CVE-2017-11914

CVE-2017-11914 concerns a memory handling issue in the ChakraCore scripting engine used by ChakraCore and Microsoft Edge on Windows 10 (versions 1511, 1607, 1703, 1709) and Windows Server 2016. The root cause is described as how the scripting engine handles objects in memory, leading to a memory ...

CVE-2017-11918

CVE-2017-11918 is described as a ChakraCore/Edge memory-corruption issue in the scripting engine that could allow an attacker to execute code with the current user’s rights. Connected advisories cite ChakraCore-related RCE vulnerabilities affecting Windows 10 variants and Windows Server 2016, att...

CVE-2017-11916

Technical details for CVE-2017-11916 are not publicly available in the provided documents; monitor for updates.

CVE-2017-11919

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 201...

CVE-2017-11912

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...

CVE-2017-11919

CVE-2017-11919 affects ChakraCore and Internet Explorer in multiple Windows versions (Windows 7 SP1, Server 2008 R2 SP1, 8.1/RT 8.1, 2012 R2, 10 (various builds), and Edge). Root cause: vulnerability in the scripting engine due to how it handles objects in memory, leading to information disclosur...

CVE-2017-11914

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

CVE-2017-11911

Technical details about CVE-2017-11911 are not publicly available in the provided documents. Connected sources reference other CVEs (e.g., CVE-2017-11930) and do not expose affected product/version or remediation for this CVE.

CVE-2017-11893

CVE-2017-11893 corresponds to a ChakraCore/Edge memory-corruption vulnerability affecting ChakraCore and Microsoft Edge on Windows 10 versions 1511–1709 and Windows Server 2016. The root cause is improper handling of in-memory scripting engine objects, enabling an attacker to execute arbitrary co...

CVE-2017-11905

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ...

CVE-2017-11889

Technical details for CVE-2017-11889 are not provided in the supplied documents. Please monitor official advisories and vendor advisories for updates, patches, and exact impact guidance once publicly disclosed.

December Patch Tuesday: Quiet End to the Year

This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based. Overall, this month's updates address are fixes for 3...

Microsoft December Patch Tuesday Update Fixes Six Critical Bugs

Microsoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange. Notable...

December 12, 2017—KB4054517 (OS Build 16299.125)

December 12, 2017—KB4054517 OS Build 16299.125 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

December 12, 2017—KB4053580 (OS Build 15063.786)

December 12, 2017—KB4053580 OS Build 15063.786 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

December 12, 2017—KB4053579 (OS Build 14393.1944)

December 12, 2017—KB4053579 OS Build 14393.1944 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where users of SQL Server Reporting Services may not be able to use the...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

December 12, 2017—KB4054520 (Monthly Rollup)

December 12, 2017—KB4054520 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4050945released November 27, 2017 and addresses the following issues: Addresses additional issues with updated time zone information. Security update...

December 12, 2017—KB4053581 (OS Build 10240.17709)

December 12, 2017—KB4053581 OS Build 10240.17709 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where users of SQL Server Reporting Services may not be able to use the...