Leave a comment

Urgent! Make sure you get all these Windows updates

Urgent! Make sure you get all these Windows updates
© Maxkabakov | Dreamstime

It's that time of the month again. This day, which usually falls on the second Tuesday of each month, is unofficially called "Patch Tuesday" or "Update Tuesday" by tech fans and savvy Windows PC users alike.

This time around, Microsoft fixed a total of 62 security flaws including a serious zero-day flaw on a popular program that can allow a hacker to take over a computer. Yikes!

Also, if you're still using an older version of Windows, you may want to update too as soon as you can.

Read on and I'll tell you why Microsoft's October 2017 updates are so critical.

Zero-day Word flaw

The most critical patch is a fix for a zero-day flaw in Microsoft Office Word. This is already publicly known and is already being used for attacks so it's important that you apply it immediately.

The flaw is a remote code execution vulnerability, meaning it can allow an attacker to take over a machine remotely. It affects Microsoft Word 2007 and later plus Word Automation Services and Microsoft Office Web Apps Server.

Other critical patches for October 2017

A total of 62 security fixes were issued in October's batch of Microsoft updates. Aside from the Word zero-day bug, two other publicly known flaws are also addressed.

First is the denial of service issue in the Windows Subsystem for Linux and a cross-site scripting flaw in Microsoft Office Sharepoint.

Here's a list of the 62 security fixes issued by Microsoft this month:

Affected serviceCVE IDCVE Title
Device GuardCVE-2017-8715Windows Security Feature Bypass Vulnerability
Device GuardCVE-2017-11823Microsoft Windows Security Feature Bypass
Internet ExplorerCVE-2017-11790Internet Explorer Information Disclosure Vulnerability
Internet ExplorerCVE-2017-11810Scripting Engine Memory Corruption Vulnerability
Internet ExplorerCVE-2017-11822Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2017-11813Internet Explorer Memory Corruption Vulnerability
Microsoft EdgeCVE-2017-8726Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2017-11794Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2017-11816Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2017-11763Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2017-11762Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2017-11824Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2017-8693Microsoft Graphics Information Disclosure Vulnerability
Microsoft JET Database EngineCVE-2017-8718Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2017-8717Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2017-11776Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2017-11775Microsoft Office SharePoint XSS Vulnerability
Microsoft OfficeCVE-2017-11774Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2017-11777Microsoft Office SharePoint XSS Vulnerability
Microsoft OfficeCVE-2017-11826Microsoft Office Memory Corruption Vulnerability
Microsoft OfficeCVE-2017-11825Microsoft Office Remote Code Execution Vulnerability
Microsoft OfficeADV170017Office Defense in Depth Update
Microsoft OfficeCVE-2017-11786Skype for Business Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2017-11820Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting EngineCVE-2017-11798Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11799Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11809Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11796Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11797Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2017-11806Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11800Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11808Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11807Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11805Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11804Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11811Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11801Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11802Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11812Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11821Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11793Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2017-11792Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2017-11818Windows Storage Security Feature Bypass Vulnerability
Microsoft WindowsADV170016Windows Server 2008 Defense in Depth
Microsoft WindowsCVE-2017-11783Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2017-11769TRIE Remote Code Execution Vulnerability
Microsoft Windows DNSCVE-2017-11779Windows DNSAPI Remote Code Execution Vulnerability
Microsoft Windows Search ComponentCVE-2017-11772Microsoft Search Information Disclosure Vulnerability
Microsoft Windows Search ComponentCVE-2017-11771Windows Search Remote Code Execution Vulnerability
Windows KernelCVE-2017-11784Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2017-11817Windows Information Disclosure Vulnerability
Windows KernelCVE-2017-11814Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2017-11765Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2017-11785Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode DriversCVE-2017-8694Win32k Elevation of Privilege Vulnerability
Windows Kernel-Mode DriversCVE-2017-8689Win32k Elevation of Privilege Vulnerability
Windows NTLMADV170014Optional Windows NTLM SSO authentication changes
Windows ShellCVE-2017-8727Windows Shell Memory Corruption Vulnerability
Windows ShellCVE-2017-11819Windows Shell Remote Code Execution Vulnerability
Windows SMB ServerCVE-2017-11815Windows SMB Information Disclosure Vulnerability
Windows SMB ServerCVE-2017-11782Windows SMB Elevation of Privilege Vulnerability
Windows SMB ServerCVE-2017-11781Windows SMB Denial of Service Vulnerability
Windows SMB ServerCVE-2017-11780Windows SMB Remote Code Execution Vulnerability
Windows Subsystem for LinuxCVE-2017-8703Windows Subsystem for Linux Denial of Service Vulnerability
Windows TPMADV170012Vulnerability in TPM could allow Security Feature Bypass
Windows UpdateCVE-2017-11829Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Did you notice anything missing? Adobe usually releases its patches on the same day as Microsoft but interestingly enough, there are no Adobe Flash security updates this month.

Cumulative updates

Ahead of the Patch Tuesday security patches, Microsoft also issued a new cumulative update for computers running the Windows 10 Creators update yesterday.

Cumulative updates include all the previously released fixes in one big patch. This ensures that your Windows 10 computer has all current and past updates and security fixes installed.

This is the reason why you need to update your system regularly. If you constantly miss the monthly patches, your system's cumulative update will be large and it will take longer to install.

End of support for Windows 10 version 1511

This month is also significant since Microsoft is ending support for Windows 10 version 1511, the one released way back in November 2015. If you still have this version (or earlier) please update to the latest version of Windows 10 because Microsoft will no longer provide security and feature updates for it.

To check for your Windows 10 version, search for winver on your taskbar then press Enter. This will open an About Windows tab displaying your Windows 10 version.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.

Windows 10 priority updates puts users at risk

Did you know that there's a lag on the deployment of security patches between Windows 10 and older Windows versions like 7 and 8.1? This delay is actually putting millions of users at risk. Click here and I'll explain why.

Next Story
Source: Softpedia
Warn your kids! Fake model scouts ruining lives on social media
Previous Happening Now

Warn your kids! Fake model scouts ruining lives on social media

Uh-Oh! Most visited porn site spreading nasty malware
Next Happening Now

Uh-Oh! Most visited porn site spreading nasty malware

View Comments ()