News

Microsoft June 2017 patches for older platforms

Latest Microsoft security updates address multiple critical vulnerabilities in Windows operating systems

Microsoft's June 2017 security update addresses multiple critical vulnerabilities in Windows operating systems. Due to an increased threat of exploitation based on recent attacks and disclosures, Microsoft has released security updates for older platforms as well, including Windows XP. In particular, this update fixes previously unpatched vulnerabilities employed by the ENGLISHMANDENTIST, ESTEEMAUDIT and EXPLODINGCAN exploits, details of which were published by the Shadow Brokers earlier this year.

Microsoft has provided tailored customer guidance based on platform, Microsoft Security Advisory 4025685: Guidance related to June 2017 security update release:

  • If automatic updates are enabled and you are using a supported platform such as Windows 7, Windows 8.1 or Windows 10, you should not need to take additional action.
  • If you are using an older unsupported platform, such as Windows XP, Vista, Windows 8 or Windows Server 2003, use Microsoft's Guidance for Older Platforms to manually download and install the relevant security update.
  • The continued use of unsupported operating systems and applications is strongly discouraged.

The Australian Cyber Security Centre has released a range of relevant advice

Organisations can minimise the risk of being infected by exploits taking advantage of unpatched vulnerabilities by following the Australian Signal Directorate's Strategies to Mitigate Cyber Security Incidents. These strategies include, but are not limited to:

  • patching operating systems and applications to the latest versions
  • backing up important data on a daily basis to an offsite location
  • implementing application whitelisting to prevent execution of untrusted code
  • restricting administrator privileges.

Further ASD advice, such as the Essential Eight Explained, Detecting Socially-Engineered Emails, Minimising Admin Privileges Explained and Application Whitelisting Explained, is available from the ASD Publications page.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies