Tag Archives: Microsoft Uniscribe

December 2016 Security Updates Summary

Today Microsoft and Adobe released their scheduled monthly security updates, the final scheduled set from both vendors for 2016.

Microsoft’s made 12 bulletins available. These updates address 47 vulnerabilities listed within Microsoft’s security bulletin summary (as before excluding the Adobe bulletin). These are more formally known as CVEs (defined).

As with previous months, fortunately this month (so far) there are no Known Issues detailed within the above mentioned summary page. Monitoring that page before deploying the updates as well as the IT Pro Patch Tuesday blog will keep you well informed enabling you to have the best opportunity to avoid potential issues. If any issues do arise, those pages should be your first places to check for solutions.

====================
Adobe made available 9 security bulletins which included their regular Flash Player update. Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users will have the updated installed automatically alongside the updated version of Google Chrome which will most likely be made available by Google either later today or in the next 1 to 2 days.

The Flash Player update addresses 17x priority 1 CVEs. All of Adobe’s priority rating are explained in the previous link. The other 8 security bulletins can be summarised as follows:

Adobe Animate (APSB16-38): Addresses 1x priority 3 CVE.
Adobe Experience Manager Forms (APSB16-40): Addresses 2x priority 3 CVEs.
Adobe DNG Converter (APSB16-41): Addresses 1x priority 3 CVE.
Adobe Experience Manager (APSB16-42): Fixes 4x priority 2 CVEs.
Adobe InDesign (APSB16-43): Fixes 1x priority 3 CVE.
Adobe ColdFusion Builder (APSB16-44): Fixes 1x priority 2 CVE.
Adobe Digital Editions (APSB16-45): Fixes 2x priority 3 CVEs.
Adobe RoboHelp (APSB16-46): Fixes 1x priority 3 CVE.

If you use Flash or any of the above products, please review the security bulletins linked to above and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

As always; to assist with making the best use of your time when deploying these updates, I will prioritise the updates for you below:

This month is a little different than before since the Microsoft Internet Explorer and Microsoft Edge bulletins when combined address 6 vulnerabilities that are already publicly disclosed (defined). These should be followed by the Adobe Flash update which addresses a zero day vulnerability (defined). Next up would be Microsoft Office, the Windows Graphics component and the Microsoft Uniscribe update due to their criticality.

The remaining security updates can be installed when you have the time to do so. Detailed information on the contents of each security bulletin is published each month within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

Please note that Microsoft EMET is in the process of being retired with the end of support scheduled for the 31st of July 2018.

As is my standard practice, I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

December 2015 Security Updates Summary

Today Microsoft released it’s final scheduled collection of security bulletins for 2015. There are 12 bulletins in total addressing 71 security issues more formally known as CVEs (defined)(only 58 of those are unique CVEs since some updates address the same issue within different updates).

The Security Bulletin Summary at this time does not list any Known Issues. An excellent additional source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered.

Adobe issued updates to Flash Player and Adobe AIR, its application runtime to resolve a record number of 79 critical CVEs. Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). Users of Google Chrome have received (I have confirmed this); this Flash update within this Chrome update. Microsoft has announced the availability of their Flash update by updating this security advisory for users of Internet Explorer 10, 11 and Microsoft Edge installed on Windows 8.0, 8.1 and Windows 10 (respectively).

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

I would recommend installing the update to Adobe Flash Player first if you make use of this web browser plugin. Their update addresses 79 critical security issues which may be exploited by exploit kits (defined) within a short timeframe. In addition, it has been a very eventful year for Adobe with a record number of security issues patched making this update even more important to install.

With regards to prioritizing Microsoft’s updates I would recommend installing the Windows Kernel update first since it addresses a zero day (defined) vulnerability. Next install the updates for Internet Explorer, Microsoft Edge Microsoft Office, JScript and VBScript, Windows DNS, Windows Graphics Component, Silverlight and Microsoft Uniscribe due to their critical severities. You can then install any remaining applicable updates. The DNS, Internet Explorer, Edge and Office updates will be of particular importance to large organizations due to the prevalence of this software.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.