It's a new year and it's time to gear up for the first Patch/Update Tuesday of 2017. January is traditionally a light month for Microsoft security bulletins and this month is no exception. In fact, with only four bulletins, this is one of the smallest Patch Tuesday updates on record.
This is also the last time Microsoft is using its traditional security bulletin system. Moving forward, with the exception of Windows Vista, Microsoft patches for its products will be delivered in one installable package.
Although small in number, this month's Microsoft patches are essential nevertheless, with one bulletin rated as critical and three marked as important. It is recommended that you apply these updates as soon as you can.
MS17-002 is a security update for Microsoft Office that resolves a vulnerability that could allow remote code execution if a user opens a specially crafted file. The security update addresses the vulnerability by correcting how affected versions of Office and Office components handle objects in memory. This update was marked as Critical initially but was downgraded to Important.
The next bulletin rated as Important, MS17-001 is a security update for Microsoft Edge in that could allow elevation of privilege if a user views a poisoned website.
MS17-004 is an Important security update for the Local Security Authority Subsystem Service (LSASS). The vulnerability can cause a denial of service attack on a target computer and can cause an automatic reboot. This flaw affects Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.