404 Tech Support

Where IT Help is Found

You are here: Home / Articles / System Administration / Today’s Patch Tuesday fixes critical bug in Windows’ Malware Protection Engine and updates Adobe Flash Player

Today’s Patch Tuesday fixes critical bug in Windows’ Malware Protection Engine and updates Adobe Flash Player

by

The second Tuesday of the month is always busy with updates from many operating system and software vendors, except February 2017 when Microsoft delayed updates until March.

Microsoft

Today’s updates included Microsoft’s usual updates for May 2017:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • NET Framework
  • Adobe Flash Player in Internet Explorer

In addition, Microsoft released an out-of-band patch for the Microsoft Malware Protection Engine, the software behind Windows Defender and other Endpoint Protection antivirus products on Windows. The bug was discovered by a Google Project Zero researcher who notified Microsoft of the problem this weekend. Microsoft Security Advisory 4022344 details the vulnerability:

The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

No action is required as the Microsoft Malware Protection Engine and malware definitions are kept up to date automatically. If your environment controls these updates, you should review that the update process is working as expected.

The last point for Microsoft’s activity today includes an odd update in Microsoft Security Advisory 4022345, which corrects Windows Update clients that might fail to receive updates. An edge case was discovered where Windows 10 or Windows Server 2016 clients may not download Windows Updates if they have never been logged into interactively to complete the initial setup.

The update fixes this issue with a “self-healing mechanism” to correct the problem where the machine will honor the settings a sysadmin has configured, for example, through Group Policy, and machines that have Windows Updates disabled will not be forced to install updates.

Adobe

Adobe patched Flash Player on Windows, macOS, and Linux. Adobe Security Bulletin APSB17-15 brings Flash Player up to version 25.0.0.171 and should be installed promptly as the critical vulnerabilities could allow an attacker to take control of a computer.

Adobe Experience Manager Forms was also updated with details in Adobe Security Bulletin APSB17-16.

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.