CVE-2017-11919

CVE-2017-11919 affects ChakraCore and Internet Explorer in multiple Windows versions (Windows 7 SP1, Server 2008 R2 SP1, 8.1/RT 8.1, 2012 R2, 10 (various builds), and Edge). Root cause: vulnerability in the scripting engine due to how it handles objects in memory, leading to information disclosur...

CVE-2017-11914

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

CVE-2017-11893

CVE-2017-11893 corresponds to a ChakraCore/Edge memory-corruption vulnerability affecting ChakraCore and Microsoft Edge on Windows 10 versions 1511–1709 and Windows Server 2016. The root cause is improper handling of in-memory scripting engine objects, enabling an attacker to execute arbitrary co...

CVE-2017-11889

Technical details for CVE-2017-11889 are not provided in the supplied documents. Please monitor official advisories and vendor advisories for updates, patches, and exact impact guidance once publicly disclosed.

CVE-2017-11905

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ...

CVE-2017-11911

Technical details about CVE-2017-11911 are not publicly available in the provided documents. Connected sources reference other CVEs (e.g., CVE-2017-11930) and do not expose affected product/version or remediation for this CVE.

December Patch Tuesday: Quiet End to the Year

This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based. Overall, this month's updates address are fixes for 3...

Microsoft December Patch Tuesday Update Fixes Six Critical Bugs

Microsoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange. Notable...

December 12, 2017—KB4054517 (OS Build 16299.125)

December 12, 2017—KB4054517 OS Build 16299.125 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

December 12, 2017—KB4053579 (OS Build 14393.1944)

December 12, 2017—KB4053579 OS Build 14393.1944 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where users of SQL Server Reporting Services may not be able to use the...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

December 12, 2017—KB4053581 (OS Build 10240.17709)

December 12, 2017—KB4053581 OS Build 10240.17709 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where users of SQL Server Reporting Services may not be able to use the...

December 12, 2017—KB4053580 (OS Build 15063.786)

December 12, 2017—KB4053580 OS Build 15063.786 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

December 12, 2017—KB4054520 (Monthly Rollup)

December 12, 2017—KB4054520 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4050945released November 27, 2017 and addresses the following issues: Addresses additional issues with updated time zone information. Security update...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...

December 12, 2017—KB4054518 (Monthly Rollup)

December 12, 2017—KB4054518 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4051034 released November 27, 2017 and addresses the following issues: Addresses issue where users of SQL Server Reporting Services may not be able t...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...