December 2017 - Microsoft Releases 34 Security Patches
Publish date: December 13, 2017
Advisory Date: DEC 13, 2017
DESCRIPTION
Microsoft addresses several vulnerabilities in its December batch of patches, several of which addresses remote code execution vulnerabilities.
- CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests. - CVE-2017-11889 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11890 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11893 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11895 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability
Risk Rating: Important
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. The update addresses the vulnerability by correcting how Device Guard handles untrusted files. - CVE-2017-11901 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11903 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11906 - Scripting Engine Information Disclosure Vulnerability
Risk Rating: Low
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11908 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11909 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11910 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11911 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11912 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11913 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11914 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11918 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request. - CVE-2017-11930 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability
Risk Rating: Important
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how OWA validates web requests. - CVE-2017-11937 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files. - CVE-2017-11886 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11887 - Scripting Engine Information Disclosure Vulnerability
Risk Rating: Low
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. - CVE-2017-11894 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11907 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. - CVE-2017-11905 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. - CVE-2017-11916 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. - CVE-2017-11919 - Scripting Engine Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. - CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. The update addresses the vulnerability by changing the way certain functions handle objects in memory. - CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory. - CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability
Risk Rating: Important
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. - CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability
Risk Rating: Important
An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails. The security update addresses the vulnerability by correcting how Microsoft Outlook enforces DRM copy/paste permissions. - CVE-2017-11940 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Risk Rating: Critical
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
CVE-2017-11893 | 1008774 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893) | 12-Dec-17 | YES |
CVE-2107-11914 | 1008783 | MMicrosoft Edge Memory Corruption Vulnerability (CVE-2017-11914) | 12-Dec-17 | YES |
CVE-2017-11930 | 1008787 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930) | 12-Dec-17 | YES |
CVE-2017-11903 | 1008778 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903) | 12-Dec-17 | YES |
CVE-2017-8710 | 1008672 | Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710) | 12-Dec-17 | YES |
CVE-2017-11811 | 1008682 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811) | 12-Dec-17 | YES |
CVE-2017-11894 | 1008775 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894) | 12-Dec-17 | YES |
CVE-2017-11909 | 1008780 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909) | 12-Dec-17 | YES |
CVE-2017-11895 | 1008776 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895) | 12-Dec-17 | YES |
CVE-2017-11916 | 1008784 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916) | 12-Dec-17 | YES |
CVE-2017-11901 | 1008777 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901) | 12-Dec-17 | YES |
CVE-2017-11889 | 1008772 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889) | 12-Dec-17 | YES |
CVE-2017-11888 | 1008771 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888) | 12-Dec-17 | YES |
CVE-2017-11937 | 1008789 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937) | 12-Dec-17 | YES |
CVE-2017-11913 | 1008782 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913) | 12-Dec-17 | YES |
CVE-2017-11911 | 1008781 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911) | 12-Dec-17 | YES |
CVE-2017-11918 | 1008785 | Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918) | 12-Dec-17 | YES |
CVE-2017-11886 | 1008770 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886) | 12-Dec-17 | YES |
CVE-2017-11907 | 1008779 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907) | 12-Dec-17 | YES |
CVE-2017-11890 | 1008773 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890) | 12-Dec-17 | YES |
CVE-2017-11885 | 1008769 | Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885) | 12-Dec-17 | YES |
CVE-2017-11935 | 1008788 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935) | 12-Dec-17 | YES |
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more