Microsoft Patch Tuesday December 2017 has finally arrived, with a list of 34 critical security updates covering seven different Microsoft products. We know you’re probably ready for some hard-earned time off, but be sure to deploy all of these latest patches before you get wrapped up with the holidays.
Security updates
Microsoft Patch Tuesday December 2017 includes security updates for the following products:
- Internet Explorer
- ChakraCore
- Microsoft Windows
- Microsoft Exchange Server
- Microsoft Edge
- Microsoft Malware Protection Engine
- Microsoft Office
- Microsoft Office Services and Web Apps
You can access a complete report on this month’s Patch Tuesday here.
Potential impact
According to Microsoft, this month’s security vulnerabilities can cause some serious damage if left unpatched, including:
- Remote code execution
- Information disclosure
- Security feature bypass
- Spoofing
- Elevation of privilege
These vulnerabilities target browsers, development tools, Exchange Server, Microsoft Office, and Windows in general. Check out Microsoft’s complete report to view the maximum potential impact of each vulnerability.
Key fixes
Microsoft Patch Tuesday December 2017 includes patches for two major remote code execution bugs in the Microsoft Malware Protection Engine:
- CVE-2017-11937
- CVE-2017-11940
Remote code execution is a serious threat, so these patches are highly recommended.
Adobe updates
Adobe security updates have also been taken care of in Patch Tuesday December 2017. These updates include Adobe Flash Player fixes that Adobe released in update 28.0.0.126, which is classified as moderately severe.
Earlier today, Adobe issued its own Patch Tuesday security bulletin, which only included one solitary bug fix for Adobe Flash Player:
- Security updates available for Flash Player | APSB17-42
Non-security updates
Apart from the security updates listed above, Microsoft also released a list of non-security updates. While these updates aren’t necessarily related to security vulnerabilities, you might still want to include the following patches when updating your systems:
Office 2010
- Microsoft Excel 2010 (KB4011617)
Office 2013
- Microsoft Excel 2013 (KB4011597)
- Microsoft Office 2013 (KB4011279)
- Microsoft Outlook 2013 (KB4011282)
- Microsoft PowerPoint 2013 (KB4011278)
- Microsoft Project 2013 (KB4011285)
- Skype for Business 2015 (KB4011284)
Office 2016
- Microsoft Excel 2016 (KB4011577)
- Microsoft Office 2016 (KB4011218)
- Microsoft Office 2016 (KB4011211)
- Skype for Business 2016 (KB4011563)
- Microsoft Office 2016 (KB4011567)
- Microsoft Office 2016 (KB3213542)
- Microsoft Office 2016 (KB4011568)
- Microsoft Office 2016 (KB4011572)
- Microsoft Office 2016 (KB4011163)
- Microsoft Office 2016 (KB4011562)
- Microsoft Office 2016 (KB4011031)
- Microsoft Project 2016 (KB4011573)
- Microsoft Office 2016 (KB4011225)
- Microsoft Outlook 2016 (KB4011570)
You can find a complete list of non-security updates here.
How can ManageEngine help?
Keeping your systems updated is a no-brainer, but the smart thing to do is use an automated patch management solution to deploy all the updates you need. To this effect, #ManageEngine offers two unique solutions for updating patches in your network:
- Patch Manager Plus, which is exclusively a patch management solution. Patch Manager Plus helps you manage patches for your Windows, Mac, and Linux systems, as well as more than 250 third party patches, right from your desk.
- Desktop Central, which is a unified endpoint management solution that can also perform automatic patch management.
So that’s it for Microsoft Patch Tuesday December 2017.
If you’re only worried about getting the patches onto your systems, then downloading Patch Manager Plus is the way to go. On the other hand, if endpoint security is your cup of tea, download Desktop Central and start deploying patches from the comfort of your desk.
Either way, if you get started now, you’ll have time to patch your entire network before the holidays and you’ll be able to keep your network safe, even during your vacation.
** Optrics Inc. is an authorized ManageEngine reseller
The original article can be found here: