Virtual Administrator’s February 2017 Patch Recommendations

1 Security Bulletins were released – 1 Critical, 0 Important, and 0 Moderate

This Month In Brief

We have not uncovered any problems with this patch and are releasing it. We are also releasing the non-security updates – see VA Policy note below.

MS17-005 is rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

No out-of-band security updates were released during the last month.

Notable News: Patch Tuesday was postponed, then it showed up early…which we guess was technically late?
Microsoft postponed the February Security Bulletin until March. Then without warning on February 21 they posted “Microsoft Security Bulletin Summary for February 2017” with the single Adobe Flash Player update.
There is much speculation on what happened however there is consensus that this has never happened before. Prepare yourselves for a whopper of a Patch Tuesday in March.

February 2017 security update release (https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/)
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017.

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

MSRC

VA Policy for Non-Security updates
Most recently Microsoft has been releasing Office non-security updates on the first Tuesday of the month. Over the years this day has changed and they still sometimes release other non-security/optional updates on random days. Our policy is to hold off approving any of these until we release the Patch Tuesday bulletins – on the first Friday following Patch Tuesday. Because these are non-security updates there is no urgency and we believe it is best to release all monthly patches/updates at the same time. We only mention the non-security patches/updates in this blog if we decide to deny them – a rare occurrence.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS17-005 Security Update for Adobe Flash Player (4010250) (Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Details
Affected Software: Windows 8.1/10, Server 2012/2012R2/2016, Windows RT 8.1
Known Issues per MS: