Рекомендации по обновлению ПО

Документы

Полная история обновлений безопасности


Обновления за последний месяц


16.11.17 November 2017 NCR FSE Microsoft Security Bulletins Recommendations

October 2017 patch testing is complete. All tests have passed.

Notification of Upcoming Changes to Microsoft Patch Recommendations - Taking Effect from January 2018

NCR will be changing the structure and content of the Microsoft Patch Recommendations email notifications from January 2018 onwards. This is because Microsoft are changing the structure of their updates and no longer provide a means of downloading specific patches for individual CVEs.

To provide advice on the individual suitability of each patch, NCR will now provide a notice of any possible side-effects after conducting internal patch testing.

The new patches being released by Microsoft will be relatively large, with the individual “Delta” patch (which contains only new patches from the previous month) being 350+MB in size. This means that if patches are not picked up every month, the patch delta will increase rapidly. For example, if patches are deployed every quarter, this will involve deploying 1GB in patches to each ATM in the estate. 

This will provide challenges in low bandwidth environments. It is important that customers are aware of this issue and plan the most appropriate way to deploy patches on their estate. We are aware of this issue and have spoken directly to Microsoft who have advised us that there is no way they can make the patches smaller. 

To reflect the changes in patch structure, we are also changing the structure of NCR's email notifications, as described in the points listed below:
What you will NOT receive
You will no longer receive the following: 
• Individual breakdowns of each patch CVE that warns of ATM suitability
• An updated document containing the recommendations of ATM suitability of each individual patch, before patch testing is completed by NCR.
• Multiple emails about individual patches. This is because there will only be one patch available from Microsoft, with no choice in which to pick up.

What you will receive
After NCR has tested the newest delta patch, you will receive an email which contains the following information: 
• Details of possible side-effects cause by the patch
• A link to the Microsoft web site where the patches applicable to the current NCR OEM images are available to download

NCR will then continue to test the new delta patch released by Microsoft for NCR OEM Windows 7 Professional SP1 and for NCR OEM Windows 10 2016 Enterprise Edition LTSB. However, it is vital that PS/ customers also conduct their own testing. 
Other software that NCR will test on will be in the latest vanilla software stack which will include the latest versions of the following software:
• NCR OEM Windows 10 Enterprise 2016 LTSB/ NCR OEM Windows 7 SP1
[Final software to be determined]

Important Customer Actions

It is important for customers to complete the following steps:

1.     Download Microsoft Patches
On Patch Tuesday (the second Tuesday of every month), customers/ PS must pick up Microsoft’s newly released patches. To receive notifications from Microsoft at the time of patch release, customers should sign up to the Microsoft Technical Security Notification service emails, available at the following TechNet location:
https://technet.microsoft.com/en-us/security/dd252948
Emails are sent to this service whenever new patches are released or if any major revisions are made to previous patches.
2.     Test Microsoft Patches
PS/customers should not wait for an email from NCR to start their testing. This is not a change in process as NCR currently recommends that customers conduct their own testing. 
If the customer does not use the NCR OEM version of Windows 10 or Windows 7, they cannot solely rely on the NCR patch recommendations email to provide details on applicable patches for their OS version. Side-effects of the patches may also be different in non-OEM versions.
PS/customers using non-OEM versions must do the following steps:
a.     Ensure that the patches they pick up are relevant to the OS build upon which their image is based
b.     Perform all testing of the patches for their environment

Microsoft has replaced security bulletins with the Security Updates Guide . Please see the blog post, Furthering our commitment to security updates, for more details. Security issues are no longer listed as bulletins but are listed by CVE number. CVEs are grouped by Monthly Security Rollup for all applicable software.

Anyone creating new software builds for Windows 7 SP1 can use the convenience roll up that was issued in April 2016 and then just install all the security patches since April 2016. The convenience roll up can be found here and includes all security patches up to April 2016.


November 2017 Security Updates

Security Rollup ID: 4041678
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Important CVEs: CVE-2017-11788, CVE-2017-11831, CVE-2017-11832, CVE-2017-11851, CVE-2017-11768, CVE-2017-11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-11852, CVE-2017-11853, CVE-2017-11880

Security Rollup ID: 4048960
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Important CVEs: CVE-2017-11788, CVE-2017-11831, CVE-2017-11832, CVE-2017-11851, CVE-2017-11768, CVE-2017-11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-11852, CVE-2017-11853, CVE-2017-11880

Security Rollup ID: 4047206
Affected Software: Internet Explorer 11
Critical CVEs: CVE-2017-11837, CVE-2017-11856, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846, CVE-2017-11855, CVE-2017-11858, CVE-2017-11869
Important CVEs: CVE-2017-11791, CVE-2017-11827, CVE-2017-11834, CVE-2017-11848

Security Rollup ID: 
Affected Software: Adobe Flash Player
Critical CVEs: ADV170019

Re-released Bulletins:

There were NO re-released bulletins that affected Windows 7 SP 1 this month. 

Major Revision Increment Releases:

There were NO advisories that affected Windows 7 SP 1 this month.

Advisories:

There were NO advisories that affected Windows 7 SP 1 this month.

Microsoft Security Update Releases:

CVE-2017-13080

NOTE: Included this month is a document providing guidance for installing Microsoft Updates on Self-Service Terminals.
A zip archive is attached containing the following documents:
• NCR Recommendations for 2017 security bulletins and updates
• NCR recommendations for Microsoft Security bulletins on Windows 7 SP1 since April 2011 and up to December 2016 (this is for information purposes only)
• NCR recommendations for Microsoft Security bulletins since 2005 for XP. This is for information purposes only as XP is no longer supported by Microsoft;
• Installing Microsoft Updates on Self - Service Terminals

Адрес:
129075 г. Москва,
Мурманский проезд, 14, к. 1

http://www.lanatmservice.ru
Тел:
+7 (495) 967 6674
Факс:
+7 (495) 721 9155
E-mail:

Copyright 2017 «ЛАН АТМсервис»

Создано Webway