MS – SECURITY

3214296 – Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege – Version: 1.0 Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure that their apps are updated correctly. Source: 3214296 – Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege – Version: 1.0

MS17-002 – Critical: Security Update for Microsoft Office (3214291) – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (January 10, 2017): Bulletin published Summary: This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Source: MS17-002 – Critical: Security Update for Microsoft Office (3214291) – Version: 1.0

MS17-004 – Important: Security Update for Local Security Authority Subsystem Service (3216771) – Version: 1.0 Severity Rating: ImportantRevision Note: V1.0 (January 10, 2017): Bulletin PublishedSummary: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. Source: MS17-004 – Important: Security Update for Local Security Authority Subsystem Service (3216771) – Version: 1.0

MS17-003 – Critical: Security Update for Adobe Flash Player (3214628) – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (January 10, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. Source: MS17-003 – Critical: Security Update for Adobe Flash Player (3214628) – Version: 1.0

MS16-151 – Important: Security Update for Windows Kernel-Mode Drivers (3205651) – Version: 1.0 Severity Rating: ImportantRevision Note: V1.0 (December 13, 2016): Bulletin publishedSummary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Source: MS16-151 – Important: Security Update for Windows Kernel-Mode Drivers (3205651) – Version: 1.0