Security updates for all supported versions of Microsoft Windows and other Microsoft products have been released on September 12, 2017.

This guide offers extensive information on the release; important to get a clearer picture on what has been released this month, and how the updates should be deployed.

It begins with an executive summary that lists the most important facts about the guide. What follows is the distribution of operating systems — by client and server versions of Windows — and other Microsoft products.

All security updates, security advisories, and non-security updates are listed afterwards. Each links to a Microsoft support page to look up information that Microsoft published on the particular update.

The last part of the guide links to direct security update downloads for Windows, and offers additional resource links that you may follow.

Check out the August 2017 Patch day if you missed it.

Microsoft Security Updates September 2017

Download the following Excel spreadsheet that lists all security updates and detailed information released by Microsoft since the August 2017 Patch Day.

Click on the following link to download the — zipped — spreadsheet to your local system:
microsoft-Security-Updates-september-2017.zip

Executive Summary

  • Microsoft released security patches for all versions of Windows.
  • Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.

Operating System Distribution

  • Windows 7:  22 vulnerabilities of which 3 are rated critical, 19 important
  • Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
  • Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

Windows Server products:

  • Windows Server 2008 R2: 23  vulnerabilities, of which 3 are rated critical, 20 important
  • Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
  • Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important

Other Microsoft Products

  • Internet Explorer 11: 7  vulnerabilities, 5 critical, 2 important
  • Microsoft Edge: 28 vulnerabilities, 19 critical,  7 important, 2 moderate

Security Updates

KB4038788 — Windows 10 Version 1703

  • Addressed issue where the color profiles do not revert to the user-specified settings after playing a full-screen game.
  • Updated HDR feature to be turned off by default in the OS.
  • Addressed issue where you can’t open the Start menu when you add a third-party IME.
  • Addressed issue with scanners that rely on inbox driver support.
  • Addressed issue in a Mobile Device Manager Enterprise feature to allow headsets to work correctly.
  • Addressed issue where some machines fail to load wireless WAN devices when they resume from Sleep.
  • Addressed issue where Windows Error Reporting doesn’t clean up temporary files when there is a redirection on a folder.
  • Addressed issue where revoking a certificate associated with a disabled user account in the CA management console fails. The error is “The user name or password is incorrect.
  • 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE)”.
  • Addressed issue where LSASS is leaking large amounts of memory.
  • Addressed issue where enabling encryption using syskey.exe renders the system unbootable.
  • Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled.
  • Addressed issue where saving a credential with an empty password to Credential Manager causes the system to crash when attempting to use that credential.
  • Updates to Internet Explorer 11’s navigation bar with search box.
  • Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
  • Addressed issue with the EMIE where Microsoft Edge and Internet Explorer repeatedly switched between each other.
  • Addressed issue where a device may stop responding for several minutes and then stop working with error 0x9F (SYSTEM_POWER_STATE_FAILURE) when a USB network adapter is attached.
  • Addressed issue where some apps cannot be opened because the IPHlpSvc service stops responding during the Windows boot procedure.
  • Addressed issue where spoolsv.exe stops working.
  • Addressed issue where the Get-AuthenticodeSignature cmdlet does not list TimeStamperCertificate even though the file is time stamped.
  • Addressed issue where, after upgrading to Windows 10, users may experience long delays when running applications hosted on Windows Server 2008 SP2.
  • Addressed RemoteApp display issues that occur when you minimize and restore a RemoteApp to full-screen mode.
  • Addressed issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working.
  • Addressed issue that causes the Export-StartLayout cmdlet to fail when exporting the layout of tiles at startup.
  • Addressed issue where the option to join Azure AAD is sometimes unavailable during the out-of-box experience.
  • Addressed issue where clicking the buttons on Windows Action Center notifications results in no action being taken.
  • Re-release of MS16-087- Security update for Windows print spooler components.
  • Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Edge, Device Guard, Windows TPM, Internet Explorer, Microsoft Scripting Engine, Windows Hyper-V, Windows kernel, and Windows Virtualization.
This  Windows 10: allow apps from Store only analysis

KB4038792 — Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

  • Updates to Internet Explorer 11’s navigation bar with search box.
  • Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
  • Addressed issue in Internet Explorer where graphics render incorrectly.
  • Addressed issue in Internet Explorer where the Delete key functioned improperly.
  • and all updates of KB4038793

KB4038793 — Windows 8.1 and Windows Server 2012 R2 Security-only update

  • Re-release of MS16-087- Security update for Windows print spooler components.
  • Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM, Windows Hyper-V, Windows kernel, and the Windows DHCP Server.

KB4038799 — 2017-09 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

  • Same as KB4038793

KB4038786 — 2017-09 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

  • Same as KB4038793

KB4038777 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Updates to Internet Explorer 11’s navigation bar with search box.
  • Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
  • Addressed issue in Internet Explorer where graphics render incorrectly.
  • Addressed issue in Internet Explorer where the Delete key functioned improperly.
  • and all updates of KB4038779

KB4038779 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Security-only Update

  • Addressed issue where applications that have LDAP referral chasing options enabled use a TCP dynamic port connection that doesn’t close until the applications close or the calling OS restarts. With sufficient time and volume, these applications may completely consume all TCP dynamic ports. If that occurs, network communications will fail for any protocol or operation that uses dynamic ports. This issue was introduced by the July and August 2017 cumulative updates starting with KB4025337 and KB4025341.
  • Re-release of MS16-087- Security update for Windows print spooler components.
  • Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Windows Hyper-V, Windows kernel, and Windows Virtualization.

KB3170455 — Security Update for Windows Server 2008 — security update for Windows print spooler components (July 2016, re-release September 2017)

KB4032201 — Security update for the Windows kernel information disclosure vulnerability in Windows Server 2008 — An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

  • Note: You need to re-install the update after you install language packs on the system.

KB4034786 — Security Update for Windows Server 2008 — Security update for the Microsoft Bluetooth driver spoofing vulnerability in Windows Server 2008.

  • Note: You need to re-install the update after you install language packs on the system.

KB4038806 — 2017-09 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB4038874 — Security Update for Windows Server 2008 — Security update for the Windows Kernel information disclosure vulnerability in Windows Server 2008.

  • Note: You need to re-install the update after you install language packs on the system.

KB4039038 — Security Update for Windows Server 2008 — Security update for the information disclosure vulnerability in Windows Server 2008

  • Note: You need to re-install the update after you install language packs on the system.

KB4039266 — Security Update for Windows Server 2008 — Security update for the Windows shell remote code execution vulnerability in Windows Server 2008

  • Note: You need to re-install the update after you install language packs on the system.

KB4039325 — Security Update for Windows Server 2008 — No information yet

KB4039384 — Security Update for Windows Server 2008 and Windows XP Embedded — Security update for the Windows Uniscribe vulnerabilities in Windows Server 2008

  • Note: You need to re-install the update after you install language packs on the system.

KB4041083 — 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4041084 — 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4041085 — 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4041086 — 2017-09 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4041090 — 2017-09 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4041091 — 2017-09 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

This  Mozilla Corp acquires Pocket

KB4041092 — 2017-09 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Windows Server 2012 R2

KB4041093 — 2017-09 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4038781 — 2017-09 Dynamic Cumulative Update for Windows 10 Version 1607

KB4038783 — 2017-09 Dynamic Cumulative Update for Windows 10 Version 1511

KB4038788 — 2017-09 Cumulative Update for Windows 10 Version 1607 and Windows 10

Known Issues

KB4038788

  • Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications.
    • No workaround yet.

KB4038792 and KB4038793

  • NPS authentication may break, and wireless clients may fail to connect.
    • Workaround: Set SYSTEMCurrentControlSetServicesRasManPPPEAP13DisableEndEntityClientCertCheck to value 0.
  • Japanese IME may hang in certain scenarios.
    • Workaround: Install KB2962409.

Security advisories and updates

KB4025398 — Security Update for WES09 and POSReady 2009 — Fixes an information disclosure vulnerability in the Windows System Information Console.

Non-security related updates

KB3186568 — Microsoft .NET Framework 4.7 for Windows 10

KB3186607 — Microsoft .NET Framework 4.7 Language Packs for Windows 10

KB4039111 — Update for WEPOS and POSReady 2009

KB4039556 — 2017-09 Dynamic Update for Windows 10 Version 1607

KB890830 — Windows Malicious Software Removal Tool for Windows – September 2017

KB4038921 — Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4038922 — Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Windows Server 2012 R2

KB4038923 — Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4035036 — August, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4035037 — August, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4035038 — August, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4035039 — August, 2017 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4019276 — Update for Windows Server 2008 — Adds support for TLS 1.1 and TLS 1.2.

KB4036162 — Update for Windows Server 2008 — Fixes a crash in WordPad.

KB4037616 — Update for Windows Server 2008 — Fixes a crash in spoolsv.exe.

KB4022633 — 2017-05 Update for Windows 10 Version 1511 — OOBE update for Windows 10 Version 1511

How to download and install the September 2017 security updates

Suggestion: Windows updates may backfire; they may introduce issues or even block the PC from booting or functioning properly. I suggest you create a backup of the system before you install updates.

Windows PCs are configured to download and install important updates — like security updates — automatically. This is not a real-time process though, and you may want to run a manual check for updates at times, or download updates manually to install them without direct connection to Microsoft’s servers.

You may run a manual check for updates on Windows in the following way:

  • Select the Windows-key on the keyboard, type Windows Update, and select the Enter-key.
  • Windows may run a check automatically when the page opens, or after you click on the “check for updates” link or button.
  • Updates may be downloaded automatically if they are found, or only after you accept them.

You may download updates directly from Microsoft’s Update Catalog website as well. The links are listed below:

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4038777 — 2017-09 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4038779 — 2017-09 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

  • KB4038792 — 2017-09 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
  • KB4038793 — 2017-09 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10 and Windows Server 2016 (version 1703)

  • KB4038788 — 2017-09 Cumulative Update for Windows 10 Version 1703

Additional resources

  • September 2017 Security Updates release notes
  • List of software updates for Microsoft products
  • List of security advisories
  • Security Updates Guide
  • Microsoft Update Catalog site
  • Our in-depth Windows update guide
  • Windows 10 Update History
  • Windows 8.1 Update History
  • Windows 7 Update History

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Microsoft Security Updates September 2017 release appeared first on gHacks Technology News.

Source link