Patch Tuesday: We Read the Security Bulletins So You Don’t Have To
Windows 10 works on desktops, laptops, tablets, and laptops that can turn into tablets (sometimes called convertibles or laplets). But it's touchscreen interface is far from perfect, especially when you compare it to Android or iOS.
Here's something new: Microsoft's changed the way they number their bulletins. The previous model used security bulletin ID numbers; this method is being retired, and the new security bulletins will be identified by vulnerability ID numbers and KB Article ID numbers.
So we'll be changing how we present the information. We will be sorting out the security updates by application and by operating system. You can scan through for the ones that affect you, then see what you may want/need to install.
Internet Explorer 11
KB4025344 (OS Build 10586.1007) —Windows 10 Version 1511 for 32-bit Systems and x64-based Systems
What vulnerabilities does this update fix? "Addressed issue introduced by KB4032693 where Internet Explorer 11 may close unexpectedly when you visit some websites. " and "Security updates to Internet Explorer 11, Microsoft Scripting Engine, Microsoft Edge, Windows Search, Windows shell, Windows kernel-mode drivers, Microsoft Graphics Component, Windows kernel, .NET Framework, Windows Virtualization, Windows Server, Windows Storage and File Systems, Datacenter Networking, Microsoft NTFS, ASP.NET, and Microsoft PowerShell."
KB4025339 (OS Build 14393.1480) — Windows 10 Version 1607 for 32-bit Systems and x64-bit systems
What vulnerabilities does this update fix? "Security updates to the Windows shell, Microsoft Graphics Component, Windows Search, Windows kernel, Windows kernel-mode drivers, the .NET Framework, Windows Server, Windows Virtualization, Windows Storage and File Systems, Datacenter Networking, Internet Explorer 11, Microsoft PowerShell, Microsoft Edge, and the Microsoft Scripting Engine. "
KB4025338 (OS Build 10240.17488) — Windows 10 for x64-based Systems
What vulnerabilities does this update fix? "Addressed issue introduced by KB4032695 where Internet Explorer 11 may close unexpectedly when you visit some websites" and "Addressed issue that can cause cursor flicker when hovering over a popup menu option in Internet Explorer 11 and Microsoft Edge." and "Addressed issue where Internet Explorer 11 crashes when a user clicks on an empty column header and then quickly does a Shift + double-click."
KB4025338 (OS Build 10240.17488) — Windows 10 for 32-bit Systems
What vulnerabilities does this update fix? "Addressed issue introduced by KB4032693 where Internet Explorer 11 may close unexpectedly when you visit some websites. " and "Security updates to Internet Explorer 11, Microsoft Scripting Engine, Microsoft Edge, Windows Search, Windows shell, Windows kernel-mode drivers, Microsoft Graphics Component, Windows kernel, .NET Framework, Windows Virtualization, Windows Server, Windows Storage and File Systems, Datacenter Networking, Microsoft NTFS, ASP.NET, and Microsoft PowerShell." and "Addressed issue introduced by KB4032695 where Internet Explorer 11 may close unexpectedly when you visit some websites" and "Addressed issue that can cause cursor flicker when hovering over a popup menu option in Internet Explorer 11 and Microsoft Edge." and "Addressed issue where Internet Explorer 11 crashes when a user clicks on an empty column header and then quickly does a Shift + double-click."
KB4025342 (OS Build 15063.483) — Windows 10 Version 1703 for 32-bit and x64-based Systems
What vulnerabilities does this update fix? "Security updates to Internet Explorer 11, Microsoft Edge, Windows Search, Windows kernel, Windows shell, Microsoft Scripting Engine, Windows Virtualization, Datacenter Networking, Windows Server, Windows Storage and File Systems, Microsoft Graphics Component, Windows kernel-mode drivers, ASP.NET, Microsoft PowerShell, and the .NET Framework."
Microsoft Edge
KB4025344 (OS Build 10586.1007) — Windows 10 Version 1511 for 32-bit Systems and x64-based Systems
What vulnerabilities does this update fix? "Addressed issue that causes .jpx and .jbig2 images to stop rendering in PDF files."
KB4025339 (OS Build 14393.1480) — Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
What vulnerabilities does this update fix? "Security updates to the Windows shell, Microsoft Graphics Component, Windows Search, Windows kernel, Windows kernel-mode drivers, the .NET Framework, Windows Server, Windows Virtualization, Windows Storage and File Systems, Datacenter Networking, Internet Explorer 11, Microsoft PowerShell, Microsoft Edge, and the Microsoft Scripting Engine."
KB4025342 (OS Build 15063.483) — Windows 10 Version 1703 for x64-based Systems for 32-bit Systems and x64-based Systems
What vulnerabilities does this update fix? "Security updates to the Windows shell, Microsoft Graphics Component, Windows Search, Windows kernel, Windows kernel-mode drivers, the .NET Framework, Windows Server, Windows Virtualization, Windows Storage and File Systems, Datacenter Networking, Internet Explorer 11, Microsoft PowerShell, Microsoft Edge, and the Microsoft Scripting Engine." and "Addressed issue that causes .jpx and .jbig2 images to stop rendering in PDF files."
KB4025338 (OS Build 10240.17488) — Windows 10 for 32-bit Systems and x64-based Systems
What vulnerabilities does this update fix? "Security updates to the Windows shell, Microsoft Graphics Component, Windows Search, Windows kernel, Windows kernel-mode drivers, the .NET Framework, Windows Server, Windows Virtualization, Windows Storage and File Systems, Datacenter Networking, Internet Explorer 11, Microsoft PowerShell, Microsoft Edge, and the Microsoft Scripting Engine."
Microsoft Office 2007 (all editions)
Microsoft Office 2007 Service Pack 3
What vulnerabilities does this update fix? "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software." See also this security fix, which also addresses a remote code execution issue
Microsoft Office 2010 (all editions)
Microsoft Office 2010 Service Pack 2 — 32-bit and 64-bit editions
What vulnerabilities does this update fix? "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software."
Microsoft Office 2010 Service Pack 2 — 32-bit and 64-bit editions
What vulnerabilities does this update fix? Another case of — you guessed it — "remote code execution vulnerability."
Microsoft Office 2013 (all editions)
Microsoft Office 2013 Service Pack 1
What vulnerabilities does this update fix? "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory."
Microsoft Office 2016 (all editions)
Microsoft Office 2016 — 32 and 64-bit editions
What vulnerabilities does this update fix? "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory."
What vulnerabilities does this update fix? "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory."
Adobe Flash Player
Security update for Adobe Flash Player: July 11, 2017
What vulnerabilities does this update fix? "This security update resolves vulnerabilities in Adobe Flash Player if it's installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 10 Version 1703, Windows 8.1, or Windows RT 8.1. "
