Microsoft Security Bulletin(s) for November 2017

Discussion in 'update alerts' started by NICK ADSL UK, Nov 14, 2017.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Bulletin(s) for November 2017

    Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download centre or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Bulletin Summary:
    https://portal.msrc.microsoft.com/e...tedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99

    Release Notes
    November 2017 Security Updates
    Release Date: November 14, 2017
    The November security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ASP.NET Core and .NET Core
    Chakra Core

    Please note the following information regarding the security updates:
    Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

    •Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.

    •Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    •In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

    •After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
    https://support.microsoft.com/en-gb...-1507-will-no-longer-receive-security-updates

    Known Issues
    4048954
    4048953
    4048955
    4048952
    4048956
    4048958
    4048961
    4048957
    4048960

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
     
    Last edited: Nov 14, 2017
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: November 16, 2017
    ********************************************************************

    Summary
    =======

    The following security advisory has been revised in the October 2017
    Security Updates.

    * ADV170012


    Revision Information:
    =====================

    ADV170012

    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Revised the Affected Products table to
    include Windows 10 Version 1709 for 32-bit Systems and Windows
    10 Version 1709 for x64-based Systems because they are affected
    by CVE-2017-15361, described in this advisory. In addition, the
    following informational-only changes have been made: *Under
    Recommended Action #4, Revised the list of affected Surface
    devices to indicate that Surface Hub is not affected by this
    vulnerability. *Under Recommended Action #6, updated the links
    for information about clearing the TPM.
    - Originally posted: October 10, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Critical
    - Version: 2.0
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: November 16, 2017
    Summary

    The following CVEs and Security Advisory have been revised in the
    November 2017 Security Updates.

    * CVE-2017-8700
    * CVE-2017-11883
    * ADV170020
    Revision Information:

    CVE-2017-8700

    - Title: CVE-2017-8700 | ASP.NET Core Information Disclosure
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Corrected the Download and Article links in
    the Affected Products table. This is an informational change only.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Moderate
    - Version: 1.1

    CVE-2017-11883

    - Title: CVE-2017-11883 | ASP.NET Core Denial Of Service
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Updated the Denial of Service exploitability
    assessment. This is an informational change only.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    ADV170020
    - Title: ADV170020 | Microsoft Office Defense in Depth Update
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added an Update FAQ to explain why some
    customers are not being offered update 4011268. Added an Update
    FAQ to explain why customers might be offered an update for
    software that is not specifically indicated as being affected in
    the Affected Software and Vulnerability Severity Ratings table.
    These are informational changes only. Customers who have already
    successfully installed the updates do not need to take any further
    action.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: N/A
    - Version: 1.1
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: November 21, 2017
    Summary
    The following CVE has been revised in the November 2017 Security
    Updates.
    * CVE-2017-11882
    Revision Information:
    CVE-2017-11882
    - Title: CVE-2017-11882 | Microsoft Office Memory Corruption
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added a link to a Microsoft Knowledge Base
    Article to explain how to disable the affected Equation Editor
    component.
    - Originally posted: November 14, 2017
    - Updated: November 21, 2017
    - CVE Severity Rating: Important
    - Version: 1.1
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Update Releases
    Issued: November 28, 2017
    ********************************************************************

    Summary
    =======

    The following CVE and security advisory have been revised in the
    November 2017 Security Updates.

    * CVE-2017-11882
    * ADV170020


    Revision Information:
    =====================

    CVE-2017-11882

    - Title: CVE-2017-11882 | Microsoft Office Memory Corruption
    Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: To comprehensively address CVE-2017-11882
    Microsoft is releasing security updates 4011604 for affected
    editions of Microsoft Office 2007 and 4011618 for affected editions of
    Microsoft Office 2010. Microsoft recommends that customers running
    these versions of Office install the updates to be protected from
    this vulnerability. Customers who have already installed the
    previously-released updates (4011276 or 2553204) do not need to
    take any further action.
    - Originally posted: November 11, 2017
    - Updated: November 28, 2017
    - CVE Severity Rating: Important
    - Version: 2.0

    ADV170020

    - Title: ADV170020 | Microsoft Office Defense-in-Depth Update
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Revised the Affected Products table to include
    Microsoft Office Online Server 2016 because the update also provides
    enhanced security as a defense-in-depth measure. Microsoft
    recommends that customers running Office Online Server 2016 install
    update 4011020 for these enhanced security measures.
    - Originally posted: November 11, 2017
    - Updated: November 28, 2017
    - CVE Severity Rating: None
    - Version: 2.0
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Title: Microsoft Security Update Minor Revisions
    Issued: November 28, 2017
    ********************************************************************
    Summary
    =======
    The following CVEs has been revised in the November 2017 Security Updates.
    * CVE-2017-11770
    Revision Information:
    =====================
    CVE-2017-11770
    - Title: CVE-2017-11770 | .NET CORE Denial Of Service
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Corrected the link to the .NET Core 1.1
    Article in the Affected Products table. This is an informational
    change only.
    - Originally posted: November 14, 2017
    - Updated: November 28, 2017
    - CVE Severity Rating: Important
    - Version: 1.1
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: November 29, 2017
    Summary
    The following CVEs have been revised in the October 2017 or the
    November 2017 Security Updates.
    * CVE-2017-8718
    * CVE-2017-11870
    * CVE-2017-11873
    * CVE-2017-11882

    Revision Information:

    CVE-2017-8718
    - Title: CVE-2017-8718 | Microsoft JET Database Engine Remote
    Code Execution Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Corrected several links in the Affected
    Products table for Microsoft Windows 8.1.
    - Originally posted: October 10, 2017
    - Updated: November 29, 2017
    - CVE Severity Rating: Important
    - Version: 2.1

    CVE-2017-11870
    - Title: CVE-2017-11870 | Scripting Engine Memory Corruption
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added an acknowledgment.
    - Originally posted: November 14, 2017
    - Updated: November 28, 2017
    - CVE Severity Rating: Critical
    - Version: 1.1

    CVE-2017-11873
    - Title: CVE-2017-11873 | Scripting Engine Memory Corruption
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added an acknowledgment.
    - Originally posted: November 14, 2017
    - Updated: November 28, 2017
    - CVE Severity Rating: Critical
    - Version: 1.1

    CVE-2017-11882
    - Title: CVE-2017-11882 | Microsoft Office Memory Corruption
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Corrected the Download link for Microsoft
    Office 2007 Service Pack 3. This is an informational change only.
    - Originally posted: November 14, 2017
    - Updated: November 29, 2017
    - CVE Severity Rating: Important
    - Version: 2.1
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Advisory Notification Issued: December 1, 2017
    Security Advisories Released or Updated Today

    Please note that the URL for Microsoft security documents has changed.
    * Microsoft Security Advisory 4053440
    - Title: Securely opening Microsoft Office documents that contain
    Dynamic Data Exchange (DDE) fields
    https://docs.microsoft.com/en-us/security-updates/
    securityadvisories/2017/4053440
    - Reason for Revision: Updated the Windows 10 Fall Creators Update
    section with more information about the Attack surface reduction
    (ASR) rules. This is an informational change only.
    - Originally posted: November 8, 2017
    - Updated: November 30, 2017
    - Version: 1.1
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    ********************************************************************
    Microsoft Security Update Summary for December 6, 2017
    Issued: December 6, 2017
    ********************************************************************

    This summary lists security updates released for December 6, 2017.

    Complete information for the December 2017 security update release can
    Be found at
    <https://portal.msrc.microsoft.com/en-us/security-guidance>.

    Critical Security Updates
    ============================

    CVE-2017-11937

    Critical Windows 7 for 32-bit Systems Service Pack 1
    Critical Windows 7 for x64-based Systems Service Pack 1
    Critical Windows 8.1 for 32-bit systems
    Critical Windows 8.1 for x64-based systems
    Critical Windows RT 8.1
    Critical Windows 10 for 32-bit Systems
    Critical Windows 10 for x64-based Systems
    Critical Windows 10 Version 1511 for 32-bit Systems
    Critical Windows 10 Version 1511 for x64-based Systems
    Critical Windows 10 Version 1607 for 32-bit Systems
    Critical Windows 10 Version 1607 for x64-based Systems
    Critical Windows 10 Version 1703 for 32-bit Systems
    Critical Windows 10 Version 1703 for x64-based Systems
    Critical Windows 10 Version 1709 for 32-bit Systems
    Critical Windows 10 Version 1709 for x64-based Systems
    Critical Windows Server 2016
    Critical Windows Server 2016 (Server Core installation)
    Critical Windows Server, version 1709 (Server Core Installation)
    Critical Microsoft Endpoint Protection
    Critical Microsoft Exchange Server 2013
    Critical Microsoft Exchange Server 2016
    Critical Microsoft Forefront Endpoint Protection
    Critical Microsoft Forefront Endpoint Protection 2010
    Critical Microsoft Security Essentials
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,293
    Location:
    UK
    Microsoft Security Update Summary for December 7, 2017
    Issued: December 7, 2017
    ********************************************************************

    This summary lists security updates released for December 7, 2017.

    Complete information for the December 2017 security update release can
    Be found at
    <https://portal.msrc.microsoft.com/en-us/security-guidance>.

    Critical Security Updates
    ============================

    CVE-2017-11940

    Critical Windows 7 for 32-bit Systems Service Pack 1
    Critical Windows 7 for x64-based Systems Service Pack 1
    Critical Windows 8.1 for 32-bit systems
    Critical Windows 8.1 for x64-based systems
    Critical Windows RT 8.1
    Critical Windows 10 for 32-bit Systems
    Critical Windows 10 for x64-based Systems
    Critical Windows 10 Version 1511 for 32-bit Systems
    Critical Windows 10 Version 1511 for x64-based Systems
    Critical Windows 10 Version 1607 for 32-bit Systems
    Critical Windows 10 Version 1607 for x64-based Systems
    Critical Windows 10 Version 1703 for 32-bit Systems
    Critical Windows 10 Version 1703 for x64-based Systems
    Critical Windows 10 Version 1709 for 32-bit Systems
    Critical Windows 10 Version 1709 for x64-based Systems
    Critical Windows Server 2016
    Critical Windows Server 2016 (Server Core installation)
    Critical Windows Server, version 1709 (Server Core Installation)
    Critical Microsoft Endpoint Protection
    Critical Microsoft Exchange Server 2013
    Critical Microsoft Exchange Server 2016
    Critical Microsoft Forefront Endpoint Protection
    Critical Microsoft Forefront Endpoint Protection 2010
    Critical Microsoft Security Essentials
     
Loading...
Thread Status:
Not open for further replies.