Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: October 2017 Security Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
October 2017 Security Updates
October 2017 Security Updates
DescriptionMSFT Severity
CVEDisclosed/ExploitedExploitability (old/current)Client SeverityServer Severity
Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2017-11825No/No?/?CriticalImportant
Internet Explorer Memory Corruption VulnerabilityCritical
CVE-2017-11822No/NoMore Likely/More LikelyCriticalCritical
CVE-2017-11813No/No?/?
Windows Subsystem for Linux Denial of Service VulnerabilityImportant
CVE-2017-8703Yes/No?/?ImportantImportant
Microsoft Edge Memory Corruption VulnerabilityImportant
CVE-2017-8726No/No?/?ImportantImportant
Microsoft Office Memory Corruption VulnerabilityImportant
CVE-2017-11826Yes/YesMore Likely/DetectedPatch NowImportant
Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2017-11821No/No?/?CriticalCritical
CVE-2017-11792No/No?/?
CVE-2017-11793No/NoMore Likely/More Likely
CVE-2017-11796No/No?/?
CVE-2017-11798No/No?/?
CVE-2017-11799No/No?/?
CVE-2017-11800No/No?/?
CVE-2017-11801No/No?/?
CVE-2017-11802No/No?/?
CVE-2017-11804No/No?/?
CVE-2017-11805No/No?/?
CVE-2017-11806No/No?/?
CVE-2017-11807No/No?/?
CVE-2017-11808No/No?/?
CVE-2017-11809No/No?/?
CVE-2017-11810No/NoMore Likely/More Likely
CVE-2017-11811No/No?/?
CVE-2017-11812No/No?/?
Microsoft Windows Security Feature BypassImportant
CVE-2017-11823No/NoMore Likely/More LikelyImportantImportant
Windows SMB Information Disclosure VulnerabilityImportant
CVE-2017-11815No/No?/?ImportantImportant
Windows Shell Memory Corruption VulnerabilityCritical
CVE-2017-8727No/NoMore Likely/More LikelyCriticalCritical
Windows Server 2008 Defense in Depth
ADV170016No/NoLess Likely/Less Likely
Windows Information Disclosure VulnerabilityImportant
CVE-2017-11817No/NoLess Likely/Less LikelyImportantImportant
Internet Explorer Information Disclosure VulnerabilityImportant
CVE-2017-11790No/NoLess Likely/Less LikelyImportantImportant
Microsoft Office SharePoint XSS VulnerabilityImportant
CVE-2017-11775No/NoLess Likely/Less LikelyN/AImportant
CVE-2017-11777Yes/NoLess Likely/Less Likely
CVE-2017-11820No/NoLess Likely/Less Likely
Windows Search Remote Code Execution VulnerabilityCritical
CVE-2017-11771No/NoMore Likely/More LikelyCriticalCritical
Windows Shell Remote Code Execution VulnerabilityCritical
CVE-2017-11819No/No?/?CriticalCritical
Microsoft Outlook Security Feature Bypass VulnerabilityImportant
CVE-2017-11774No/NoLess Likely/Less LikelyImportantImportant
Scripting Engine Information Disclosure VulnerabilityCritical
CVE-2017-11797No/No?/?CriticalCritical
Windows SMB Elevation of Privilege VulnerabilityImportant
CVE-2017-11782No/NoMore Likely/More LikelyImportantImportant
Windows Security Feature Bypass VulnerabilityImportant
CVE-2017-8715No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Information Disclosure VulnerabilityImportant
CVE-2017-8693No/NoMore Likely/More LikelyImportantImportant
Windows Elevation of Privilege VulnerabilityImportant
CVE-2017-11783No/NoMore Likely/More LikelyImportantImportant
Microsoft Search Information Disclosure VulnerabilityImportant
CVE-2017-11772No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Remote Code Execution VulnerabilityCritical
CVE-2017-11762No/NoMore Likely/More LikelyCriticalCritical
CVE-2017-11763No/NoMore Likely/More Likely
Microsoft Outlook Information Disclosure VulnerabilityImportant
CVE-2017-11776No/NoUnlikely/UnlikelyImportantImportant
Skype for Business Elevation of Privilege VulnerabilityImportant
CVE-2017-11786No/NoUnlikely/UnlikelyImportantImportant
Optional Windows NTLM SSO authentication changes
ADV170014No/NoLess Likely/Less Likely
Microsoft Edge Information Disclosure Vulnerability
CVE-2017-11794No/No?/?
Vulnerability in TPM could allow Security Feature BypassCritical
ADV170012No/NoLess Likely/Less LikelyCriticalCritical
Windows DNSAPI Remote Code Execution VulnerabilityCritical
CVE-2017-11779No/NoLess Likely/Less LikelyCriticalCritical
Win32k Elevation of Privilege VulnerabilityImportant
CVE-2017-8689No/NoMore Likely/More LikelyImportantImportant
CVE-2017-8694No/NoMore Likely/More Likely
Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2017-11824No/No?/?ImportantImportant
Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2017-11765No/NoMore Likely/More LikelyImportantImportant
CVE-2017-11784No/NoLess Likely/Less Likely
CVE-2017-11785No/NoLess Likely/Less Likely
CVE-2017-11814No/NoMore Likely/More Likely
Windows Update Delivery Optimization Elevation of Privilege VulnerabilityImportant
CVE-2017-11829No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Remote Code Execution VulnerabilityImportant
CVE-2017-11780No/NoMore Likely/More LikelyImportantImportant
Office Defense in Depth UpdateNone
ADV170017No/NoLess Likely/Less LikelyNoneNone
Windows GDI Information Disclosure VulnerabilityImportant
CVE-2017-11816No/NoMore Likely/More LikelyImportantImportant
TRIE Remote Code Execution VulnerabilityImportant
CVE-2017-11769No/NoLess Likely/Less LikelyImportantImportant
Microsoft JET Database Engine Remote Code Execution VulnerabilityImportant
CVE-2017-8717No/NoLess Likely/Less LikelyImportantImportant
CVE-2017-8718No/NoLess Likely/Less Likely
Windows Storage Security Feature Bypass VulnerabilityImportant
CVE-2017-11818No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Denial of Service VulnerabilityImportant
CVE-2017-11781No/NoUnlikely/UnlikelyImportantImportant
 Richard

167 Posts
ISC Handler
Subscribe Oct 10th 2017
1 year ago
More info for CVE-2017-11779: https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

More info for CVE-2017-11826: http://360coresec.blogspot.com/2017/10/new-office-0day-cve-2017-11826.html
 WoodyLeonhard

8 Posts
Quote Oct 10th 2017
1 year ago
I am seeing chatter about the Oct cumulative update causing BSOD issues in Win10.... and it looks like KB4041691 has already been pulled/expired/replaced

This one talks specifically about 1703
https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod

This one talks about 1607
https://www.reddit.com/r/sysadmin/comments/75o0oq/windows_security_updates_broke_30_of_our_machines/
 K-Dee

63 Posts
Quote Oct 11th 2017
1 year ago
What I've been reading about the BSOD situation is that it is caused by a duplicate of updates being pushed through WSUS. That seems to be the source of the problems. People not using WSUS should be fine.

https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod
 Kenton

2 Posts
Quote Oct 12th 2017
1 year ago
None of the CVE links work for me! I get "CVE ID Not Found".
 AAInfoSec

48 Posts
Quote Oct 12th 2017
1 year ago
Since the CVE links are invalid, why isn't there a link provided to each Microsoft KB, or at least list the Microsoft KB #?
 AAInfoSec

48 Posts
Quote Oct 12th 2017
1 year ago

Sign Up for Free or Log In to start participating in the conversation!