December, 2017: Patch Tuesday: Out of Band Malware Protection Engine Update

Welcome to this December Patch Tuesday Bulletin. This month we have 34 unique CVE’s across 8 products. There were no known attacks to these vulnerabilities, no detailed workarounds, and 5 products affected by critical severity vulnerabilities. Microsoft did release updates (CVE-2017-11937 and CVE-2017-11940) to their Malware Protection Engine out of band on the Dec 8th. This out of band release is due to the fact that the update is applied with antimalware signatures which do not always correspond to the monthly release. The update fixed an issue where a maliciously crafted file could corrupt memory when it is scanned. This update should be deployed automatically so there is usually no action required.

December Patch Tuesday is upon us. Join Ivanti as they present the December Patch Tuesday:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-11886

CVE-2017-11887

CVE-2017-11890

CVE-2017-11894

CVE-2017-11895

CVE-2017-11901

CVE-2017-11903

CVE-2017-11906

CVE-2017-11907

CVE-2017-11912

CVE-2017-11913

CVE-2017-11919

CVE-2017-11930

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Edge

Microsoft Edge

Critical

CVE-2017-11888

CVE-2017-11889

CVE-2017-11893

CVE-2017-11894

CVE-2017-11895

CVE-2017-11905

CVE-2017-11908

CVE-2017-11909

CVE-2017-11910

CVE-2017-11911

CVE-2017-11912

CVE-2017-11914

CVE-2017-11918

CVE-2017-11919

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

 

Windows

Windows 7, 8.1, RT 8.1,  10

Server 2008, 2008 R2, 2012 R2, 2016

Important

CVE-2017-11885

CVE-2017-11899

CVE-2017-11927

*Workaround: No

**Exploited: No

Remote Code Execution

Security Feature Bypass

Information Disclosure

Office, Office Services, and Web Apps

Office 2010, 2013, 2016, 2016 for Mac

Word 2007, 2010, 2013, 2016

SharePoint Enterprise Server 2016

Important

CVE-2017-11934

CVE-2017-11935

CVE-2017-11936

CVE-2017-11939

*Workaround: No

**Exploited: No

Information Disclosure

Remote Code Execution

Elevation of Privilege

Exchange Server

Exchange Server 2013, 2016

Important

CVE-2017-11932

*Workaround: No

**Exploited: No

Spoofing

Chakra

ChakraCore

Critical

CVE-2017-11889

CVE-2017-11893

CVE-2017-11894

CVE-2017-11895

CVE-2017-11905

CVE-2017-11908

CVE-2017-11909

CVE-2017-11910

CVE-2017-11911

CVE-2017-11912

CVE-2017-11914

CVE-2017-11916

CVE-2017-11918

CVE-2017-11919

CVE-2017-11930

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Malware Protection Engine

Endpoint Protection, Security Essentials, Forefront Endpoint Protection, Defender, Intune Endpoint Detection

Critical

CVE-2017-11937

CVE-2017-11940

*Workaround: No

**Exploited: No

Remote Code Execution

Adobe

Flash Player

Critical

CVE-2017-11305

*Workaround: No

**Exploited: No

Remote Code Execution


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.