It's a new year and it's time to gear up for the first Patch/Update Tuesday of 2017. January is traditionally a light month for Microsoft security bulletins and this month is no exception. In fact, with only four bulletins, this is one of the smallest Patch Tuesday updates on record.
This is also the last time Microsoft is using its traditional security bulletin system. Moving forward, with the exception of Windows Vista, Microsoft patches for its products will be delivered in one installable package.
Although small in number, this month's Microsoft patches are essential nevertheless, with one bulletin rated as critical and three marked as important. It is recommended that you apply these updates as soon as you can.
MS17-002 is a security update for Microsoft Office that resolves a vulnerability that could allow remote code execution if a user opens a specially crafted file. The security update addresses the vulnerability by correcting how affected versions of Office and Office components handle objects in memory. This update was marked as Critical initially but was downgraded to Important.
The next bulletin rated as Important, MS17-001 is a security update for Microsoft Edge in that could allow elevation of privilege if a user views a poisoned website.
MS17-004 is an Important security update for the Local Security Authority Subsystem Service (LSASS). The vulnerability can cause a denial of service attack on a target computer and can cause an automatic reboot. This flaw affects Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
The lone bulletin marked as Critical, MS17-003, addresses more bugs in Adobe Flash Player that could allow remote code execution. This affects all instances of Flash, including browser plug-ins for Chrome, Firefox and IE, and it is essential that they are updated immediately.
Speaking of Adobe, their security updates for this month address 13 Flash Player flaws, 12 of them could lead to remote code execution. If you are still using Flash, please update immediately.
29 vulnerabilities were also patched in Reader and Acrobat, all but one could allow remote code execution.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.
But if you want to check, here's how:
On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 220.127.116.11.