October, 2017: Patch Tuesday: Zero Day in Microsoft Office

Welcome to this October Patch Tuesday Bulletin. This month we have 63 unique CVE’s across 6 products. Four of these products have Critical vulnerabilities that should be remediated this month. There is one zero day so pay close attention to CVE-2017-11826 affecting Microsoft Office. An attacker can exploit this vulnerability by tricking a user to open a malicious file. CVE-2017-11771 and CVE-2017-11772 both have workarounds that can be applied so this may be an option if applying this update may take too long or is not possible. Take some time this month to review security controls that can help mitigate threats from social engineering attacks that make use of malicious office docs exploiting CVE-2017-11826 and others.

October Patch Tuesday is upon us. Join Ivanti as they present the Octobor Patch Tuesday:

  • Prioritizing updates from Microsoft and 3rd Party vendors
  • Identifying vulnerabilities targeting users
  • Industry changes that may impact how you manage updates
  • Known issues or concerns to look out for

Get an edge with Ivanti Patch Tuesday Analysis

So, without further ado, here’s the chart of MS patches this month.


Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2017-11790

CVE-2017-11793

CVE-2017-11810

CVE-2017-11813

CVE-2017-11822

*Workaround: No

**Exploited: No

Information Disclosure

Remote Code Execution

 

Edge

Microsoft Edge

Critical

CVE-2017-11792

CVE-2017-11794

CVE-2017-11796

CVE-2017-11798

CVE-2017-11799

CVE-2017-11800

CVE-2017-11802

CVE-2017-11804

CVE-2017-11805

CVE-2017-11806

CVE-2017-11807

CVE-2017-11808

CVE-2017-11809

CVE-2017-11811

CVE-2017-11812

CVE-2017-11821

CVE-2017-8726

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

 

Windows

Windows Server 2008, 2008 R2, 2012,

2012 R2, 2016

Windows 7, 8.1, RT 8.1, 10

Critical

CVE-2017-11780

CVE-2017-11781

CVE-2017-11782

CVE-2017-11783

CVE-2017-11762

CVE-2017-11763

CVE-2017-11765

CVE-2017-11769

CVE-2017-11771*

CVE-2017-11772*

CVE-2017-11779

CVE-2017-11784

CVE-2017-11785

CVE-2017-11814

CVE-2017-11815

CVE-2017-11816

CVE-2017-11817

CVE-2017-11818

CVE-2017-11819

CVE-2017-11823

CVE-2017-11824

CVE-2017-11829

CVE-2017-8689

CVE-2017-8693

CVE-2017-8694

CVE-2017-8703

CVE-2017-8715

CVE-2017-8717

CVE-2017-8718

CVE-2017-8727

*Workaround: Yes

**Exploited: No

Remote Code Execution

Denial of Service

Elevation of Privilege

Security Feature Bypass

Information Disclosure

Office, Office Services, and Web Apps

Office 2010, 2013, 2016, 2016 for Mac

Office Web Apps Server 2010, 2013

Outlook 2010, 2013, 2016

SharePoint Server 2013, 2016

Word 2007, 2010, 2013, 2016

 

Important

CVE-2017-11774

CVE-2017-11775

CVE-2017-11776

CVE-2017-11777

CVE-2017-11786

CVE-2017-11820

CVE-2017-11825

CVE-2017-11826**

*Workaround: No

**Exploited: Yes

Security Feature Bypass

Elevation of Privilege

Information Disclosure

Remote Code Execution

Skype for Business, Lync

Skype for Business 2016

Lync 2013

Important

CVE-2017-11786

*Workaround: No

**Exploited: No

Elevation of Privilege

Chakra

ChakraCore

Critical

CVE-2017-11767

CVE-2017-11792

CVE-2017-11796

CVE-2017-11797

CVE-2017-11799

CVE-2017-11801

CVE-2017-11802

CVE-2017-11804

CVE-2017-11805

CVE-2017-11806

CVE-2017-11807

CVE-2017-11808

CVE-2017-11809

CVE-2017-11811

CVE-2017-11812

CVE-2017-11821

 

*Workaround: No

**Exploited: No

Remote Code Execution


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.