Patch Tuesday is back again with 53 security vulnerabilities this time. As usual, Microsoft has released updates for its various products. We strongly recommend patching all these latest security patches right away to avoid unnecessary security breaches, while installing the non-security patches at your discretion.
Microsoft security updates
Microsoft Patch Tuesday for November 2017 includes security updates for the following products:
- Internet Explorer
- Windows OS
- Microsoft Office
- Microsoft Office Services and Web Apps
- Microsoft Edge
- ASP.NET Core
- .NET Core
- Chakra Core
Unlike other Patch Tuesday updates, this month, there were no exploited zero-day vulnerabilities reported. However, four zero-day vulnerabilities that haven’t been exploited have been identified:
- CVE-2017-8700 (ASP.NET Core information disclosure)
- CVE-2017-11827 (Microsoft browser memory corruption)
- CVE-2017-11848 (Internet Explorer information disclosure)
- CVE-2017-11883 (ASP.NET Core denial of service)
Patch Tuesday for November 2017 includes two high priority security advisories, one for delivering updates to Flash, the other for delivering various security-related patches to Office Suite products.
High-priority security vulnerabilities
Microsoft Patch Tuesday for November 2017 contains two stand-alone security fixes that have to be patched immediately to avoid providing cyber criminals any loopholes:
- CVE-2017-11830 vulnerability in Windows Defender Device Guard allows attackers to bypass the application and execute commands remotely.
- CVE-2017-1187 vulnerability allows hackers to get past Microsoft Excel’s protection against macro execution.
Some quick advice: If you use Excel or Defender Device Guard on your network, it’s highly recommended to patch your computers right away. Both of these vulnerabilities pose a major threat to the security of your IT.
Although patching tends to focus on security updates, Patch Tuesday November 2017 also comes with some non-security patches.
- Microsoft Office Publisher 2007 (KB4011203)
- Microsoft Office 2010 (KB4011188)
- Microsoft Office 2013 (KB3172533, KB4011228, KB4011229)
- Microsoft OneNote 2013 (KB4011075)
- Microsoft Outlook 2013 (KB4011252)
- Microsoft PowerPoint 2013 (KB4011168)
- Microsoft Project 2013 (KB4011235)
- Microsoft Word 2013 (KB3162081)
- Skype 2015 (KB4011255)
- Microsoft Office 2016 (KB4011138, KB4011216, KB4011223, KB4011224,KB4011226, KB4011259)
- Microsoft Office 2016 Language Interface Pack (KB4011145)
- Microsoft OneNote 2016 (KB4011137)
- Microsoft Outlook 2016 (KB4011240)
- Microsoft PowerPoint 2016 (KB4011219)
- Microsoft Project 2016 (KB4011227)
- Skype 2016 (KB4011238)
The complete list of Microsoft Patch Tuesday November 2017 updates is also available.
If your enterprise only has a limited number of Microsoft products that fall under this month’s Patch Tuesday updates, then you can filter your products and apply the security and non-security patches accordingly.
Just in time for Microsoft Patch Tuesday November, Adobe has also released a security update for Flash Player.
- Security updates available for Flash Player | APSB17-33
This above vulnerability has the potential to become a gateway for remote code executions, so Adobe advises patching them immediately. You can get more details about the latest Adobe updates here. If you want to read more about last month’s security updates, check out our Patch Tuesday October 2017 blog.
Patching all these solutions may be overwhelming, but if you have an exclusive patch management solution like Patch Manager Plus or a complete endpoint management solution like Desktop Central, then the process becomes a snap.
Looking for more information about Patch Tuesday? We also host a webinar each month covering all the latest Patch Tuesday updates. If you’re interested, then register here. The next one is on November 16th, and we’ll be discussing and analyzing Patch Tuesday November 2017 in-depth. Hope to see you there!