Virtual Administrator’s February 2018 Patch Recommendations
This month Microsoft released patches for 50 vulnerabilities with 14 of them rated “Critical”, 34 rated “Important” and 2 rated “Moderate”.
All February patches have been approved in our patch policy.
This month is much less dramatic than last month. Security Update for Adobe Flash Player (KB4074595) was released OOB on February 6th and was approved in our patch policy on the 7th. There are reports of this being actively exploited. A vulnerability in Edge (CVE-2018-0771) is publicly disclosed but without any reports of exploitation. That patch is included in the monthly cumulative update package.
Out-of-band security updates on 02/06/2018
018-02 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4074595) – see “Notable CVEs”
WARNING: The Spectre/Meltdown registry key check is still enforced. Machines will not install any cumulative updates until the key is present.
Windows security updates released January 3, 2018, and antivirus software
You can create a Custom View to find those agents on Windows 10 Version 1709 by adding the build number – Under “OS Info” add “OS Type: Windows 10” and “OS version filter: *16299*” We will update all partner once this problem is corrected.
Security Update Guide
Affected software include:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Adobe Flash
Known Issues per Microsoft: None
Monthly Rollup/Security Only/Windows 10/Server 2016 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
KB4074598 – Windows 7, Windows Server 2008 R2
KB4074594 – Windows 8.1, Windows Server 2012 R2
KB4074593 – Windows Server 2012
Security Only Update
KB4074587 – Windows 7, Windows Server 2008 R2
KB4074597 – Windows 8.1, Windows Server 2012 R2
KB4074589 – Windows Server 2012
Cumulative Update for Windows 10
KB4074596 – Original release version 1507 (OS Build 10240)
KB4074591 – Version 1511 (OS Build 10586)
KB4074590 – Version 1607 “Anniversary Update” (OS Build 14393)
KB4074592 – Version 1703 “Creators Update” (OS Build 15063)
KB4074588 – Version 1709 “Fall Creators Update” (OS Build 16299)
Note: Server 2016 uses the same KB as Windows 10 Version 1607
KB4074736 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
KB4076492 – Windows 7, Windows Server 2008 R2
KB4076494 – Windows 8.1, Windows Server 2012 R2
KB4076493 – Windows Server 2012
KB4076495 – Windows Server 2008 (.NET Framework 2.0, 3.0, 4.5.2, 4.6)
KB4074595 – Security Update for Adobe Flash Player
February 2018 updates for Microsoft Office
CVE-2018-4878 | Security update for Adobe Flash Player
A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 220.127.116.11 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.
CVE-2018-0771 | Microsoft Edge Security Feature Bypass Vulnerability
The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.