File Attachment: November-2017 Updates
This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847, as they address a Security Feature Bypass, and a Privilege Elevation respectively.
It should also be noted that CVE-2017-11848, CVE-2017-11827, CVE-2017-11883, CVE-2017-8700 have public exploits, but they do not appear to be used in any active campaigns.
From a prioritization standpoint, focus on the fixes for CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which all address the Scripting Engine in Edge and Internet Explorer, especially on laptops, and other workstation-type systems where the logged in user may have administrative privileges. Microsoft lists exploitation as More Likely for these vulnerabilities, especially if a user is tricked into viewing a malicious site or opening an attachment.
While Microsoft lists the fix for CVE-2017-11882 as Important, there may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well.
It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed. Therefore, it is recommended you ensure last month’s security patches are fully addressed. Alternatively, you can install this month’s Monthly Rollups, as they should include this fix.
Adobe has also released patches for 9 advisories, fixing a stunning 62 CVEs for Acrobat and Reader alone, so ensure that you are updating Adobe across your environment to stay protected.
Executive Summary
• Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
• No critical updates for Windows, but for IE 11 and Microsoft Edge.
• Lots of know issues
Operating System Distribution
• Windows 7: 12 vulnerabilities of which 12 are rated important
• Windows 8.1: 11 vulnerabilities of which 11 are rated important
• Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
• Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
• Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important
Windows Server products:
• Windows Server 2008: 11 vulnerabilities of which 11 are rated important
• Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
• Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
• Windows Server 2016: 12 vulnerabilities of which 12 are rated important
Other Microsoft Products
• Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
• Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important
Direct Update Downloads
CVE | Title | Severity | Public | Exploited | XI – Latest | XI – Older |
CVE-2017-11827 | Microsoft Browser Memory Corruption Vulnerability | Important | Yes | No | 1 | 1 |
CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability | Important | Yes | No | 2 | 2 |
CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerability | Moderate | Yes | No | 2 | 2 |
CVE-2017-11848 | Internet Explorer Information Disclosure Vulnerability | Moderate | Yes | No | 2 | 2 |
CVE-2017-11856 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11855 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11845 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11837 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11839 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11841 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11861 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11862 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11870 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11836 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11838 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11840 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11843 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11846 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11859 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11866 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11858 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11869 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 |
CVE-2017-11871 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11873 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A |
CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability | Important | No | No | 3 | 3 |
CVE-2017-11879 | ASP.NET Core Elevation Of Privilege Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11830 | Device Guard Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11803 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 1 | N/A |
CVE-2017-11833 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | N/A |
CVE-2017-11844 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 1 | N/A |
CVE-2017-11863 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | No | 2 | N/A |
CVE-2017-11872 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | No | 2 | N/A |
CVE-2017-11874 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | No | 2 | N/A |
CVE-2017-11878 | Microsoft Excel Memory Corruption Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11877 | Microsoft Excel Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11850 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11884 | Microsoft Office Memory Corruption Vulnerability | Important | No | No | 2 | N/A |
CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11854 | Microsoft Word Memory Corruption Vulnerability | Important | No | No | N/A | 2 |
CVE-2017-11791 | Scripting Engine Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11834 | Scripting Engine Information Disclosure Vulnerability | Important | No | No | 3 | 3 |
CVE-2017-11832 | Windows EOT Font Engine Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11835 | Windows EOT Font Engine Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11852 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11831 | Windows Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11880 | Windows Information Disclosure Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11847 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11851 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11842 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11849 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11853 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 |
CVE-2017-11768 | Windows Media Player Information Disclosure Vulnerability | Important | No | No | 2 | 2 |
CVE-2017-11788 | Windows Search Denial of Service Vulnerability | Important | No | No | 3 | 3 |
CVE-2017-11876 | Microsoft Project Server Elevation of Privilege Vulnerability | Moderate | No | No | 3 | 3 |