Microsoft Patchday: Office, Flash, Windows (January 9, 2018)

Windows Update[German]Microsoft’s patchday on January 9, 2018 just brought us a few updates for Adobe Flash, Windows 10 V1709, Office and NET Framework so far. This is due the fact, that Microsoft already released some updates last week, to fix the Meltdown/Spectrum vulnerabilities .


Advertising

Update KB4056887 Adobe Flash Player

Update KB4056887 is a security update for Adobe Flash Player, which closes the vulnerability described in the article Adobe Flash Player version 28.0.0.137 released. The flash update is available for Windows Server version 1709, Windows Server 2016, Windows 10 version 1709 (Case Creators Update), Windows 10 version 1703 (Creators Update), Windows 10 version 1607, Windows 10 version 1511, Windows 10 version 1511, Windows 10 RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. The update is distributed via Windows Update, but is available as a download via Microsoft Update Catalog.

Update KB4056868 Windows 10 V1703

Update KB4056868 (Compatibility update for upgrading to Windows 10 1703: January 9, 2018) is a dynamic update. It is intended to improve compatibility when upgrading from Windows 10 Creators Update to later versions of Windows 10. The dynamic update is used during installation or reset (see Windows 10: What are dynamic updates?).

Update KB4056568 Internet Explorer

Update KB4056568 (Cumulative security update for Internet Explorer: January 9, 2018) fixes several reported vulnerabilities in Internet Explorer. The most serious of these vulnerabilities could allow remote code execution when a user views a specially crafted Web page in Internet Explorer. For more information about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures.

Update KB4057903 Windows Server 2012 R2

Update KB4057903 (Update for Windows Server 2012 R2 for x64-based Systems, Hyper-V integration components update for Windows virtual machines) contains the latest integrated components for Windows Server 2012 R2 Guest Virtual Machines (VMs) that are running on a Windows 10-based or Windows Server 2016-based host, or a Windows Server 2012 R2-based host. It fixes a bug in a storage filter (vmstorfl.sys) that may have an impact towards performance.

Office-Updates

Microsoft has released a number of security updates for Microsoft Office. Please note that these updates only apply to Office’s MSI installer versions (click-to-run variants are updated differently). A list of updates may be found here and within kb article 4058103.


Advertising

Microsoft Office 2016

Microsoft Office 2013

Microsoft Office 2010

Excel 2010
Description of the security update for Excel 2010: January 9, 2018 (KB4011660)

Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011658)

Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011610)

Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011611)

Outlook 2010
Description of the security update for Outlook 2010: January 9, 2018 (KB4011273)

Word 2010
Description of the security update for Word 2010: January 9, 2018 (KB4011659)

Microsoft Office 2007

SharePoint Server 2016

SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013

SharePoint Server 2010, Project Server 2010, and SharePoint Foundation 2010

Addendum: Office Vulnerability CVE-2018-0802

All Microsoft Office versions has a memory corruption vulnerability CVE-2018-0802 in Equation Editor, that has been fixed again. According to Microsoft’s description, the vulnerability also affects WordPad. The linked Microsoft says all Microsoft Office versions from Office 2007 to Office 2016, including the Click to Run variants, are patched. Microsoft classifies the vulnerability as important. The Register has provided an overview of the updates.

 

BTW, this is the 2nd attempt to close this vulnerability. There are reports from Check Point (01/09/2018) and here addressing this issue. The first attempt to fix the vulnerability has been discussed within my blog post von Microsoft hatte ich im Blog-Beitrag Hacker are misusing CVE-2017-11882 in Office EQNEDT32.EXE.

Update KB890830 Windows Malicious Software Removal Tool

Update KB890830 stellt eine aktualisierte Version des Windows Malicious Software Removal Tool bereit. Diese wird bei jedem Update ausgeführt, um Malware vom System zu entfernen. Am Artikelende finden sich Links zu Beiträgen über dieses Tool.

.NET Framework

  • 2018-01 Security Only Update for .NET Framework 4 on WES09 and POSReady 2009 (KB4054173)
  • 2018-01 Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009 (KB4054178)
  • 2018-01 Security Only Update for .NET Framework 3.0 on WES09 and POSReady 2009 (KB4055229)
  • 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012 (KB4055265)
  • 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4055266)
  • 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 (KB4055267)
  • 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4055269)
  • 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012 (KB4055270)
  • 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Windows Server 2012 R2 (KB4055271)
  • 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 (KB4055272)
  • 2018-01 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4055532)

Update KB4033369 .NET Framework 4.7.1

Addendum: Update KB4033369 (.NET Framework 4.7.1 for Windows 8.1, Windows RT 8.1 und Windows Server 2012 R2) has been revised (at least) on January 9, 2018. Blog reader Leon informed me about install issues on 3 Windows 8.1 systems. After deactivating Windows Defender, he was able to install this update.

Similar articles
Adobe Flash Player version 28.0.0.137 released
Windows 7/8.1: Updates KB4056894, KB4056895 released
Critical Security Updates for Windows 7/8.1/Server (01/03/2018)
Windows 10: Critical Updates (01/03/2018)
Critical Updates for Windows and Browser (01/03/2018)
Microsoft releases Windows 10 Patch to fix Intel Bug
FYI: Microsoft Security Advisory Notification (January 5, 2018)
PSA: Microsoft Security Update Releases January 5, 2018
Windows 10: Update KB4056892 kills AMD systems (Error 0x800f0845)


Advertising


This entry was posted in browser, Office, Security, Update, Windows and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *