Yesterday, Microsoft celebrated the first Patch Tuesday of the year by pushing out significant updates to many of its supported operating systems. These included numerous fixes for problems on both mobile and desktop systems.
Now Microsoft has detailed some of the security fixes that also came along with yesterday’s patches. However, unlike previous months, January’s security updates are very few and none of them seem to address any particularly nasty issues:
MS17-001 is a security update for Microsoft Edge deemed to be Important, on Microsoft’s severity scale. The patch fixes an exploit that potentially allowed attackers to elevate their privileges on targeted machines. Users had to be tricked into viewing a malicious website, through which the attacker could gain elevated privileges. There’s no sign that this exploit was being used in the wild.
MS17-002 addresses issues in supported versions of Microsoft Office and Microsoft Office Services and Web Apps. The vulnerability fixed here allowed for remote code execution if the user opened a maliciously crafted Microsoft Office file. Those running without administrative rights would be less impacted. This patch is also deemed to be Important.
MS17-003 is the only security patch for this month designated as Critical. However, this update doesn’t come from Microsoft but from Adobe. This is the monthly batch of Flash patches that addresses security issues on all supported versions of Windows.
MS17-004 changes the way the Local Security Authority Subsystem Service (LSASS) in Windows handles specially crafted authentication requests. It does this to protect the system from potential denial of service attacks that could trigger system reboots. This vulnerability is deemed to be Important.
And that’s the end of the list. Only four security patches from Microsoft this month were put out, and one of them isn’t even for a Microsoft product. Even so, we recommend you install the updates as soon as possible to keep your machines secure.