Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: January 2017 Microsoft Patch Tuesday - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
January 2017 Microsoft Patch Tuesday

If your job today is to apply Microsoft patches: You get to go home early today! I think this is the lightest patch Tuesday ever.

Microsoft today released 3 bulletins itself plus one for Adobe. While two of the vulnerabilities are "publicly known", they only affect non-critical updates: A privilege escalation vulnerability in Microsoft Edge (CVE 2017-0002) and a denial of service vulnerability in LSASS (CVE 2017-0004). For the first time in a many many months there is no Internet Explorer update this month.

You can find all the details again via our MSFT Patch page: https://isc.sans.edu/mspatchdays.html?viewday=2017-01-10 or our API if you prefer a more structured format: https://isc.sans.edu/api/getmspatchday/2017-01-10

I doubt that Microsoft ran out of vulnerabilities to fix, but due to the holidays at the end of December, they likely had less time to fix existing vulnerabilities. January has been historically a "light month" for bulletins:

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Johannes

3008 Posts
ISC Handler
Hi,

the ISC summary page shows MS17-002 as rated "critical" by Microsoft.
Their page for MS17-002 shows a rating of "important".

Regards,
Klaus
K

5 Posts Posts
fixed. I also removed the duplicate CVE for MS17-001. (site may take a while to update due to caching)
Johannes

3008 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!