possible panicking — for you.

MS 17–-006 — Cumulative Security Update for Internet Explorer (4013073)

What it does: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

Which users it affects: Internet Explorer 9, Internet Explorer 10, Internet Explorer 11

MS 17–-007 — Cumulative Security Update for Microsoft Edge (4013071)

What it does: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Which users it affects: Microsoft Edge, Windows Server 2016

MS 17–-008 — Security Update for Windows Hyper-V (4013082)

What it does: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-009 — Security Update for Microsoft Windows PDF Library (4010319)

What it does: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Which users it affects: Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2016

MS 17–-010 — Security Update for Microsoft Windows SMB Server (4013389)

What it does: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-011 — Security Update for Microsoft Uniscribe (4013076)

What it does: This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-012 — Security Update for Microsoft Windows (4013078)

What it does: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-013 — Security Update for Microsoft Graphics Component (4013075)

What it does: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. This security update is rated Critical for:

·       All supported releases of Microsoft Windows

·       Affected editions of Microsoft Office 2007 and Microsoft Office 2010

·       Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010

·       Affected editions of Silverlight

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-014 — Security Update for Microsoft Office (4013241)

What it does: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. The security update addresses the vulnerabilities by:

·       Correcting how Office handles objects in memory

·       Changing the way certain functions handle objects in memory

·       Properly initializing the affected variable

·       Helping to ensure that SharePoint Server properly sanitizes web requests

·       Correcting how the Lync for Mac 2011 client validates certificates

Which users it affects: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, Microsoft Office 2016

MS 17–-015 — Security Update for Microsoft Exchange Server (4013242)

What it does: This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Which users it affects: Microsoft Exchange Server 2013, Microsoft Exchange Server 2016

MS 17–-016 — Security Update for Windows IIS (4013074)

What it does: This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-017 — Security Update for Windows Kernel (4013081)

What it does: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. The security update addresses the vulnerabilities by:

·       Correcting how the Windows Kernel API validates input

·       Correcting how the Transaction Manager handles objects in memory

·       Correcting the way that Windows validates the buffer lengths

·       Helping to ensure that the Windows Kernel API properly handles objects in memory

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-018 — Security Update for Windows Kernel-Mode Drivers (4013083)

What it does: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-019 — Security Update for Active Directory Federation Services (4010320)

What it does: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Which users it affects: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016

MS 17–-020 — Security Update for Windows DVD Maker (3208223)

What it does: This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Which users it affects: Windows 7, Windows Vista

MS 17–-021 — Security Update for Windows DirectShow (4010318)

What it does: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-022 — Security Update for Microsoft XML Core Services (4010321)

What it does: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website.

Which users it affects: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016

MS 17–-023 — Security Update for Adobe Flash Player (4014329)

What it does: This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

Which users it affects: Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2016