Microsoft Security Bulletin(s) for November 2017

Discussion in 'update alerts' started by NICK ADSL UK, Nov 14, 2017 at 1:09 PM.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,271
    Location:
    UK
    Microsoft Security Bulletin(s) for November 2017

    Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download centre or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Bulletin Summary:
    https://portal.msrc.microsoft.com/e...tedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99

    Release Notes
    November 2017 Security Updates
    Release Date: November 14, 2017
    The November security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ASP.NET Core and .NET Core
    Chakra Core

    Please note the following information regarding the security updates:
    Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

    •Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.

    •Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    •In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

    •After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
    https://support.microsoft.com/en-gb...-1507-will-no-longer-receive-security-updates

    Known Issues
    4048954
    4048953
    4048955
    4048952
    4048956
    4048958
    4048961
    4048957
    4048960

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact: For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
     
    Last edited: Nov 14, 2017 at 1:18 PM
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,271
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: November 16, 2017
    ********************************************************************

    Summary
    =======

    The following security advisory has been revised in the October 2017
    Security Updates.

    * ADV170012


    Revision Information:
    =====================

    ADV170012

    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Revised the Affected Products table to
    include Windows 10 Version 1709 for 32-bit Systems and Windows
    10 Version 1709 for x64-based Systems because they are affected
    by CVE-2017-15361, described in this advisory. In addition, the
    following informational-only changes have been made: *Under
    Recommended Action #4, Revised the list of affected Surface
    devices to indicate that Surface Hub is not affected by this
    vulnerability. *Under Recommended Action #6, updated the links
    for information about clearing the TPM.
    - Originally posted: October 10, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Critical
    - Version: 2.0
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,271
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: November 16, 2017
    Summary

    The following CVEs and Security Advisory have been revised in the
    November 2017 Security Updates.

    * CVE-2017-8700
    * CVE-2017-11883
    * ADV170020
    Revision Information:

    CVE-2017-8700

    - Title: CVE-2017-8700 | ASP.NET Core Information Disclosure
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Corrected the Download and Article links in
    the Affected Products table. This is an informational change only.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Moderate
    - Version: 1.1

    CVE-2017-11883

    - Title: CVE-2017-11883 | ASP.NET Core Denial Of Service
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Updated the Denial of Service exploitability
    assessment. This is an informational change only.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: Important
    - Version: 1.1

    ADV170020
    - Title: ADV170020 | Microsoft Office Defense in Depth Update
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added an Update FAQ to explain why some
    customers are not being offered update 4011268. Added an Update
    FAQ to explain why customers might be offered an update for
    software that is not specifically indicated as being affected in
    the Affected Software and Vulnerability Severity Ratings table.
    These are informational changes only. Customers who have already
    successfully installed the updates do not need to take any further
    action.
    - Originally posted: November 14, 2017
    - Updated: November 16, 2017
    - CVE Severity Rating: N/A
    - Version: 1.1
     
Loading...
Thread Status:
Not open for further replies.