Posted: 16 Min ReadThreat Intelligence

Microsoft Patch Tuesday – November 2017

This month the vendor has patched 53 vulnerabilities, 19 of which are rated Critical.

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 53 vulnerabilities, 19 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

  • Microsoft Browsers
  • Microsoft Office
  • ASP.NET
  • Windows Kernel
  • Windows Graphics Component
  • Windows Media Player
  • Microsoft Windows

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11862) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11836) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11838) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11866) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11870) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11871) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Browser Memory Corruption Vulnerability (CVE-2017-11827) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

     

    Microsoft Edge information disclosure Vulnerability (CVE-2017-11803) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Edge information disclosure Vulnerability (CVE-2017-11833) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser.

     

    Microsoft Edge information disclosure Vulnerability (CVE-2017-11844) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Edge security bypass Vulnerability (CVE-2017-11863) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

     

    Microsoft Edge security bypass Vulnerability (CVE-2017-11872) MS Rating: Important

    A security bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored.

     

    Microsoft Edge security bypass Vulnerability (CVE-2017-11874) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution.

     

    Scripting Engine information disclosure Vulnerability (CVE-2017-11791) MS Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Scripting Engine information disclosure Vulnerability (CVE-2017-11834) MS Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Internet Explorer information disclosure Vulnerability (CVE-2017-11848) MS Rating: Moderate

    An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specially crafted website.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel security bypass Vulnerability (CVE-2017-11877) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security bypass by itself does not allow arbitrary code execution.

     

    Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2017-11884) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Project Server Elevation of Privilege Vulnerability (CVE-2017-11876) MS Rating: Moderate

    An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site.

     

  3. Cumulative Security Update for Microsoft ASP.NET

    ASP.NET CORE Denial Of Service Vulnerability (CVE-2017-11770) MS Rating: Important

    A denial of service vulnerability exists when . NET Core improperly handles web requests.

     

    ASP.NET Core Elevation Of Privilege Vulnerability (CVE-2017-11879) MS Rating: Important

    An open redirect vulnerability exists in ASP. NET Core that could lead to Elevation of privilege.

     

    ASP.NET Core information disclosure Vulnerability (CVE-2017-11883) MS Rating: Important

    A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.

     

    ASP.NET Core information disclosure Vulnerability (CVE-2017-8700) MS Rating: Moderate

    An information disclosure vulnerability exists in ASP. net Core that allows bypassing Cross-origin Resource Sharing (CORS) configurations.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel information disclosure Vulnerability (CVE-2017-11842) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-11847) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel information disclosure Vulnerability (CVE-2017-11849) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel information disclosure Vulnerability (CVE-2017-11851) MS Rating: Important

    A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel information disclosure Vulnerability (CVE-2017-11853) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel information disclosure Vulnerability (CVE-2017-11831) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel information disclosure Vulnerability (CVE-2017-11880) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.

     

  5. Cumulative Security Update for Microsoft Windows Graphics Component

    Microsoft Graphics Component information disclosure Vulnerability (CVE-2017-11850) MS Rating: Important

    An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI information disclosure Vulnerability (CVE-2017-11852) MS Rating: Important

    A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

  6. Cumulative Security Update for Microsoft Windows Media Player

    Windows Media Player information disclosure Vulnerability (CVE-2017-11768) MS Rating: Important

    An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.

     

  7. Cumulative Security Update for Microsoft Windows

    Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11832) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11835) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows Search Denial of Service Vulnerability (CVE-2017-11788) MS Rating: Important

    A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

     

    Device Guard security bypass Vulnerability (CVE-2017-11830) MS Rating: Important

    A security bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Himanshu Mehta

Senior Threat Analysis Engineer

Himanshu is a senior member of Symantec's Cyber Security Services organization. An active contributor to numerous security communities, he frequently provides insight on vulnerabilities and shares his knowledge by writing reports, blogs, and journals.