Patch Tuesday for September 2017

This month’s updates from Microsoft include a patch for a nasty zero-day vulnerability in the .NET framework.

The announcement for this batch of updates is of course just a link to the Security Update Guide, where it’s up to the user to wade through piles of information and determine what’s relevant.

Here’s what I’ve been able to glean from my explorations: there are ninety-four updates, affecting Internet Explorer, Edge, Windows, Office, Adobe Flash Player, Skype, and the .NET Framework. A total of eighty-five vulnerabilities are addressed, twenty-nine of which are flagged as Critical.

As you may have guessed, this month we also have yet another new version of Flash. Microsoft included the new version in updates for Edge and Internet Explorer, and Chrome will get the new version via its internal auto-updater. Desktop Flash users should visit the main Flash page to get the new version. Flash 27.0.0.130 addresses two critical vulnerabilities in previous versions.

Leave a Reply