Earlier this week marked the end of support for Windows Vista. This means anyone using Vista will no longer receiving new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. If you’re unable to update your version of Windows, this is where virtual patching becomes very important. Virtual patching gives you added protection when patches aren’t available. Our solutions can help you gain control of your patch management lifecycle with pre-emptive coverage between the discovery of a vulnerability and the availability of a patch, as well as protection for legacy, out-of-support software.
This month also marks the end of Microsoft security bulletins. I liked using a RSS feed to see the latest Microsoft bulletins, but now, Microsoft is directing everyone to their Security Update Guide, where you can search by CVE or Knowledge Base article. Time will tell how IT admins will adjust to the new format. As you’ll see in the Microsoft update below, my table is a little different now since there is no longer a Microsoft bulletin number associated with the CVEs.
Microsoft Update
This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before April 11, 2017. Patches were released for 45 unique CVEs in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ April 2017 Security Update Review:
| CVE # | Digital Vaccine Filter # | Status |
| CVE-2013-6629 | Insufficient Vendor Information | |
| CVE-2017-0058 | Insufficient Vendor Information | |
| CVE-2017-0093 | Insufficient Vendor Information | |
| CVE-2017-0106 | 27423 | |
| CVE-2017-0155 | 27727 | |
| CVE-2017-0158 | 27719 | |
| CVE-2017-0159 | Insufficient Vendor Information | |
| CVE-2017-0160 | 27740 | |
| CVE-2017-0162 | Insufficient Vendor Information | |
| CVE-2017-0163 | Insufficient Vendor Information | |
| CVE-2017-0164 | Insufficient Vendor Information | |
| CVE-2017-0165 | 27739 | |
| CVE-2017-0166 | Insufficient Vendor Information | |
| CVE-2017-0167 | 27729 | |
| CVE-2017-0168 | Insufficient Vendor Information | |
| CVE-2017-0169 | Insufficient Vendor Information | |
| CVE-2017-0178 | Insufficient Vendor Information | |
| CVE-2017-0179 | Insufficient Vendor Information | |
| CVE-2017-0180 | Insufficient Vendor Information | |
| CVE-2017-0181 | Insufficient Vendor Information | |
| CVE-2017-0182 | Insufficient Vendor Information | |
| CVE-2017-0183 | Insufficient Vendor Information | |
| CVE-2017-0184 | Insufficient Vendor Information | |
| CVE-2017-0185 | Insufficient Vendor Information | |
| CVE-2017-0186 | Insufficient Vendor Information | |
| CVE-2017-0188 | 27731 | |
| CVE-2017-0189 | 27732 | |
| CVE-2017-0191 | Insufficient Vendor Information | |
| CVE-2017-0192 | 27733 | |
| CVE-2017-0194 | 27728 | |
| CVE-2017-0195 | Insufficient Vendor Information | |
| CVE-2017-0197 | 27736 | |
| CVE-2017-0199 | 27726 | |
| CVE-2017-0200 | 27723 | |
| CVE-2017-0201 | Insufficient Vendor Information | |
| CVE-2017-0202 | 27724 | |
| CVE-2017-0203 | Insufficient Vendor Information | |
| CVE-2017-0204 | Insufficient Vendor Information | |
| CVE-2017-0205 | 27725 | |
| CVE-2017-0207 | Insufficient Vendor Information | |
| CVE-2017-0208 | 27737 |
Zero-Day Filters
There are 15 new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (10)
|
|
MIcrosoft (5)
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.