Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
talosblog[email protected] (Edmund Brumaghin)TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148
HistoryNov 14, 2017 - 11:54 a.m.

Microsoft Patch Tuesday - November 2017

2017-11-1411:54:00
[email protected] (Edmund Brumaghin)
feedproxy.google.com
171

0.974 High

EPSS

Percentile

99.9%

JSON

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.<br /><br />In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked structure elements. A specifically crafted PDF document designed to trigger the vulnerability could cause an out-of-bounds access on the heap, potentially leading to arbitrary code execution. More details regarding this vulnerability are available <a href=“https://talosintelligence.com/vulnerability_reports/TALOS-2017-0356”>here</a>.<br /><br /><a></a><h2>Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated “Critical” by Microsoft:<br /><br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836”>CVE-2017-11836 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837”>CVE-2017-11837 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838”>CVE-2017-11838 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839”>CVE-2017-11839 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840”>CVE-2017-11840 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841”>CVE-2017-11841 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11843”>CVE-2017-11843 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11845”>CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11846”>CVE-2017-11846 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855”>CVE-2017-11855 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856”>CVE-2017-11856 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858”>CVE-2017-11858 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11861”>CVE-2017-11861 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11862”>CVE-2017-11862 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11866”>CVE-2017-11866 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869”>CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870”>CVE-2017-11870 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871”>CVE-2017-11871 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873”>CVE-2017-11873 - Scripting Engine Memory Corruption Vulnerability</a></li></ul><br /><h3>Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the scripting engine of Microsoft Edge that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11836</li><li>CVE-2017-11839</li><li>CVE-2017-11840</li><li>CVE-2017-11841</li><li>CVE-2017-11861</li><li>CVE-2017-11862</li><li>CVE-2017-11866</li><li>CVE-2017-11870</li><li>CVE-2017-11871</li><li>CVE-2017-11873</li></ul><h3>Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified affecting the scripting engine in Microsoft browsers. These vulnerabilities manifest due to the scripting engine improperly handling objects in memory. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked “safe for initialization.”<br /><br />The following is a list of CVEs related to these vulnerabilities.<br /><ul><li>CVE-2017-11837 </li><li>CVE-2017-11838</li><li>CVE-2017-11843</li><li>CVE-2017-11846</li><li>CVE-2017-11858 </li></ul><h3>CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</h3><br />A remote code vulnerability has been identified that affects Microsoft Edge. The vulnerability is related to the way Microsoft Edge accesses objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same access rights as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open. <br /><br /><h3>Multiple CVEs - Internet Explorer Memory Corruption Vulnerability</h3><br />Two remote code vulnerabilities have been discovered that affect Internet Explorer. These vulnerabilities are related to the way Internet Explorer accesses objects in memory. Successful exploitation of these vulnerabilities could result in the execution of arbitrary code with the same access rights as the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11855</li><li>CVE-2017-11856 </li></ul><h3>CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</h3><br />A vulnerability has been identified in the scripting engine of Internet Explorer that could allow an attacker to execute arbitrary code. These vulnerability manifest due to Internet Explorer improperly accessing objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br /><h2>Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated “Important” by Microsoft:<br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768”>CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770”>CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788”>CVE-2017-11788 - Windows Search Denial of Service Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791”>CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11803”>CVE-2017-11803 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827”>CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830”>CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11831”>CVE-2017-11831 - Windows Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832”>CVE-2017-11832 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833”>CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834”>CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835”>CVE-2017-11835 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11842”>CVE-2017-11842 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11844”>CVE-2017-11844 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847”>CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11849”>CVE-2017-11849 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850”>CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11851”>CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852”>CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11853”>CVE-2017-11853 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854”>CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863”>CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872”>CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874”>CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877”>CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878”>CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879”>CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880”>CVE-2017-11880 - Windows Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882”>CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884”>CVE-2017-11884 - Microsoft Office Memory Corruption Vulnerability</a></li></ul><h3>CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Windows Media Player. This vulnerability manifests due to Windows Media Player improperly disclosing file information. In order to exploit this vulnerability an attacker would need to authenticate to an affected system and execute a program designed to exploit this vulnerability. Successful exploitation of this vulnerability would allow an attacker to enumerate the existence of files stored on an affected system.<br /><br /><h3>Multiple CVEs - ASP.NET Core Denial Of Service Vulnerability</h3><br />Multiple denial of service vulnerabilities have been identified that affect ASP.NET Core. These vulnerabilities manifest due to .NET Core improperly handling web requests. These vulnerabilities could be exploited remotely by an unauthenticated attacker. Successful exploitation could result in a denial of service condition. <br /><br />The following CVEs are related to these vulnerabilities:<br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770”>CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883”>CVE-2017-11883 - ASP.NET Core Denial Of Service Vulnerability</a></li></ul><h3>CVE-2017-11788 - Windows Search Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified that affects Windows Search. This vulnerability manifests due to Windows Search improperly handling objects in memory. This vulnerability could be exploited by sending specially crafted messages to the Windows Search service. Additionally this vulnerability could be exploited by an unauthenticated remote attacker via Server Message Block (SMB). Successful exploitation of this vulnerability could result in a denial of service condition on affected systems.<br /><br /><h3>CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to Microsoft browsers improperly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br /><h3>Multiple CVEs - Microsoft Edge Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Edge. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11803</li><li>CVE-2017-11844</li></ul><h3>CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to the way in which Microsoft browsers access objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability or convincing a user to open a malicious email attachment.<br /><br /><h3>CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Device Guard. This vulnerability manifests due to the way in which Device Guard incorrectly validates untrusted files. Successful exploitation of this vulnerability could allow an attacker to make an unsigned file appear as if it is signed, allowing an attacker to execute malicious files on affected systems.<br /><br /><h3>Multiple CVEs - Windows Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified that affect the Windows kernel. These vulnerabilities manifest due to the Windows kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Exploiting these vulnerabilities would require an attacker to authenticate to an affected device and execute an application designed to exploit this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11831</li><li>CVE-2017-11880</li></ul><h3>Multiple CVEs - Windows EOT Font Engine Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Windows Embedded OpenType (EOT). These vulnerabilities manifest due to the way in which the font engine parses embedded fonts. Successful exploitation of these vulnerabilities could allow an attacker to obtain information that could be used for subsequent attacks against an affected system. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11832</li><li>CVE-2017-11835</li></ul><h3>CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft Edge. This vulnerability manifests due to the way in which Microsoft Edge handles cross-origin requests. This vulnerability could be leveraged by an attacker to determine the origin of webpages within an affected browser. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3>CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability was identified that affects Internet Explorer. This vulnerability manifests due to the scripting engine in Internet Explorer not properly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used in additional attacks. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3>Multiple CVEs - Windows Kernel Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities were identified that affect the Windows Kernel-Mode Drivers. These vulnerabilities manifest due to the Windows Kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used in subsequent attacks to further compromise an affected system. Exploitation of these vulnerabilities would require an attacker to log in and execute a program specifically designed to exploit them.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11842</li><li>CVE-2017-11849</li><li>CVE-2017-11853</li></ul><h3>CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified that affects the Windows Kernel. This vulnerability manifests due to the Windows Kernel failing to properly handle objects in memory. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability and could allow an attacker to run arbitrary code in kernel memory.<br /><br /><h3>CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3>CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3>CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3>CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. This vulnerability manifests due to Microsoft Office improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the context of the current user. In order to exploit this vulnerability, an attacker would need to create a specially crafted file and convince a user to open it within an affected version of Microsoft Office.<br /><br /><h3>CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass has been identified in Microsoft Edge that could allow an attacker to load a page containing malicious content without the user’s knowledge or consent. This vulnerability manifests in the Edge Content Security Policy where certain specially crafted documents are improperly validated. An attacker could exploit this vulnerability by convincing a user to navigate to a malicious page or by injecting malicious content into page, such as an advertisement, thereby bypassing the Content Security Policy.<br /><br /><h3>CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass Cross-Origin Resource Sharing restrictions. This vulnerability manifests as a result of Edge improperly handling redirect requests and following redirect requests that should otherwise be ignored. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page. Attackers could also leverage vulnerable or compromised web pages exploit this vulnerability.<br /><br /><h3>CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass the Control Flow Guard. This vulnerability manifests as a result of the Edge Just-In-Time compiler incorrectly handling memory operations in compiled code. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page.<br /><br /><h3>CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office failing to enforce macro settings on Excel documents. Exploitation of this vulnerability does not result in code execution and requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Excel.<br /><br /><h3>CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office not properly handling objects in memory. Successful exploitation of this vulnerability could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br /><h3>CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</h3><br />An open redirect vulnerability has been identified at affects ASP.NET Core. Exploitation of this vulnerability could result in privilege escalation. In order to exploit this vulnerability an attacker would need to create a specially crafted URL which could be used to redirect the victim’s browser session to a malicious site and obtain login session information.<br /><br /><h3>Multiple CVEs - Microsoft Office Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified that affect Microsoft Office. These vulnerabilities are related to Microsoft Office not properly handling objects in memory. Successful exploitation of these vulnerabilities could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11882</li><li>CVE-2017-11884</li></ul><br /><h2>Vulnerabilities Rated Moderate</h2><br />The following vulnerabilities are rated “Moderate” by Microsoft:<br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848”>CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876”>CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700”>CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</a></li></ul><h3>CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Internet Explorer. This vulnerability manifests due to the way in which Internet Explorer handles page contents. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to detect navigation of a user leaving a malicious web page. <br /><br /><h3>CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been discovered affecting Microsoft Project. It is related to the way in which Microsoft Project Server improperly manages user sessions. The victim must be logged in to the target site in order for this vulnerability to be exploited. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to access content that the attacker is not authorized to access or impersonate the user within the web application. It could also enable the attacker to inject malicious contents into the victim’s browser.<br /><br /><h3>CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects ASP.net Core. This vulnerability could enable an attacker to bypass Cross-Origin Resource Sharing (CORS) configurations. Successful exploitation of this vulnerability could allow an attacker to access content that they are not authorized to access from within a web application.<br /><br /><h2>Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.<br /><br />Snort Rules:<br /><ul><li>43120-43121</li><li>44809-44834</li><li>44838-44839</li><li>44843-44846</li></ul>For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal:<a href=“http://www.talosintelligence.com/vulnerability-reports/”> </a><a href=“http://www.talosintelligence.com/vulnerability-reports/”>http://www.talosintelligence.com/vulnerability-reports/</a><br /><br /><a href=“http://www.talosintelligence.com/vulnerability-reports/”></a><br /><br />To review our Vulnerability Disclosure Policy, please visit this site:<br /><br /><a href=“http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html”>http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html</a><br /><br /><a href=“http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html”></a><br /><br /><div>
<a href=“http://feeds.feedburner.com/~ff/feedburner/Talos?a=gKTSu-yN4pM:3HD9OhLzN18:yIl2AUoC8zA”><img src=“http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA”></img></a>
</div><img src=“http://feeds.feedburner.com/~r/feedburner/Talos/~4/gKTSu-yN4pM” height=“1” width=“1” alt />

Related

mskb 23
openvas 22
trendmicroblog 1
nessus 17
kaspersky 6
threatpost 2
prion 41
cve 44
github 4
osv 5
thn 2
veracode 4
qualysblog 1
krebs 1
attackerkb 1
checkpoint_advisories 3
symantec 9
mscve 9
redhatcve 1
zdi 2
zdt 1
mskb
mskb
November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)
2017-11-14 08:00:00
November 14, 2017—KB4048953 (OS Build 14393.1884)
2017-11-14 08:00:00
November 14, 2017—KB4048958 (Monthly Rollup)
2017-11-14 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4048954)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048953)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048956)
2017-11-15 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
nessus
nessus
KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update
2017-11-14 00:00:00
KB4048953: Windows 10 Version 1607 and Windows Server 2016 November 2017 Cumulative Update
2017-11-14 00:00:00
KB4048952: Windows 10 Version 1511 November 2017 Cumulative Update
2017-11-14 00:00:00
kaspersky
kaspersky
KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2017-11-14 00:00:00
KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)
2017-11-14 00:00:00
KLA11136 Multiple vulnerabilities in Microsoft Windows
2017-11-14 00:00:00
threatpost
threatpost
Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities
2017-11-14 17:10:48
Microsoft Patches 17-Year-Old Office Bug
2017-11-15 13:11:21
prion
prion
Memory corruption
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
cve
cve
CVE-2017-11846
2017-11-15 03:29:00
CVE-2017-11837
2017-11-15 03:29:00
CVE-2017-11858
2017-11-15 03:29:00
github
github
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
osv
osv
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
thn
thn
Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
2017-11-14 20:46:00
17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
2017-11-14 23:06:00
veracode
veracode
Remote Code Execution (RCE)
2018-12-03 05:21:16
Denial Of Service (DoS)
2018-07-06 06:38:14
Denial Of Service (DoS)
2019-01-15 09:19:26
qualysblog
qualysblog
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
2017-11-14 19:37:26
krebs
krebs
Adobe, Microsoft Patch Critical Cracks
2017-11-14 23:12:32
attackerkb
attackerkb
CVE-2017-11882
2017-11-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Memory Corruption (CVE-2017-11878)
2017-11-14 00:00:00
Microsoft Edge Memory Corruption (CVE-2017-11845)
2017-11-14 00:00:00
Microsoft Word Memory Corruption (CVE-2017-11854)
2017-11-14 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-11844 Information Disclosure Vulnerability
2017-11-14 00:00:00
Microsoft Word CVE-2017-11854 Memory Corruption Vulnerability
2017-11-14 00:00:00
Microsoft Edge CVE-2017-11874 Security Bypass Vulnerability
2017-11-14 00:00:00
mscve
mscve
Microsoft Edge Security Feature Bypass Vulnerability
2017-11-14 08:00:00
Microsoft Edge Memory Corruption Vulnerability
2017-11-14 08:00:00
Microsoft Office Remote Code Execution Vulnerability
2017-11-14 08:00:00
redhatcve
redhatcve
CVE-2017-11770
2019-10-10 03:43:34
zdi
zdi
Microsoft Office Excel Workbook Use-After-Free Remote Code Execution Vulnerability
2017-11-20 00:00:00
Microsoft Windows JavaScript Array Use-After-Free Remote Code Execution Vulnerability
2017-11-20 00:00:00
zdt
zdt
Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability
2017-12-06 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148
mskb23openvas22trendmicroblog1nessus17kaspersky6threatpost2prion41cve44github4osv5thn2veracode4qualysblog1krebs1attackerkb1checkpoint_advisories3symantec9mscve9redhatcve1zdi2zdt1