December 2017 - Microsoft Releases 34 Security Patches

  Advisory Date: DEC 13, 2017

  DESCRIPTION

Microsoft addresses several vulnerabilities in its December batch of patches, several of which addresses remote code execution vulnerabilities.

  • CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.


  • CVE-2017-11889 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11890 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11893 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11895 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.


  • CVE-2017-11901 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11903 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11906 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Low

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11908 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11909 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11910 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11911 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11912 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11913 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11914 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11918 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.


  • CVE-2017-11930 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability
    Risk Rating: Important

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how OWA validates web requests.


  • CVE-2017-11937 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.


  • CVE-2017-11886 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11887 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Low

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-11894 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11907 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11905 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11916 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.


  • CVE-2017-11919 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. The update addresses the vulnerability by changing the way certain functions handle objects in memory.


  • CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails. The security update addresses the vulnerability by correcting how Microsoft Outlook enforces DRM copy/paste permissions.


  • CVE-2017-11940 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
CVE-2017-11893 1008774 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893) 12-Dec-17 YES
CVE-2107-11914 1008783 MMicrosoft Edge Memory Corruption Vulnerability (CVE-2017-11914) 12-Dec-17 YES
CVE-2017-11930 1008787 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930) 12-Dec-17 YES
CVE-2017-11903 1008778 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903) 12-Dec-17 YES
CVE-2017-8710 1008672 Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710) 12-Dec-17 YES
CVE-2017-11811 1008682 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811) 12-Dec-17 YES
CVE-2017-11894 1008775 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894) 12-Dec-17 YES
CVE-2017-11909 1008780 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909) 12-Dec-17 YES
CVE-2017-11895 1008776 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895) 12-Dec-17 YES
CVE-2017-11916 1008784 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916) 12-Dec-17 YES
CVE-2017-11901 1008777 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901) 12-Dec-17 YES
CVE-2017-11889 1008772 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889) 12-Dec-17 YES
CVE-2017-11888 1008771 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888) 12-Dec-17 YES
CVE-2017-11937 1008789 Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937) 12-Dec-17 YES
CVE-2017-11913 1008782 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913) 12-Dec-17 YES
CVE-2017-11911 1008781 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911) 12-Dec-17 YES
CVE-2017-11918 1008785 Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918) 12-Dec-17 YES
CVE-2017-11886 1008770 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886) 12-Dec-17 YES
CVE-2017-11907 1008779 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907) 12-Dec-17 YES
CVE-2017-11890 1008773 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890) 12-Dec-17 YES
CVE-2017-11885 1008769 Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885) 12-Dec-17 YES
CVE-2017-11935 1008788 Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935) 12-Dec-17 YES

Featured Stories