Microsoft Patch Tuesday

Microsoft has released security updates as part of its monthly Patch Tuesday release train, and this month, the company has patched 34 issues affecting products such as:

- Microsoft Windows
- Microsoft Office
- Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- Microsoft Malware Protection Engine
- Internet Explorer
- Microsoft Edge
- ChakraCore

None of the security issues Microsoft fixed this month were publicly disclosed or exploited in real-world attacks before updates were released earlier today.

Of all bugs, two remote code execution bugs in the Microsoft Malware Protection Engine stand out —CVE-2017-11937 and CVE-2017-11940.

Both issues were reported by the UK National Cyber Security Centre (NCSC), a branch of the UK Government Communications Headquarters (GCHQ), the country's official intelligence and security agency.

Bleeping Computer ran an article on one of the issues last week when Microsoft shipped an out-of-band update to fix the bug, which is now also included as an update part of the December 2017 Patch Tuesday.

Adobe fixes one Flash Player bug

As it is usual, the Microsoft Patch Tuesday security updates also include Adobe Flash Player fixes. Earlier today, Adobe issued is own Patch Tuesday security bulletin, which this month, only included one solitary bugfix for Adobe Flash Player.

Adobe said Flash Player 28.0.0.126 "addresses a regression that could lead to the unintended reset of the global settings preference file." The bug is classified as a moderate severity issue, and by no means an immediate danger to users.

Below is a table listing of all the security issues fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.

Tag CVE ID CVE Title
Microsoft Office ADV170021 Microsoft Office Defense in Depth Update
Adobe Flash Player ADV170022 December 2017 Flash Security Update
Microsoft Exchange Server ADV170023 Microsoft Exchange Defense in Depth Update
Device Guard CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11888 Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability
Microsoft Malware Protection Engine CVE-2017-11940 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Malware Protection Engine CVE-2017-11937 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2017-11936 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2017-11935 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11886 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11905 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11907 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11916 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11894 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11887 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11919 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11903 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11901 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11908 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11906 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11890 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11889 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11895 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11893 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11909 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11914 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11918 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11930 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11913 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11910 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11911 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11912 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2017-11885 Windows RRAS Service Remote Code Execution Vulnerability
Microsoft Windows CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability

Related Articles:

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Microsoft September 2018 Patch Tuesday Fixes 16 Critical Vulnerabilities

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

Microsoft Releases Windows 10 Cumulative Updates KB4343909 and KB4343897

Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More