Yesterday was Microsoft’s Update Tuesday and they made available their scheduled monthly security updates.
Microsoft’s updates consist of 9 security bulletins. These bulletins resolve 33 vulnerabilities more formally known as CVEs (defined).
The first issue is more informational rather than an error/interruption to your work. While the second known issue is notifying you that this update “disables the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations”.
The IT Pro Patch Tuesday blog is also a very useful resource to check before installing the updates to better inform you of whether to proceed or not.
For the first time since January Adobe has not published a Flash Player security bulletin. However, they did release a priority 2 update for Adobe Experience Manager, resolving 4 CVEs.
If you use any the above Adobe products, please review the security bulletins linked to above and apply the necessary updates as soon as possible.
You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.
To assist with making the best use of your time when deploying this month’s Microsoft updates, I will prioritise the updates for you below:
Please make the updates for Microsoft Office, Microsoft Internet Explorer, Microsoft Edge your first priorities since they all address critical severity vulnerabilities. Please follow these with the Microsoft Graphics Component update (since it addresses a critical font handling issue (font vulnerabilities are discussed in a previous blog post)). All remaining security updates can be installed when you have the time available.
A final security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.
As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.