Another Patch Tuesday is here, along with a huge set of both security and non-security patches. We strongly recommend patching all these latest security patches right away to avoid unnecessary security breaches, while installing the non-security patches at your discretion.
First things first: Microsoft security updates
Microsoft has reported 62 security vulnerabilities, along with one critical zero-day vulnerability. Letting these security patches slide leaves your organization at risk of remote code execution, system encryption, network breaches, and more.
Zero-day update for Microsoft Word
This latest zero-day vulnerability for Microsoft Word (CVE-2017-11826) leaves systems suspectible to remote code executions. Thankfully, Microsoft has released updates to resolve the issue. Affected products include Microsoft Word 2007 and later versions.
This same vulnerability also impacts the following products:
- Microsoft Office Online Server 2016
- Microsoft Office Web Apps Server 2010
- Microsoft Office Word Viewer
- Microsoft SharePoint Enterprise Server 2016
- Word Automation Services
Other security updates
October Patch Tuesday brings in 62 security patches for eight different products. Here is a list of the Microsoft products that are offering security patches this month:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office
- Microsoft Office Services
- Web Apps
- Skype for Business and Lync
- Chakra Core
Windows 10 security updates are available here, while updates for Windows RT 8.1 and Microsoft Office RT software are available here. If you are looking for a complete list of Microsoft’s latest security updates, please visit this GitHub report.
You can find more information about sorting security patches by product and update in Microsoft’s Security Update Guide.
Non-security updates
Once you’ve updated all your security patches, we recommend moving on to the non-security updates. Since many organizations use Microsoft Office, we’ve compiled a list of all the new non-security updates for Microsoft Office.
Office 2013
- Update for Microsoft Access 2013 (KB3172543)
- Update for Microsoft Excel 2013 (KB4011181)
- Update for Microsoft Office 2013 (KB4011148)
- Update for Microsoft Office 2013 (KB4011169)
- Update for Microsoft Project 2013 (KB4011156)
- Update for Microsoft Visio 2013 (KB4011149)
- Update for Microsoft Word 2013 (KB4011150)
Office 2016
- Update for Microsoft Access 2016 (KB4011142)
- Update for Microsoft Excel 2016 (KB4011166)
- Update for Microsoft Office 2016 (KB4011036)
- Update for Microsoft Office 2016 (KB4011135)
- Update for Microsoft Office 2016 (KB4011139)
- Update for Microsoft Office 2016 (KB4011144)
- Update for Microsoft Office 2016 (KB4011158)
- Update for Microsoft Office 2016 (KB4011167)
- Update for Microsoft PowerPoint 2016 (KB4011164)
- Update for Microsoft Project 2016 (KB4011141)
- Update for Microsoft Visio 2016 (KB4011136)
- Update for Microsoft Word 2016 (KB4011140)
All signs show that cyber attacks aren’t going away any time soon. As the Equifax data breaches and the Shadow Brokers’ latest vulnerability leaks show, if anything, cyber crime is evolving.
If recent threats have you wondering how you’re going to install all these Microsoft Patch Tuesday updates in time, we recommend checking out our patch management solution to see how you can streamline patching in your organization.