Patch Tuesday

Microsoft has released security updates for several products as  part of the company's November 2017 Patch Tuesday, the company's monthly update train.

This month, the Patch Tuesday updates include fixes for 53 security bugs in applications such as the Windows OS, several Office offerings, Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core, and the Chackra Core browser engine.

No zero-days this month

Details about four vulnerabilities were published online before today's patches, but fortunately, none were exploited in real-world attacks. The four are CVE-2017-8700 (ASP.NET Core Information Disclosure), 2017-11827 (Microsoft Browser Memory Corruption)[1, 2], CVE-2017-11848 (Internet Explorer Information Disclosure), and CVE-2017-11883 (ASP.NET Core Denial Of Service).

The Patch Tuesday updates also include two security advisories, one delivering today's Flash updates, and the second, delivering various security-related patches to Office products, part of the Microsoft's Office Defense in Depth Update series.

Besides these, two other security fixes stand out. The first is CVE-2017-11830, a vulnerability that allows attackers to bypass the Windows Device Guard security feature, and CVE-2017-11887, a vulnerability that allows attackers to bypass macro execution protection in Microsoft Excel. Expect CVE-2017-11887 to become a favorite with malware distributors in the following weeks.

Below is a table listing of all the security issues fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.

Adobe has also released security updates, about which you can read here.

Tag CVE ID CVE Title
ASP.NET Core CVE-2017-11883 ASP.NET Core Denial Of Service Vulnerability
.NET Framework CVE-2017-11770 .NET CORE Denial Of Service Vulnerability
Adobe Flash Player ADV170019 November 2017 Flash Security Updates
ASP .NET CVE-2017-8700 ASP.NET Core Information Disclosure Vulnerability
ASP.NET CVE-2017-11879 ASP.NET Core Elevation Of Privilege Vulnerability
Device Guard CVE-2017-11830 Device Guard Security Feature Bypass Vulnerability
Internet Explorer CVE-2017-11856 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-11855 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-11848 Internet Explorer Information Disclosure Vulnerability
Microsoft Browsers CVE-2017-11827 Microsoft Browser Memory Corruption Vulnerability
Microsoft Edge CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11835 Windows EOT Font Engine Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11832 Windows EOT Font Engine Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11851 Windows Kernel Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11852 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11850 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Office CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability
Microsoft Office ADV170020 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability
Microsoft Office CVE-2017-11884 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability
Microsoft Office CVE-2017-11876 Microsoft Project Server Elevation of Privilege Vulnerability
Microsoft Office CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Scripting Engine CVE-2017-11862 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11858 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11846 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11869 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11866 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11837 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11839 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11861 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11841 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11873 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11834 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11791 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11871 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11870 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11840 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11843 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11836 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11838 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Search Component CVE-2017-11788 Windows Search Denial of Service Vulnerability
Windows Kernel CVE-2017-11880 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2017-11831 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2017-11847 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel-Mode Drivers CVE-2017-11853 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-11849 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-11842 Windows Kernel Information Disclosure Vulnerability
Windows Media Player CVE-2017-11768 Windows Media Player Information Disclosure Vulnerability