Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: December Microsoft Patch Tuesday Summary - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
December Microsoft Patch Tuesday Summary

Microsoft today patched 36 different vulnerabilities (+ Flash). Luckily, none of the vulnerabilities have been exploited in the wild of have been disclosed prior to today. The list includes the malware protection engine update that was released on Friday. Probably the most interesting vulnerability is the remote code execution in Windows RRAS. (CVE-2017-11885). According to Microsoft, this vulnerability can be exploited via RPC on servers that have routing enabled. (RRAS is the Routing and Remote Access Service). I am a bit confused why Microsoft rates this one only as "important". Maybe because RRAS is not enabled by default.

CVE Description
Disclosed Exploited Exploitability (old versions) current version Severity
CVE-2017-11885 Windows RRAS Service Remote Code Execution Vulnerability
No No Less Likely Less Likely Important
CVE-2017-11889 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11890 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11893 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11895 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability
No No Less Likely Less Likely Important
CVE-2017-11901 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11903 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11906 Scripting Engine Information Disclosure Vulnerability
No No More Likely More Likely Important
CVE-2017-11908 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11909 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11910 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11911 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11912 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11913 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Important
CVE-2017-11914 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11918 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability
No No Less Likely Less Likely Important
CVE-2017-11930 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability
No No Less Likely Less Likely Important
CVE-2017-11937 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
No No Less Likely Less Likely Critical
ADV170021 Microsoft Office Defense in Depth Update
No No More Likely More Likely None
ADV170023 Microsoft Exchange Defense in Depth Update
No No - - None
CVE-2017-11886 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11887 Scripting Engine Information Disclosure Vulnerability
No No More Likely More Likely Important
CVE-2017-11888 Microsoft Edge Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11894 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11907 Scripting Engine Memory Corruption Vulnerability
No No More Likely More Likely Critical
CVE-2017-11905 Scripting Engine Memory Corruption Vulnerability
No No - - Critical
CVE-2017-11916 Scripting Engine Memory Corruption Vulnerability
No No - - Important
CVE-2017-11919 Scripting Engine Information Disclosure Vulnerability
No No More Likely More Likely Important
CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability
No No Less Likely Less Likely Important
CVE-2017-11935 Microsoft Excel Remote Code Execution Vulnerability
No No - - Important
CVE-2017-11936 Microsoft SharePoint Elevation of Privilege Vulnerability
No No - - Important
ADV170022 December 2017 Flash Security Update
No No - - Critical
CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability
No No - - Important
CVE-2017-11940 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
No No Less Likely Less Likely Critical

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

 
 
Defending Web Applications Security Essentials - SANS Amsterdam September 2018

Johannes

3320 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!