Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: October 2017 Security Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
October 2017 Security Updates
October 2017 Security Updates
DescriptionMSFT Severity
CVEDisclosed/ExploitedExploitability (old/current)Client SeverityServer Severity
Microsoft Office Remote Code Execution VulnerabilityImportant
CVE 2017-11825No/No?/?CriticalImportant
Internet Explorer Memory Corruption VulnerabilityCritical
CVE 2017-11822No/NoMore Likely/More LikelyCriticalCritical
CVE 2017-11813No/No?/?
Windows Subsystem for Linux Denial of Service VulnerabilityImportant
CVE 2017-8703Yes/No?/?ImportantImportant
Microsoft Edge Memory Corruption VulnerabilityImportant
CVE 2017-8726No/No?/?ImportantImportant
Microsoft Office Memory Corruption VulnerabilityImportant
CVE 2017-11826Yes/YesMore Likely/DetectedPatch NowImportant
Scripting Engine Memory Corruption VulnerabilityCritical
CVE 2017-11821No/No?/?CriticalCritical
CVE 2017-11792No/No?/?
CVE 2017-11793No/NoMore Likely/More Likely
CVE 2017-11796No/No?/?
CVE 2017-11798No/No?/?
CVE 2017-11799No/No?/?
CVE 2017-11800No/No?/?
CVE 2017-11801No/No?/?
CVE 2017-11802No/No?/?
CVE 2017-11804No/No?/?
CVE 2017-11805No/No?/?
CVE 2017-11806No/No?/?
CVE 2017-11807No/No?/?
CVE 2017-11808No/No?/?
CVE 2017-11809No/No?/?
CVE 2017-11810No/NoMore Likely/More Likely
CVE 2017-11811No/No?/?
CVE 2017-11812No/No?/?
Microsoft Windows Security Feature BypassImportant
CVE 2017-11823No/NoMore Likely/More LikelyImportantImportant
Windows SMB Information Disclosure VulnerabilityImportant
CVE 2017-11815No/No?/?ImportantImportant
Windows Shell Memory Corruption VulnerabilityCritical
CVE 2017-8727No/NoMore Likely/More LikelyCriticalCritical
Windows Server 2008 Defense in Depth
ADV170016No/NoLess Likely/Less Likely
Windows Information Disclosure VulnerabilityImportant
CVE 2017-11817No/NoLess Likely/Less LikelyImportantImportant
Internet Explorer Information Disclosure VulnerabilityImportant
CVE 2017-11790No/NoLess Likely/Less LikelyImportantImportant
Microsoft Office SharePoint XSS VulnerabilityImportant
CVE 2017-11775No/NoLess Likely/Less LikelyN/AImportant
CVE 2017-11777Yes/NoLess Likely/Less Likely
CVE 2017-11820No/NoLess Likely/Less Likely
Windows Search Remote Code Execution VulnerabilityCritical
CVE 2017-11771No/NoMore Likely/More LikelyCriticalCritical
Windows Shell Remote Code Execution VulnerabilityCritical
CVE 2017-11819No/No?/?CriticalCritical
Microsoft Outlook Security Feature Bypass VulnerabilityImportant
CVE 2017-11774No/NoLess Likely/Less LikelyImportantImportant
Scripting Engine Information Disclosure VulnerabilityCritical
CVE 2017-11797No/No?/?CriticalCritical
Windows SMB Elevation of Privilege VulnerabilityImportant
CVE 2017-11782No/NoMore Likely/More LikelyImportantImportant
Windows Security Feature Bypass VulnerabilityImportant
CVE 2017-8715No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Information Disclosure VulnerabilityImportant
CVE 2017-8693No/NoMore Likely/More LikelyImportantImportant
Windows Elevation of Privilege VulnerabilityImportant
CVE 2017-11783No/NoMore Likely/More LikelyImportantImportant
Microsoft Search Information Disclosure VulnerabilityImportant
CVE 2017-11772No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Remote Code Execution VulnerabilityCritical
CVE 2017-11762No/NoMore Likely/More LikelyCriticalCritical
CVE 2017-11763No/NoMore Likely/More Likely
Microsoft Outlook Information Disclosure VulnerabilityImportant
CVE 2017-11776No/NoUnlikely/UnlikelyImportantImportant
Skype for Business Elevation of Privilege VulnerabilityImportant
CVE 2017-11786No/NoUnlikely/UnlikelyImportantImportant
Optional Windows NTLM SSO authentication changes
ADV170014No/NoLess Likely/Less Likely
Microsoft Edge Information Disclosure Vulnerability
CVE 2017-11794No/No?/?
Vulnerability in TPM could allow Security Feature BypassCritical
ADV170012No/NoLess Likely/Less LikelyCriticalCritical
Windows DNSAPI Remote Code Execution VulnerabilityCritical
CVE 2017-11779No/NoLess Likely/Less LikelyCriticalCritical
Win32k Elevation of Privilege VulnerabilityImportant
CVE 2017-8689No/NoMore Likely/More LikelyImportantImportant
CVE 2017-8694No/NoMore Likely/More Likely
Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE 2017-11824No/No?/?ImportantImportant
Windows Kernel Information Disclosure VulnerabilityImportant
CVE 2017-11765No/NoMore Likely/More LikelyImportantImportant
CVE 2017-11784No/NoLess Likely/Less Likely
CVE 2017-11785No/NoLess Likely/Less Likely
CVE 2017-11814No/NoMore Likely/More Likely
Windows Update Delivery Optimization Elevation of Privilege VulnerabilityImportant
CVE 2017-11829No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Remote Code Execution VulnerabilityImportant
CVE 2017-11780No/NoMore Likely/More LikelyImportantImportant
Office Defense in Depth UpdateNone
ADV170017No/NoLess Likely/Less LikelyNoneNone
Windows GDI Information Disclosure VulnerabilityImportant
CVE 2017-11816No/NoMore Likely/More LikelyImportantImportant
TRIE Remote Code Execution VulnerabilityImportant
CVE 2017-11769No/NoLess Likely/Less LikelyImportantImportant
Microsoft JET Database Engine Remote Code Execution VulnerabilityImportant
CVE 2017-8717No/NoLess Likely/Less LikelyImportantImportant
CVE 2017-8718No/NoLess Likely/Less Likely
Windows Storage Security Feature Bypass VulnerabilityImportant
CVE 2017-11818No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Denial of Service VulnerabilityImportant
CVE 2017-11781No/NoUnlikely/UnlikelyImportantImportant
 Richard

161 Posts
ISC Handler
Reply Subscribe Oct 10th 2017
6 months ago
More info for CVE-2017-11779: https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

More info for CVE-2017-11826: http://360coresec.blogspot.com/2017/10/new-office-0day-cve-2017-11826.html
 WoodyLeonhard

8 Posts Posts
Reply Quote Oct 10th 2017
6 months ago
I am seeing chatter about the Oct cumulative update causing BSOD issues in Win10.... and it looks like KB4041691 has already been pulled/expired/replaced

This one talks specifically about 1703
https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod

This one talks about 1607
https://www.reddit.com/r/sysadmin/comments/75o0oq/windows_security_updates_broke_30_of_our_machines/
 K-Dee

64 Posts Posts
Reply Quote Oct 11th 2017
6 months ago
What I've been reading about the BSOD situation is that it is caused by a duplicate of updates being pushed through WSUS. That seems to be the source of the problems. People not using WSUS should be fine.

https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod
 Kenton

2 Posts Posts
Reply Quote Oct 12th 2017
6 months ago
None of the CVE links work for me! I get "CVE ID Not Found".
 AAInfoSec

48 Posts Posts
Reply Quote Oct 12th 2017
6 months ago
Since the CVE links are invalid, why isn't there a link provided to each Microsoft KB, or at least list the Microsoft KB #?
 AAInfoSec

48 Posts Posts
Reply Quote Oct 12th 2017
6 months ago

Sign Up for Free or Log In to start participating in the conversation!