Microsoft Critical security bulletins Summary – January 2017

Number: AV17-004
Date: 10 January 2017

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for January 2017.

Assessment

The summary covers 4 bulletins (2 Critical, 2 Important), which addresses multiple vulnerabilities in: LSASS, Microsoft Office, Adobe Flash Player for Internet Explorer, and Microsoft Edge.

***Critical***

• MS17-003 Security Update for Adobe Flash Player
• MS17-002 Security Update for Microsoft Office

***Important***

• MS17-004 Security Update for Local Security Authority Subsystems Service
• MS17-001 Security Update for Microsoft Edge

CVE Reference: CVE-2017-0002, CVE-2017-0003, CVE-2017-0004, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

• https://technet.microsoft.com/en-us/library/security/MS17-001
• https://technet.microsoft.com/en-us/library/security/MS17-002
• https://technet.microsoft.com/en-us/library/security/MS17-003