Softpedia >News >Microsoft >Patches and Vulnerabilities
Softpedia Homepage   

Microsoft Fixes Just 3 Vulnerabilities on the Smallest Patch Tuesday Ever

The firm starts the year with just 3 security patches

Jan 11, 2017 08:04 GMT  ·  By
All patches are flagged as important and are shipped via Windows Update
   All patches are flagged as important and are shipped via Windows Update

Microsoft started this year with an unexpectedly small number of patches, as the company shipped just 3 different bulletins on the January 2017 Patch Tuesday.

Specifically, Microsoft is patching a total of 15 different vulnerabilities, but only 3 of them were detected in the company’s products themselves, while the remaining 12 are in Adobe’s own software that’s bundled into Windows or Internet Explorer and Microsoft Edge browsers.

3 security updates this month

First and foremost, Windows users must install MS17-001, a security bulletin that is aimed at Windows 10 and Windows Server 2016 and which, according to Microsoft, could allow an attacker compromising a system to get elevated privileges in affected versions of the browser. The security update, however, is considered to be “important” for Windows 10 and Windows Server 2016.

MS17- 004, on the other hand, is supposed to fix a denial of service vulnerability in the Local Security Authority Subsystem Service (LSASS) and which affects Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (and Server Core).

“A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system,” Microsoft explains in the security bulletin.

And last but not least, there’s MS17-002, which is a security patch for Word 2016 and SharePoint 2016 fixing a vulnerability that would allow an attacker to take control of a system using just a malicious document that’s being launched with a vulnerable application.

Surprisingly, Windows 8.1 isn’t getting any patches this month, and Windows 10 users who install the latest cumulative updates released by Microsoft in January are fully up to date.

Without a doubt, seeing Microsoft shipping only a few security updates on Patch Tuesday is a little bit unexpected, especially because they’re not rated critical, but on the other hand, it makes our lives easier because there’s a smaller batch of fixes to deploy and a substantially reduced chance of something going wrong.