Microsoft Security Bulletin(s) for October 2017

Discussion in 'update alerts' started by NICK ADSL UK, Oct 10, 2017.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Bulletin(s) for October 2017
    Note: There may be latency issues due to replication, if the page does not display keep refreshing
    Today Microsoft released the following Security Bulletin(s).
    Note: Microsoft Security Response Centre and Security TechCenter are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    October 2017 Security Updates
    Release Date: October 10, 2017


    Security Updates
    https://portal.msrc.microsoft.com/en-us/security-guidance


    Release Notes
    https://portal.msrc.microsoft.com/e...tedetail/313ae481-3088-e711-80e2-000d3a32fc99

    The October security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Skype for Business and Lync
    Chakra Core
    Please note the following information regarding the security updates:
    Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
    Starting in March 2017, there will be a Windows 10 1607 delta package that contains just the delta changes between the previous month and the current release.
    Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the excecption of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers running other editions of Windows 10 version 1507 that are no longer supported should update your devices to the latest version of Windows 10. For more information see Microsoft Knowledge Base Article 4015562.
    Known Issues
    4041691
    4042895
    4041676
    4041681


    Please note that Microsoft may release bulletins outside of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA
     
    Last edited: Oct 10, 2017
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: October 10, 2017
    Summary
    The following CVE has been revised in the October 2017 Security
    Updates.
    * CVE-2017-11774
    Revision Information:
    CVE-2017-11774
    - Title: CVE-2017-11774 | Microsoft Outlook Security Feature Bypass
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: Corrected the affected Microsoft Office
    component in the CVE description. This is an informational change
    only.
    - Originally posted: October 10, 2017
    - Updated: October 10, 2017
    - CVE Severity Rating: Important
    - Version: 1.1
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: October 11, 2017
    Summary
    The following advisory has been revised in the October 2017 Security
    Updates.
    * ADV170012
    Revision Information:
    ADV170012
    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: v1.1: To keep the information in the advisory
    up-to-date, made several corrections: corrected link to HP OEM site,
    added link to Lenovo OEM site, added note that failure to run the
    PowerShell script as an administrator will return incorrect results.
    These are all informational changes only.
    v1.2: Added information about how to use the PowerShell script to
    remotely check devices for affected TPMs. Clarified that BitLocker
    protection is affected only if the TPM firmware version is 1.2.
    These are informational changes only.
    - Originally posted: October 10, 2017
    - Updated: October 11, 2017
    - CVE Severity Rating: Critical
    - Version: 1.2
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Releases Issued: October 16, 2017
    Summary
    The following CVE has undergone a major revision increment.
    * CVE-2017-13080 CVE
    Revision Information:
    CVE-2017-13080
    Title: CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    Reason for Revision: CVE-2017-13080 has been added to the October 2017 security release in lieu of ADV170016, which has been deprecated. CVE-2017-13080 was released as part of a multi-vendor coordinated disclosure. Please see the FAQ for more information.
    Originally posted: October 16, 2017 - Updated: N/A - CVE Severity Rating: Important - Version: 1.0
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: October 17, 2017
    ********************************************************************
    Summary
    =======
    The following CVE has undergone a major revision increment.
    * ADV170018
    CVE Revision Information:
    =====================
    CVE-2017-13080
    - Title: ADV170018 | October 2017 Flash Update
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reason for Revision: The October Adobe Flash Security Update is
    available for installation. See »support.microsoft.com/
    en-us/help/4049179 for more information.
    - Originally posted: October 17, 2017
    - Updated: N/A
    - CVE Severity Rating: Critical
    - Version: 1.0
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: October 17, 2017
    Summary
    The following advisory has been revised in the October 2017 Security
    Updates.
    * ADV170012
    Revision Information:
    ADV170012
    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: v1.3: The following revisions are
    informational changes only: * Added CVE number and vulnerability
    name. * Added links for OEM information for HPE and Toshiba to the
    table under Step 4: Apply applicable firmware updates. * Added
    information for MSA to the table under Step 5: Remediate services
    based on your particular use cases.
    - Originally posted: October 10, 2017
    - Updated: October 17, 2017
    - CVE Severity Rating: Critical
    - Version: 1.3
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: October 20, 2017
    ********************************************************************

    Summary
    =======

    The following advisory and security bulletin have undergone a
    minor revision increment.

    * ADV170012
    * MS14-085


    Revision Information:
    =====================

    ADV170012

    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Removed the October security-only updates
    for Windows Server 2012, Windows Server 2012 R2, and Windows 8.1
    from the Affected Products table because these updates do not
    address the vulnerability discussed in this advisory. Clarified
    in FAQ 9 and 10 that customers running these versions of Windows
    who install security-only updates must install either the
    September security-only updates or the October monthly rollup
    to receive the changes for this vulnerability. These are
    informational changes only.
    - Originally posted: October 10, 2017
    - Updated: October 20, 2017
    - CVE Severity Rating: Critical
    - Version: 1.5

    MS14-085

    - Title: Vulnerability in Microsoft Graphics Component Could
    Allow Information Disclosure (3013126)
    - https://technet.microsoft.com/library/security/ms14-085
    - Reasons for Revision: Corrected a typo in the CVE description.
    - Originally posted: December 9, 2017
    - Updated: October 19, 2014
    - CVE Severity Rating: Important
    - Version: 1.1
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: October 26, 2017
    Summary
    The following advisory has been revised in the October 2017 Security
    Updates.
    * ADV170012
    Revision Information:
    ADV170012
    - Title: ADV170012 | Vulnerability in TPM could allow Security
    Feature Bypass
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: v1.6: The following revisions are
    informational changes only: * Added link for OEM information for
    Panasonic to the table under Step 4: Apply applicable firmware updates.
    * Revised Windows Hello information in the table under Step 5:
    Remediate services based on your particular use cases.
    - Originally posted: October 10, 2017
    - Updated: October 26, 2017
    - CVE Severity Rating: Critical
    - Version: 1.6
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    Microsoft Security Update Minor Revisions Issued: November 1, 2017
    Summary
    The following CVE has been revised in the October 2017
    Security Updates.
    * CVE-2017-11826
    Revision Information:
    CVE-2017-11826
    - Title: CVE-2017-11826 | Microsoft Office Memory Corruption
    Vulnerability
    https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Added an Update FAQ to explain why some
    customers are not being offered update 3213627. Added an Update
    FAQ to explain why customers might be offered an update for
    software that is not specifically indicated as being affected in
    the Affected Software and Vulnerability Severity Ratings table.
    These are informational changes only. Customers who have already
    successfully installed the updates do not need to take any further
    action.
    - Originally posted: October 10, 2017
    - Updated: November 1, 2017
    - CVE Severity Rating: Important
    - Version: 1.1
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Advisory Notification
    Issued: November 8, 2017
    ********************************************************************

    Security Advisories Released or Updated Today
    ==============================================

    * Microsoft Security Advisory 4053440
    - Title: Securely opening Microsoft Office documents that contain
    Dynamic Data Exchange (DDE) fields
    - https://technet.microsoft.com/library/security/4053440.aspx
    - Executive Summary: Microsoft is releasing this security
    advisory to provide information regarding security settings for
    Microsoft Office applications. This advisory provides guidance on
    what users can do to ensure that these applications are properly
    secured when processing Dynamic Data Exchange (DDE) fields.
    - Originally posted: November 8, 2017
    - Updated: N/A
    - Version: 1.0
     
  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,283
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Update Releases
    Issued: November 9, 2017
    ********************************************************************

    Summary
    =======

    The following CVE has been revised in the July 2017
    Security Updates.

    * CVE-2017-8585


    Revision Information:
    =====================

    CVE-2017-8585

    - Title: CVE-2017-8585 | .NET Denial of Service Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance
    - Reasons for Revision: Revised the Affected Products table to include
    .NET Core 1.0 and .NET Core 1.1 because they are affected by
    CVE-2017-8585. Customers running these versions of .NET Core can
    find more information on GitHub at
    https://github.com/dotnet/announcements/issues/34.
    This is an informational change only.
    - Originally posted: July 11, 2017
    - Updated: November 9, 2017
    - CVE Severity Rating: Important
    - Version: 2.0
     
Loading...
Thread Status:
Not open for further replies.