Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
talosblog[email protected] (Alexander Chiu)TALOSBLOG:D985A5A21B218B47A518D6D4AB858393
HistoryOct 10, 2017 - 1:25 p.m.

Microsoft Patch Tuesday - October 2017

2017-10-1013:25:00
[email protected] (Alexander Chiu)
feedproxy.google.com
91

0.951 High

EPSS

Percentile

99.1%

JSON

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. <br /><br /><a></a><br /><h2>Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated “Critical” by Microsoft: <br /><br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11813”>CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11822”>CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11762”>CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11763”>CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11797”>CVE-2017-11797 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767”>CVE-2017-11767 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11792”>CVE-2017-11792 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11793”>CVE-2017-11793 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11796”>CVE-2017-11796 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11798”>CVE-2017-11798 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11799”>CVE-2017-11799 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800”>CVE-2017-11800 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11801”>CVE-2017-11801 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802”>CVE-2017-11802 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11804”>CVE-2017-11804 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11805”>CVE-2017-11805 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11806”>CVE-2017-11806 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11807”>CVE-2017-11807 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11808”>CVE-2017-11808 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809”>CVE-2017-11809 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11810”>CVE-2017-11810 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11811”>CVE-2017-11811 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812”>CVE-2017-11812 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821”>CVE-2017-11821 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779”>CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11771”>CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8727”>CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11819”>CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability</a></li></ul><h3>CVE-2017-11813, CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability</h3><br />Two vulnerabilities have been identified in Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specially crafted webpage that exploits one of these flaws.<br /><br /><h3>CVE-2017-11762, CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability</h3><br />Two vulnerabilities have been identified in the font library of the Microsoft Graphics Component that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to the library incorrectly handling specialty embedded fonts within a web page or document. Exploitation of these two vulnerabilities could be achieved if a user navigates to a malicious web page or if the user opens a specially crafted document that exploits these vulnerabilities.<br /><br /><h3>Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked “safe for initialization.”<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><br /><ul><li>CVE-2017-11767</li><li>CVE-2017-11792</li><li>CVE-2017-11793</li><li>CVE-2017-11796</li><li>CVE-2017-11797</li><li>CVE-2017-11798</li><li>CVE-2017-11799</li><li>CVE-2017-11800</li><li>CVE-2017-11801</li><li>CVE-2017-11802</li><li>CVE-2017-11804</li><li>CVE-2017-11805</li><li>CVE-2017-11806</li><li>CVE-2017-11807</li><li>CVE-2017-11808</li><li>CVE-2017-11809</li><li>CVE-2017-11810</li><li>CVE-2017-11811</li><li>CVE-2017-11812</li><li>CVE-2017-11821</li></ul><h3>CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability</h3><br />A remote code execution vulnerability has been identified in Windows DNS that could allow an attacker to execute arbitrary code in the context of the Local System account. This vulnerability manifests in DNSAPI.dll as a result of improperly handling DNS responses. A scenario where this vulnerability could be exploited would be one where an attacker stand ups a malicious DNS server to transmit specially crafted DNS responses to the target.<br /><br /><h3>CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in Window Search that could allow an attacker to elevate their privileges and subsequently execute code in the elevated context. This vulnerability manifests due to improper handling of objects in memory. For this vulnerability to be exploited, an attacker would need to either have access to the targeted host to exploit this vulnerability, or remotely trigger it through an SMB connection.<br /><br /><h3>CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified in Internet Explorer which could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability manifests as a result of Internet Explorer improperly accessing objects in memory via the Microsoft Windows Text Services Framework. An attacker could create a specially crafted web page that exploits this vulnerability and subsequently socially engineer a user to visit the page to compromise users. Additionally, attackers could leverage vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit and compromise users.<br /><br /><h3>CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability</h3><br />A remote code execution vulnerability has been identified in Microsoft web browsers which manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. An attacker could leverage this vulnerability to exploit users by crafting a specially formed web page and socially engineering users to visit such a page. Other scenarios include an attacker leveraging vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit this vulnerability and compromise users.<br /><br /><h2>Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated “important” by Microsoft:<br /><br /><ul><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790”>CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11794”>CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726”>CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8693”>CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717”>CVE-2017-8717 - Microsoft JET Database Engine Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718”>CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826”>CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825”>CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775”>CVE-2017-11775 - Microsoft Office SharePoint XSS Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11777”>CVE-2017-11777 - Microsoft Office SharePoint XSS Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11820”>CVE-2017-11820 - Microsoft Office SharePoint XSS Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776”>CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774”>CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11772”>CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823”>CVE-2017-11823 - Microsoft Windows Security Feature Bypass</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786”>CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11769”>CVE-2017-11769 - TRIE Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689”>CVE-2017-8689 - Win32k Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8694”>CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11783”>CVE-2017-11783 - Windows Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11816”>CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11824”>CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11817”>CVE-2017-11817 - Windows Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11765”>CVE-2017-11765 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11784”>CVE-2017-11784 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11785”>CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814”>CVE-2017-11814 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715”>CVE-2017-8715 - Windows Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781”>CVE-2017-11781 - Windows SMB Denial of Service Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782”>CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815”>CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780”>CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11818”>CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8703”>CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability</a></li><li><a href=“https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11829”>CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability</a></li></ul><h3>CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Internet Explorer that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Internet Explorer improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.<br /><br /><h3>CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Edge that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Edge improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.<br /><br /><h3>CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified in Edge that could allow an attacker to execute arbitrary code in the context of the user. This vulnerability manifests due to Edge improperly handling objects in memory. Possible scenarios where an attacker could compromise a user could include a web-based attacks where a user navigates to a specially crafted web page under the attacker’s control. Other possibilities include a user opening a Microsoft Office document containing an embedded ActiveX control marked “safe for initialization”.<br /><br /><h3>CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. <br /><br /><h3>CVE-2017-8717, CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability</h3><br />Two arbitrary code execution vulnerabilities have been identified in the Microsoft JET Database Engine that could allow an attacker to execute arbitrary code in the context of the current user. These vulnerabilities manifest as buffer overflow conditions when triggered. For an attacker to successfully exploit these vulnerabilities, a user would need to open or preview a specially crafted Microsoft Excel document on an affected version of Windows. An email-based attack where an attacker sends a victim a specially crafted Excel document is the most likely scenario where a user could be compromised.<br /><br /><h3>CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability</h3><br />A vulnerability have been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker’s choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. Note that in certain conditions, the Preview Pane is an attack vector as well.<br /><br /><h3>CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker’s choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document.<br /><br /><h3>Multiple CVEs - Microsoft Office SharePoint XSS Vulnerability</h3><br />Multiple vulnerabilities in Microsoft Office Sharepoint have been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. These vulnerabilities manifest due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of these flaws could allow an attacker to execute scripts in the context of the current user, read content that the attacker would not otherwise have permission to view, or execute actions on behalf of the affected user.<br /><br />The following CVEs reflect these vulnerabilities:<br /><br /><ul><li>CVE-2017-11775</li><li>CVE-2017-11777</li><li>CVE-2017-11820</li></ul><h3>CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability in Microsoft Outlook has been identified that could leak sensitive information to third-parties. This vulnerability manifests when Outlook fails to establish a secure connection. An attacker who exploits this vulnerability could obtain the email content of a user.<br /><br /><h3>CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Outlook that could be used to execute arbitrary commands. This vulnerability manifests due to Office improperly handling objects in memory. A user who opens a specially crafted document file could be exploited. A scenario where this could occur would be in a file-sharing attack where an attacker gives the user a file and socially engineers them to open it.<br /><br /><h3>CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Windows Search that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Window Search improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user sends specially crafted messages to the Window Search service. Alternatively, this vulnerability could be exploited remotely in an enterprise setting over an SMB connection from an unauthenticated attacker. <br /><br /><h3>CVE-2017-11823 - Microsoft Windows Security Feature Bypass</h3><br />A vulnerability had been identified in Device Guard that could allow an attacker bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.<br /><br /><h3>CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified in Skype for Business that could allow an authenticated attacker to potentially impersonate a user. This vulnerability manifests due to Skype for Business improperly handling specific authentication requests. An attacker who initiates an instant message session while a specially crafted profile image is set could exploit this vulnerability and steal an authentication hash that could be reused in different contexts. Successful exploitation would allow an attacker to perform actions that a user is permitted to do, resulting in various outcomes such as privilege escalation.<br /><br /><h3>CVE-2017-11769 - TRIE Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in Windows that could allow an attacker to execute code in the context of the current user. This vulnerability manifests due to the way certain Windows components improperly handle loading DLL files. Successful exploitation could allow an attacker to perform actions or execute commands within the context of the current user.<br /><br /><h3>CVE-2017-8689, CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability</h3><br />Two vulnerabilities in Windows Kernel-Mode Drivers have been identified that could allow a privilege escalation attack to occur. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specifically crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.<br /><br /><h3>CVE-2017-11783 - Windows Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified in Windows that could allow an authenticated attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC). A user who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.<br /><br /><h3>CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Device Interface (GDI) that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the GDI improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. <br /><br /><h3>CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability.<br /><br /><h3>CVE-2017-11817 - Windows Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the kernel improperly initializing objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. <br /><br /><h3>CVE-2017-11784, CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain memory addresses and bypass Kernel Address Space Layout Randomization (KASLR). Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. <br /><br /><h3>CVE-2017-11765, CVE-2017-11814 - Windows Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. These vulnerabilities manifest due to the kernel improperly initializing objects in memory. Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. <br /><br /><h3>CVE-2017-8715 - Windows Security Feature Bypass Vulnerability</h3><br />A vulnerability had been identified in Device Guard that could allow an attacker to bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.<br /><br /><h3>CVE-2017-11781 - Windows SMB Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified in Microsoft SMB that could allow an attacker to crash an affected host. This vulnerability manifests due to SMB improperly handling certain requests. An attacker who sends a vulnerable server specially crafted requests could exploit this vulnerability and create a denial of service condition for users.<br /><br /><h3>CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified in the default Windows SMB Server configuration that could allow anonymous users to access certain named pipes. These named pipes could be used to send specially crafted requests to services that accept requests via named pipes. An attacker who is able to send SMB messages to an affected SMB server could exploit this vulnerability.<br /><br /><h3>CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Windows SMB that could allow an attacker to access files they otherwise should not have access to. This vulnerability manifests due to SMB server improperly handling certain requests. An attacker who is able to authenticate to the SMB server and send it SMB messages could exploit this vulnerability.<br /><br /><h3>CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability</h3><br />A remote code execution vulnerability has been identified in Microsoft Server Message Block 1.0 (SMBv1) which could allow an attacker to compromise SMBv1 servers. This vulnerability manifests due to the way SMBv1 servers handle certain requests. Exploitation of this vulnerability could be achieved by an unauthenticated attacker by sending specially crafted requests to the affected server.<br /><br /><h3>CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability</h3><br />A security feature bypass has been identified in Microsoft Windows storage which could allow an application with a certain integrity level to execute code at a different level. This vulnerability manifests due to Windows improperly validating an integrity-level check.<br /><br /><h3>CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified in the Windows Subsystem for Linux (WSL). This vulnerability manifests as due to the WSL improperly handling objects in memory. An attacker who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.<br /><br /><h3>CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified in Windows Update Delivery Optimization that could allow an attacker to overwrite files of a higher privilege than what the attacker possesses. This vulnerability manifests due to Windows Update Delivery Optimization improperly enforcing file share permissions. An attacker who is able to log into the system and create a Delivery Optimization job could exploit this vulnerability.<br /><br /><h2>Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.<br /><br />Snort Rules:<br /><br /><ul><li>44333-44334</li><li>44508-44519</li><li>44526-44529</li><li>44532-44533</li></ul><div>
<a href=“http://feeds.feedburner.com/~ff/feedburner/Talos?a=As9MZaE7IyE:eG0TMScPdq0:yIl2AUoC8zA”><img src=“http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA”></img></a>
</div><img src=“http://feeds.feedburner.com/~r/feedburner/Talos/~4/As9MZaE7IyE” height=“1” width=“1” alt />

Related

trendmicroblog 1
nessus 15
openvas 16
kaspersky 5
myhack58 1
mskb 22
veracode 13
prion 41
osv 22
github 9
cve 40
thn 1
threatpost 1
qualysblog 1
krebs 1
huawei 1
symantec 3
mscve 1
exploitpack 1
zdi 1
checkpoint_advisories 1
seebug 2
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017
2017-10-13 14:03:59
nessus
nessus
KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)
2017-10-10 00:00:00
KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)
2017-10-10 00:00:00
KB4042895: Windows 10 October 2017 Cumulative Update (KRACK)
2017-11-03 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4041691)
2017-10-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4041676)
2017-10-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4041689)
2017-10-11 00:00:00
kaspersky
kaspersky
KLA11111 Multiple vulnerabilities in Microsoft Windows
2017-10-10 00:00:00
KLA11108 Multiple vulnerabilities in Microsoft Products (ESU)
2017-10-10 00:00:00
KLA11112 Multiple vulnerabilities in Microsoft Browsers
2017-10-10 00:00:00
myhack58
myhack58
Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net
2017-10-12 00:00:00
mskb
mskb
October 10, 2017—KB4041691 (OS Build 14393.1770)
2017-10-16 07:00:00
October 10, 2017—KB4041689 (OS Build 10586.1176)
2017-10-16 07:00:00
October 10, 2017—KB4041676 (OS Build 15063.674)
2017-10-16 07:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-07-06 01:23:32
Remote Code Execution (RCE)
2018-07-06 03:32:06
Remote Code Execution (RCE)
2018-07-06 01:13:45
prion
prion
Memory corruption
2017-10-13 13:29:00
Memory corruption
2017-10-13 13:29:00
Memory corruption
2017-10-13 13:29:00
osv
osv
CVE-2017-11799
2017-10-13 13:29:01
CVE-2017-11806
2017-10-13 13:29:01
CVE-2017-11821
2017-10-13 13:29:01
github
github
ChakraCore RCE Vulnerability
2022-05-17 00:32:03
ChakraCore RCE Vulnerability
2022-05-17 00:32:12
ChakraCore RCE Vulnerability
2022-05-17 00:32:03
cve
cve
CVE-2017-11801
2017-10-13 13:29:00
CVE-2017-11809
2017-10-13 13:29:00
CVE-2017-11808
2017-10-13 13:29:00
thn
thn
Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack
2017-10-10 22:06:00
threatpost
threatpost
Microsoft Patches Office Bug Actively Being Exploited
2017-10-10 16:44:08
qualysblog
qualysblog
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
2017-10-10 18:23:41
krebs
krebs
Microsoft’s October Patch Batch Fixes 62 Flaws
2017-10-11 14:18:40
huawei
huawei
Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows
2017-12-20 00:00:00
symantec
symantec
Microsoft Office SharePoint CVE-2017-11820 Cross Site Scripting Vulnerability
2017-10-10 00:00:00
Microsoft Office CVE-2017-11825 Remote Code Execution Vulnerability
2017-10-10 00:00:00
Microsoft Edge CVE-2017-11794 Information Disclosure Vulnerability
2017-10-10 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2017-10-10 07:00:00
exploitpack
exploitpack
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
2018-02-20 00:00:00
zdi
zdi
Microsoft Edge substringData Use-After-Free Information Disclosure Vulnerability
2017-10-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Device Guard Security Feature Bypass (CVE-2017-11823)
2017-10-16 00:00:00
seebug
seebug
Microsoft Windows Device Guard Local Security Bypass Vulnerability(CVE-2017-11823)
2017-10-17 00:00:00
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11817)
2017-10-17 00:00:00

0.951 High

EPSS

Percentile

99.1%

JSON
Related for TALOSBLOG:D985A5A21B218B47A518D6D4AB858393
trendmicroblog1nessus15openvas16kaspersky5myhack581mskb22veracode13prion41osv22github9cve40thn1threatpost1qualysblog1krebs1huawei1symantec3mscve1exploitpack1zdi1checkpoint_advisories1seebug2