November, 2017: Patch Tuesday: 1 Workaround and No Active Attacks

Welcome to this November Patch Tuesday Bulletin. This month we have 54 unique CVE’s across 6 products. Chakra, IE, and Edge have critical vulnerabilities but the remaining are rated important. There were no reported active attacks on vulnerabilities that were listed this month. CVE-2017-11788 had a workaround for a denial of service vulnerability in Windows Search. Take this time in November to review your patch process and try to reduce metrics for “time to test” and “time to deploy”.

November Patch Tuesday is upon us. Join Ivanti as they present the November Patch Tuesday:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10 , 11

Critical

CVE-2017-11869

CVE-2017-11791

CVE-2017-11827

CVE-2017-11834

CVE-2017-11837

CVE-2017-11838

CVE-2017-11843

CVE-2017-11846

CVE-2017-11848

CVE-2017-11855

CVE-2017-11856

CVE-2017-11858

*Workaround: No

**Exploited: No

Remote Code Execution,

Information Disclosure

 

Edge

Microsoft Edge

Critical

CVE-2017-11791

CVE-2017-11803

CVE-2017-11827

CVE-2017-11833

CVE-2017-11836

CVE-2017-11837

CVE-2017-11838

CVE-2017-11839

CVE-2017-11840

CVE-2017-11841

CVE-2017-11843

CVE-2017-11844

CVE-2017-11845

CVE-2017-11846

CVE-2017-11858

CVE-2017-11861

CVE-2017-11862

CVE-2017-11863

CVE-2017-11866

CVE-2017-11870

CVE-2017-11871

CVE-2017-11872

CVE-2017-11873

CVE-2017-11874

*Workaround: No

**Exploited: No

Information Disclosure,

Remote Code Execution,

Security Feature Bypass

 

Windows

Server 2008, 2008 R2, 2012, 2012 R2, 2016

Windows 8, 8.1, 8.1 RT, 10

Important

CVE-2017-13080

CVE-2017-11768

CVE-2017-11788*

CVE-2017-11830

CVE-2017-11831

CVE-2017-11832

CVE-2017-11835

CVE-2017-11842

CVE-2017-11847

CVE-2017-11849

CVE-2017-11850

CVE-2017-11851

CVE-2017-11852

CVE-2017-11853

CVE-2017-11880

*Workaround: Yes

**Exploited: No

Spoofing,

Information Disclosure,

Denial of Service,

Security Feature Bypass,

Elevation of Privilege

 

Office, Office Services, and Web Apps

Office 2007, 2010, 2013, 2016

Office Web Apps 2010

Office Web Apps Server 2013

Word 2007, 2010, 2013, 2016, 2016 for MAC

Excel 2007, 2010, 2013, 2016, 2016 for MAC

Project Server 2013

Important

CVE-2017-11854

CVE-2017-11876

CVE-2017-11877

CVE-2017-11878

CVE-2017-11882

CVE-2017-11884

*Workaround: No

**Exploited: No

Remote Code Execution,

Elevation of Privilege,

Security Feature Bypass

 

ASP.NET and .NET Core

.NET Core 1.1

.NET Core 1.0

.NET Core 2.0

ASP.NET Core 2.0

ASP.NET Core 1.1

ASP.NET Core 1.0

Important

CVE-2017-11770

CVE-2017-11879

CVE-2017-11883

CVE-2017-8700

*Workaround: No

**Exploited: No

Denial of Service,

Elevation of Privilege,

Information Disclosure

Chakra

ChakraCore

Critical

CVE-2017-11791

CVE-2017-11836

CVE-2017-11837

CVE-2017-11838

CVE-2017-11840

CVE-2017-11841

CVE-2017-11843

CVE-2017-11846

CVE-2017-11858

CVE-2017-11861

CVE-2017-11862

CVE-2017-11866

CVE-2017-11870

CVE-2017-11871

CVE-2017-11873

CVE-2017-11874

*Workaround: No

**Exploited: No

Information Disclosure,

Remote Code Execution

Security Feature Bypass

 


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.