Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: October 2017 Security Updates SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
October 2017 Security Updates
October 2017 Security Updates
DescriptionMSFT Severity
CVEDisclosed/ExploitedExploitability (old/current)Client SeverityServer Severity
Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2017-11825No/No?/?CriticalImportant
Internet Explorer Memory Corruption VulnerabilityCritical
CVE-2017-11822No/NoMore Likely/More LikelyCriticalCritical
CVE-2017-11813No/No?/?
Windows Subsystem for Linux Denial of Service VulnerabilityImportant
CVE-2017-8703Yes/No?/?ImportantImportant
Microsoft Edge Memory Corruption VulnerabilityImportant
CVE-2017-8726No/No?/?ImportantImportant
Microsoft Office Memory Corruption VulnerabilityImportant
CVE-2017-11826Yes/YesMore Likely/DetectedPatch NowImportant
Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2017-11821No/No?/?CriticalCritical
CVE-2017-11792No/No?/?
CVE-2017-11793No/NoMore Likely/More Likely
CVE-2017-11796No/No?/?
CVE-2017-11798No/No?/?
CVE-2017-11799No/No?/?
CVE-2017-11800No/No?/?
CVE-2017-11801No/No?/?
CVE-2017-11802No/No?/?
CVE-2017-11804No/No?/?
CVE-2017-11805No/No?/?
CVE-2017-11806No/No?/?
CVE-2017-11807No/No?/?
CVE-2017-11808No/No?/?
CVE-2017-11809No/No?/?
CVE-2017-11810No/NoMore Likely/More Likely
CVE-2017-11811No/No?/?
CVE-2017-11812No/No?/?
Microsoft Windows Security Feature BypassImportant
CVE-2017-11823No/NoMore Likely/More LikelyImportantImportant
Windows SMB Information Disclosure VulnerabilityImportant
CVE-2017-11815No/No?/?ImportantImportant
Windows Shell Memory Corruption VulnerabilityCritical
CVE-2017-8727No/NoMore Likely/More LikelyCriticalCritical
Windows Server 2008 Defense in Depth
ADV170016No/NoLess Likely/Less Likely
Windows Information Disclosure VulnerabilityImportant
CVE-2017-11817No/NoLess Likely/Less LikelyImportantImportant
Internet Explorer Information Disclosure VulnerabilityImportant
CVE-2017-11790No/NoLess Likely/Less LikelyImportantImportant
Microsoft Office SharePoint XSS VulnerabilityImportant
CVE-2017-11775No/NoLess Likely/Less LikelyN/AImportant
CVE-2017-11777Yes/NoLess Likely/Less Likely
CVE-2017-11820No/NoLess Likely/Less Likely
Windows Search Remote Code Execution VulnerabilityCritical
CVE-2017-11771No/NoMore Likely/More LikelyCriticalCritical
Windows Shell Remote Code Execution VulnerabilityCritical
CVE-2017-11819No/No?/?CriticalCritical
Microsoft Outlook Security Feature Bypass VulnerabilityImportant
CVE-2017-11774No/NoLess Likely/Less LikelyImportantImportant
Scripting Engine Information Disclosure VulnerabilityCritical
CVE-2017-11797No/No?/?CriticalCritical
Windows SMB Elevation of Privilege VulnerabilityImportant
CVE-2017-11782No/NoMore Likely/More LikelyImportantImportant
Windows Security Feature Bypass VulnerabilityImportant
CVE-2017-8715No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Information Disclosure VulnerabilityImportant
CVE-2017-8693No/NoMore Likely/More LikelyImportantImportant
Windows Elevation of Privilege VulnerabilityImportant
CVE-2017-11783No/NoMore Likely/More LikelyImportantImportant
Microsoft Search Information Disclosure VulnerabilityImportant
CVE-2017-11772No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Remote Code Execution VulnerabilityCritical
CVE-2017-11762No/NoMore Likely/More LikelyCriticalCritical
CVE-2017-11763No/NoMore Likely/More Likely
Microsoft Outlook Information Disclosure VulnerabilityImportant
CVE-2017-11776No/NoUnlikely/UnlikelyImportantImportant
Skype for Business Elevation of Privilege VulnerabilityImportant
CVE-2017-11786No/NoUnlikely/UnlikelyImportantImportant
Optional Windows NTLM SSO authentication changes
ADV170014No/NoLess Likely/Less Likely
Microsoft Edge Information Disclosure Vulnerability
CVE-2017-11794No/No?/?
Vulnerability in TPM could allow Security Feature BypassCritical
ADV170012No/NoLess Likely/Less LikelyCriticalCritical
Windows DNSAPI Remote Code Execution VulnerabilityCritical
CVE-2017-11779No/NoLess Likely/Less LikelyCriticalCritical
Win32k Elevation of Privilege VulnerabilityImportant
CVE-2017-8689No/NoMore Likely/More LikelyImportantImportant
CVE-2017-8694No/NoMore Likely/More Likely
Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2017-11824No/No?/?ImportantImportant
Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2017-11765No/NoMore Likely/More LikelyImportantImportant
CVE-2017-11784No/NoLess Likely/Less Likely
CVE-2017-11785No/NoLess Likely/Less Likely
CVE-2017-11814No/NoMore Likely/More Likely
Windows Update Delivery Optimization Elevation of Privilege VulnerabilityImportant
CVE-2017-11829No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Remote Code Execution VulnerabilityImportant
CVE-2017-11780No/NoMore Likely/More LikelyImportantImportant
Office Defense in Depth UpdateNone
ADV170017No/NoLess Likely/Less LikelyNoneNone
Windows GDI Information Disclosure VulnerabilityImportant
CVE-2017-11816No/NoMore Likely/More LikelyImportantImportant
TRIE Remote Code Execution VulnerabilityImportant
CVE-2017-11769No/NoLess Likely/Less LikelyImportantImportant
Microsoft JET Database Engine Remote Code Execution VulnerabilityImportant
CVE-2017-8717No/NoLess Likely/Less LikelyImportantImportant
CVE-2017-8718No/NoLess Likely/Less Likely
Windows Storage Security Feature Bypass VulnerabilityImportant
CVE-2017-11818No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Denial of Service VulnerabilityImportant
CVE-2017-11781No/NoUnlikely/UnlikelyImportantImportant
 Richard

167 Posts
ISC Handler
Oct 10th 2017
Subscribe Oct 10th 2017
2 years ago
More info for CVE-2017-11779: https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

More info for CVE-2017-11826: http://360coresec.blogspot.com/2017/10/new-office-0day-cve-2017-11826.html
 WoodyLeonhard

9 Posts
Quote Oct 10th 2017
2 years ago
I am seeing chatter about the Oct cumulative update causing BSOD issues in Win10.... and it looks like KB4041691 has already been pulled/expired/replaced

This one talks specifically about 1703
https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod

This one talks about 1607
https://www.reddit.com/r/sysadmin/comments/75o0oq/windows_security_updates_broke_30_of_our_machines/
 K-Dee

63 Posts
Quote Oct 11th 2017
2 years ago
What I've been reading about the BSOD situation is that it is caused by a duplicate of updates being pushed through WSUS. That seems to be the source of the problems. People not using WSUS should be fine.

https://www.neowin.net/news/windows-10-mandatory-october-kb4041676-update-is-causing-machines-to-bsod
 Kenton

2 Posts
Quote Oct 12th 2017
2 years ago
None of the CVE links work for me! I get "CVE ID Not Found".
 AAInfoSec

48 Posts
Quote Oct 12th 2017
2 years ago
Since the CVE links are invalid, why isn't there a link provided to each Microsoft KB, or at least list the Microsoft KB #?
 AAInfoSec

48 Posts
Quote Oct 12th 2017
2 years ago

Sign Up for Free or Log In to start participating in the conversation!