It is the second Tuesday of the month, and that means it is once again Patch Day over at Microsoft.
The company has released security updates and non-security updates for client and server versions of its Windows operating system, as well as for other company products today.
Our guide provides you with information on these updates. It lists all security bulletins that Microsoft released this month, and all non-security updates and security advisories.
It starts with an executive summary that highlights the most important information, and lists who all client and server operating systems, and other Microsoft products, are affected this month.
Last but not least, it provides you with information on how to download the updates, direct links to major updates, and links to resources that provide you with additional information.
Only Windows 8.1, Windows 8.1 RT, and Windows 10 are affected by a critical vulnerability on the client side. The only server operating system affected by a vulnerability rated critically is Windows Server 2016.
All are affected by MS17-003, a bulletin that patches Adobe Flash Player. That's also the reason why Windows 7, Vista and Windows Server 2008, 2008 R2 and 2012 are not affected by the vulnerability.
It is also interesting to note that Microsoft rates MS17-001 as important, even though Microsoft Edge on Windows 10 is affected by the vulnerability critically.
Red = critical
MS17-001 -- Security Update for Microsoft Edge (3199709)
This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges
MS17-002 -- Security Update for Microsoft Office (3214291)
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS17-003 -- Security Update for Adobe Flash Player (3214628)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
MS17-004 -- Security Update for Local Security Authority Subsystem Service (3216771)
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
Microsoft Security Advisory 2755801 -- Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
KB3213986 -- Cumulative update for Windows 10, OS Build 14393.693
KB3212646 -- January 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
KB3212642 -- January 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
KB3210063 -- Update for Windows Server 2012 R2 -- "0x000000D1" Stop error with update rollups on Windows Server 2012 R2
KB3210083 -- Update for Windows 8.1 and Windows Server 2012 R2 -- iSCSI disks are lost on upgrade for StorSimple appliances after update 3172614 is installed on Windows Server 2012 R2
KB3210694 -- Update for Internet Explorer -- Internet browser page becomes blank after you install security updates 3185330 in Windows 7 SP1 or security update 3185331 in Windows 8.1
Microsoft releases individual patches for Windows Vista, and cumulative updates for Windows 7, Windows 8.1 and Windows 10.
This means that options are limited when it comes to updating systems running Windows 7 or newer versions of Windows.
Patches are provided via Windows Update. Please note that the full security and non-security rollup updates are provided through Windows Update, but not the security-only rollup updates. If you only want security updates, you have to download them from the Microsoft Update Catalog instead.
Download links are provided in the next section below.
To check for updates on Windows Update, do the following:
Windows 7 SP1 and Windows Server 2008 R2 SP1
Windows 8.1 and Windows Server 2012 R2
None this month -- January, 2017 Security Only Quality Update
None this month -- January, 2017 Security Monthly Quality Rollup
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.