As scheduled Microsoft released their monthly security updates earlier today. They address 62 vulnerabilities; more formally known as CVEs (defined). These are detailed within Microsoft’s new Security Updates Guide.
This month there are 4 Known Issues (kb4041691, kb4042895 , kb4041676 and kb4041681) for this month’s Microsoft updates. 2 of these issues relate to an exception error dialog box appearing, with the others causing a black screen, updates not to install in express , a BSOD and changing of display languages. Microsoft states in each link above they are working on resolutions to these issues.
Update: 18th October:
On the 16th of October Adobe released Flash Player v126.96.36.199 to address a critical zero day (defined) vulnerability being exploited in the wild. The BlackOasis APT group are believed to operate in the Middle East. The group is using malicious Microsoft Office documents with embedded ActiveX controls which contain the necessary Flash exploit. This exploit later installs the FinSpy malware.
Please install this update as soon as possible for any device with Flash Player installed. Google Chrome has already automatically received the update while earlier today Windows 8.1 and Windows 10 began receiving it.
As always you can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.
For this month’s Microsoft updates, I will prioritize the order of installation for you below:
Windows Search Service (CVE-11771): affects Windows 7 up to and including Windows 10
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
Nvidia Geforce Drivers:
This update (released in September 2017) applies to Linux, FreeBSD, Solaris and Windows and resolves up to 8 security vulnerabilities. The steps to install the drivers are detailed here. I detailed where Nvidia list their security advisories in a previous blog post.