[German]Microsoft's patchday on January 9, 2018 just brought us a few updates for Adobe Flash, Windows 10 V1709, Office and NET Framework so far. This is due the fact, that Microsoft already released some updates last week, to fix the Meltdown/Spectrum vulnerabilities .
Update KB4056887 Adobe Flash Player
Update KB4056887 is a security update for Adobe Flash Player, which closes the vulnerability described in the article Adobe Flash Player version 28.0.0.137 released. The flash update is available for Windows Server version 1709, Windows Server 2016, Windows 10 version 1709 (Case Creators Update), Windows 10 version 1703 (Creators Update), Windows 10 version 1607, Windows 10 version 1511, Windows 10 version 1511, Windows 10 RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. The update is distributed via Windows Update, but is available as a download via Microsoft Update Catalog.
Update KB4056868 Windows 10 V1703
Update KB4056868 (Compatibility update for upgrading to Windows 10 1703: January 9, 2018) is a dynamic update. It is intended to improve compatibility when upgrading from Windows 10 Creators Update to later versions of Windows 10. The dynamic update is used during installation or reset (see Windows 10: What are dynamic updates?).
Update KB4056568 Internet Explorer
Update KB4056568 (Cumulative security update for Internet Explorer: January 9, 2018) fixes several reported vulnerabilities in Internet Explorer. The most serious of these vulnerabilities could allow remote code execution when a user views a specially crafted Web page in Internet Explorer. For more information about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures.
Update KB4057903 Windows Server 2012 R2
Update KB4057903 (Update for Windows Server 2012 R2 for x64-based Systems, Hyper-V integration components update for Windows virtual machines) contains the latest integrated components for Windows Server 2012 R2 Guest Virtual Machines (VMs) that are running on a Windows 10-based or Windows Server 2016-based host, or a Windows Server 2012 R2-based host. It fixes a bug in a storage filter (vmstorfl.sys) that may have an impact towards performance.
Office-Updates
Microsoft has released a number of security updates for Microsoft Office. Please note that these updates only apply to Office's MSI installer versions (click-to-run variants are updated differently). A list of updates may be found here and within kb article 4058103.
Microsoft Office 2016
- Excel 2016: Description of the security update for Excel 2016: January 9, 2018 (KB4011627)
- Office 2016: Description of the security update for Office 2016: January 9, 2018 (KB4011574)
- Office 2016: Description of the security update for Office 2016: January 9, 2018 (KB4011622)
- Office 2016: Description of the security update for Office 2016: January 9, 2018 (KB4011632)
- Outlook 2016: Description of the security update for Outlook 2016: January 9, 2018 (KB4011626)
- Word 2016: Description of the security update for Word 2016: January 9, 2018 (KB4011643)
Microsoft Office 2013
- Excel 2013: Description of the security update for Excel 2013: January 9, 2018 (KB4011639)
- Office 2013: Description of the security update for Office 2013: January 9, 2018 (KB4011580)
- Office 2013: Description of the security update for Office 2013: January 9, 2018 (KB4011636)
- Outlook 2013: Description of the security update for Outlook 2013: January 9, 2018 (KB4011637)
- Word 2013: Description of the security update for Word 2013: January 9, 2018 (KB4011651)
Microsoft Office 2010
Excel 2010
Description of the security update for Excel 2010: January 9, 2018 (KB4011660)
Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011658)
Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011610)
Office 2010
Description of the security update for Office 2010: January 9, 2018 (KB4011611)
Outlook 2010
Description of the security update for Outlook 2010: January 9, 2018 (KB4011273)
Word 2010
Description of the security update for Word 2010: January 9, 2018 (KB4011659)
Microsoft Office 2007
- Excel 2007: Description of the security update for Excel 2007: January 9, 2018 (KB4011602)
- Excel Viewer 2007: Description of the security update for Excel Viewer 2007: January 9, 2018 (KB4011606)
- Microsoft Office Compatibility Pack Service Pack 3: Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: January 9, 2018 (KB4011607)
- Microsoft Office Compatibility Pack Service Pack 3: Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: January 9, 2018 (KB4011605)
- Office 2007: Description of the security update for 2007 Microsoft Office Suite: January 9, 2018 (KB4011201)
- Office 2007: Description of the security update for 2007 Microsoft Office Suite: January 9, 2018 (KB4011656)
- Outlook 2007: Description of the security update for Outlook 2007: January 9, 2018 (KB4011213)
- Word 2007: Description of the security update for Word 2007: January 9, 2018 (KB4011657)
- Word Viewer: Description of the security update for Word Viewer: January 9, 2018 (KB4011641)
SharePoint Server 2016
- Office Online Server: Description of the security update for Office Online Server: January 9, 2018 (KB4011021)
- SharePoint Enterprise Server 2016: January 9, 2018, update for SharePoint Enterprise Server 2016 (KB4011645)
- SharePoint Enterprise Server 2016: Description of the security update for SharePoint Server 2016: January 9, 2018 (KB4011642)
SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013
- Office Web Apps Server 2013: Description of the security update for Office Web Apps Server 2013: January 9, 2018 (KB4011648)
- Project Server 2013: January 9, 2018, cumulative update for Project Server 2013 (KB4011650)
- Project Server 2013: January 9, 2018, update for Project Server 2013 (KB4011654)
- SharePoint Enterprise Server 2013: January 9, 2018, update for SharePoint Enterprise Server 2013 (KB4011595)
- SharePoint Enterprise Server 2013: January 9, 2018, update for SharePoint Enterprise Server 2013 (KB4011647)
- SharePoint Enterprise Server 2013: Description of the security update for SharePoint Server 2013: January 9, 2018 (KB4011599)
- SharePoint Enterprise Server 2013: Description of the security update for SharePoint Server 2013: January 9, 2018 (KB4011579)
- SharePoint Enterprise Server 2013: January 9, 2018, cumulative update for SharePoint Enterprise Server 2013 (KB4011652)
- SharePoint Foundation 2013: January 9, 2018, cumulative update for SharePoint Foundation 2013 (KB4011649)
- SharePoint Foundation 2013: Description of the security update for SharePoint Foundation 2013: January 9, 2018 (KB4011653)
SharePoint Server 2010, Project Server 2010, and SharePoint Foundation 2010
- Project Server 2010: January 9, 2018, cumulative update for Project Server 2010 (KB4011613)
- SharePoint Foundation 2010: Description of the security update for SharePoint Foundation 2010: January 9, 2018 (KB3141547)
- SharePoint Server 2010: Description of the security update for SharePoint Server 2010: January 9, 2018 (KB4011609)
- SharePoint Server 2010: Description of the security update for SharePoint Server 2010: January 9, 2018 (KB3114998)
- SharePoint Server 2010: January 9, 2018, cumulative update for SharePoint Server 2010 (KB4011616)
- SharePoint Server 2010 Office Web Apps: Description of the security update for SharePoint Server 2010 Office Web Apps: January 9, 2018 (KB4011615)
Addendum: Office Vulnerability CVE-2018-0802
All Microsoft Office versions has a memory corruption vulnerability CVE-2018-0802 in Equation Editor, that has been fixed again. According to Microsoft's description, the vulnerability also affects WordPad. The linked Microsoft says all Microsoft Office versions from Office 2007 to Office 2016, including the Click to Run variants, are patched. Microsoft classifies the vulnerability as important. The Register has provided an overview of the updates.
BTW, this is the 2nd attempt to close this vulnerability. There are reports from Check Point (01/09/2018) and here addressing this issue. The first attempt to fix the vulnerability has been discussed within my blog post von Microsoft hatte ich im Blog-Beitrag Hacker are misusing CVE-2017-11882 in Office EQNEDT32.EXE.
Update KB890830 Windows Malicious Software Removal Tool
Update KB890830 stellt eine aktualisierte Version des Windows Malicious Software Removal Tool bereit. Diese wird bei jedem Update ausgeführt, um Malware vom System zu entfernen. Am Artikelende finden sich Links zu Beiträgen über dieses Tool.
.NET Framework
- 2018-01 Security Only Update for .NET Framework 4 on WES09 and POSReady 2009 (KB4054173)
- 2018-01 Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009 (KB4054178)
- 2018-01 Security Only Update for .NET Framework 3.0 on WES09 and POSReady 2009 (KB4055229)
- 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012 (KB4055265)
- 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4055266)
- 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 (KB4055267)
- 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4055269)
- 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Embedded 8 Standard and Windows Server 2012 (KB4055270)
- 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Windows Server 2012 R2 (KB4055271)
- 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 (KB4055272)
- 2018-01 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4055532)
Update KB4033369 .NET Framework 4.7.1
Addendum: Update KB4033369 (.NET Framework 4.7.1 for Windows 8.1, Windows RT 8.1 und Windows Server 2012 R2) has been revised (at least) on January 9, 2018. Blog reader Leon informed me about install issues on 3 Windows 8.1 systems. After deactivating Windows Defender, he was able to install this update.
Similar articles
Adobe Flash Player version 28.0.0.137 released
Windows 7/8.1: Updates KB4056894, KB4056895 released
Critical Security Updates for Windows 7/8.1/Server (01/03/2018)
Windows 10: Critical Updates (01/03/2018)
Critical Updates for Windows and Browser (01/03/2018)
Microsoft releases Windows 10 Patch to fix Intel Bug
FYI: Microsoft Security Advisory Notification (January 5, 2018)
PSA: Microsoft Security Update Releases January 5, 2018
Windows 10: Update KB4056892 kills AMD systems (Error 0x800f0845)
