October 2017 - Microsoft Releases 66 Security Patches

  Advisory Date: OCT 11, 2017

  DESCRIPTION

Microsoft addresses several vulnerabilities in its October batch of patches. It also addresses one of several vulnerabilities found in WPA2 via issuing a patch for CVE-2017-13080

  • CVE-2017-8715 - Windows Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.


  • CVE-2017-11823 - Microsoft Windows Security Feature Bypass
    Risk Rating: Important

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.


  • CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handle objects in memory.


  • CVE-2017-11810 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Moderate

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how affected Microsoft scripting engines handle objects in memory.


  • CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by modifying how Microsoft Edge handle objects in memory.


  • CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses.


  • CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.


  • CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.


  • CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.


  • CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.


  • CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability
    Risk Rating: Important

    A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.


  • CVE-2017-8717 - Microsoft JET Database Engine Remote Code Execution Vulnerability
    Risk Rating: Important

    A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.


  • CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Outlook fails to establish a secure connection. An attacker who exploited the vulnerability could use it to obtain the email content of a user. The security update addresses the vulnerability by preventing Outlook from disclosing user email content.


  • CVE-2017-11775 - Microsoft Office SharePoint XSS Vulnerability
    Risk Rating: Important

    A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists when Microsoft Office improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2017-11777 - Microsoft Office SharePoint XSS Vulnerability
    Risk Rating: Important

    A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Office handles objects in memory.


  • CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • ADV170017 - Office Defense in Depth Update
    Risk Rating: Unknown

    Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.


  • CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests. An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The security update addresses the vulnerability by correcting how Skype for Business handles authentication requests.


  • CVE-2017-11820 - Microsoft Office SharePoint XSS Vulnerability
    Risk Rating: Important

    A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-11798 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11799 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Moderate

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11809 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11796 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11797 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.


  • CVE-2017-11806 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11800 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11808 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11807 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11805 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11804 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11811 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11801 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.


  • CVE-2017-11802 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11812 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11821 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11793 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Moderate

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11792 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability
    Risk Rating: Important

    An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The update addresses the vulnerability by correcting how Microsoft storage validates an integrity-level check.


  • ADV170016 - Windows Server 2008 Defense in Depth
    Risk Rating: Unknown

    Microsoft has released an update for Microsoft Windows Server 2008 that provides enhanced security as a defense-in-depth measure.


  • CVE-2017-11783 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.


  • CVE-2017-11769 - TRIE Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


  • CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. The update addresses the vulnerability by modifying how Windows DNSAPI.dll handles DNS responses.


  • CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability
    Risk Rating: Important

    An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.


  • CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.


  • CVE-2017-11784 - Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2017-11817 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.


  • CVE-2017-11814 - Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-11765 - Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles emory addresses.


  • CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses the vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.


  • CVE-2017-8689 - Win32k Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses the vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.


  • ADV170014 - Optional Windows NTLM SSO authentication changes
    Risk Rating: Unknown

    Microsoft is releasing an optional security enhancement to NT LAN Manager (NTLM), limiting which network resources various clients in the Windows 10 or the Windows Server 2016 operating systems can use NTLM Single Sign On(SSO) as an authentication method. When you deploy the new security enhancement with a Network Isolation Policy defining your organization's resources, attackers can no longer redirect a user to a malicious resource outside your organization to obtain the NTLM authentication messages. This new behavior is optional, and requires customers who wish to enable it to opt in via a Windows Registry Setting or other means described below.


  • CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the Microsoft Windows Text Services Framework handles objects in memory.


  • CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. The update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.


  • CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.


  • CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. An unauthenticated attacker who successfully exploits this configuration error could remotely send specially crafted requests to certain services that accept requests via named pipes. The update addresses the vulnerability by correcting the Windows SMB Server default configuration.


  • CVE-2017-11781 - Windows SMB Denial of Service Vulnerability
    Risk Rating: Important

    A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests.


  • CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. The security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.


  • CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability
    Risk Rating: Important

    A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


  • ADV170012 - Vulnerability in TPM could allow Security Feature Bypass
    Risk Rating: Critical

    A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/or firmware updates, you will need to re-enroll in any security services you are running to remediate those services.


  • CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. The security update addresses the vulnerability by correcting how the Delivery Optimization services enforces permissions.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
CVE-2017-11762 1008634 Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE- 2017-11762) 10-Oct-17 YES
CVE-2017-11763 1008635 Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE- 2017-11763) 10-Oct-17 YES
CVE-2017-11793 1008636 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793) 10-Oct-17 YES
CVE-2017-11798 1008637 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE- 2017-11798) 10-Oct-17 YES
CVE-2017-11800 1008638 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE- 2017-11800) 10-Oct-17 YES
CVE-2017-11810 1008639 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810) 10-Oct-17 YES
CVE-2017-11822 1008640 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017- 11822) 10-Oct-17 YES
CVE-2017-8689 1008642 Microsoft Windows Win32k Multiple Elevation of Privilege Vulnerabilities (October-2017) 10-Oct-17 YES
CVE-2017-8694 1008642 Microsoft Windows Win32k Multiple Elevation of Privilege Vulnerabilities (October-2017) 10-Oct-17 YES
CVE-2017-8727 1008643 Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727) 10-Oct-17 YES

Featured Stories