Randy Franklin Smith's Ultimate Windows Security

Welcome to this October Patch Tuesday Bulletin. This month we have 63 unique CVE’s across 6 products. Four of these products have Critical vulnerabilities that should be remediated this month. There is one zero day so pay close attention to CVE-2017-11826 affecting Microsoft Office. An attacker can exploit this vulnerability by tricking a user to open a malicious file. CVE-2017-11771 and CVE-2017-11772 both have workarounds that can be applied so this may be an option if applying this update may take too long or is not possible. Take some time this month to review security controls that can help mitigate threats from social engineering attacks that make use of malicious office docs exploiting CVE-2017-11826 and others.

October Patch Tuesday is upon us. Join Ivanti as they present the Octobor Patch Tuesday:

Prioritizing updates from Microsoft and 3rd Party vendors
Identifying vulnerabilities targeting users
Industry changes that may impact how you manage updates
Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Internet Explorer	IE 9, 10, 11	Critical	CVE-2017-11790 CVE-2017-11793 CVE-2017-11810 CVE-2017-11813 CVE-2017-11822	Workaround: No *Exploited: No	Information Disclosure Remote Code Execution
Edge	Microsoft Edge	Critical	CVE-2017-11792 CVE-2017-11794 CVE-2017-11796 CVE-2017-11798 CVE-2017-11799 CVE-2017-11800 CVE-2017-11802 CVE-2017-11804 CVE-2017-11805 CVE-2017-11806 CVE-2017-11807 CVE-2017-11808 CVE-2017-11809 CVE-2017-11811 CVE-2017-11812 CVE-2017-11821 CVE-2017-8726	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure
Windows	Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 Windows 7, 8.1, RT 8.1, 10	Critical	CVE-2017-11780 CVE-2017-11781 CVE-2017-11782 CVE-2017-11783 CVE-2017-11762 CVE-2017-11763 CVE-2017-11765 CVE-2017-11769 CVE-2017-11771* CVE-2017-11772* CVE-2017-11779 CVE-2017-11784 CVE-2017-11785 CVE-2017-11814 CVE-2017-11815 CVE-2017-11816 CVE-2017-11817 CVE-2017-11818 CVE-2017-11819 CVE-2017-11823 CVE-2017-11824 CVE-2017-11829 CVE-2017-8689 CVE-2017-8693 CVE-2017-8694 CVE-2017-8703 CVE-2017-8715 CVE-2017-8717 CVE-2017-8718 CVE-2017-8727	Workaround: Yes *Exploited: No	Remote Code Execution Denial of Service Elevation of Privilege Security Feature Bypass Information Disclosure
Office, Office Services, and Web Apps	Office 2010, 2013, 2016, 2016 for Mac Office Web Apps Server 2010, 2013 Outlook 2010, 2013, 2016 SharePoint Server 2013, 2016 Word 2007, 2010, 2013, 2016	Important	CVE-2017-11774 CVE-2017-11775 CVE-2017-11776 CVE-2017-11777 CVE-2017-11786 CVE-2017-11820 CVE-2017-11825 CVE-2017-11826**	Workaround: No *Exploited: Yes	Security Feature Bypass Elevation of Privilege Information Disclosure Remote Code Execution
Skype for Business, Lync	Skype for Business 2016 Lync 2013	Important	CVE-2017-11786	Workaround: No *Exploited: No	Elevation of Privilege
Chakra	ChakraCore	Critical	CVE-2017-11767 CVE-2017-11792 CVE-2017-11796 CVE-2017-11797 CVE-2017-11799 CVE-2017-11801 CVE-2017-11802 CVE-2017-11804 CVE-2017-11805 CVE-2017-11806 CVE-2017-11807 CVE-2017-11808 CVE-2017-11809 CVE-2017-11811 CVE-2017-11812 CVE-2017-11821	Workaround: No *Exploited: No	Remote Code Execution

Research security patch database

Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.

Home

User name:
Password:
	/ Forgot?
	Register

October 2017 Patch Tuesday	"Patch Tuesday: Zero Day in Microsoft Office " - sponsored by ivanti

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2017 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.