Patch Tuesday: Microsoft Security Bulletin Summary for November 2017

  • Post author:
  • Reading time:16 mins read

microsoft patch tuesday

Microsoft Patch Tuesday, November 2017, addresses 53 security vulnerabilities in six of its main product categories. Among these, 19 CVEs are rated as Critical, 31 as Important, and three as moderate. A good Vulnerability Management System can prevent these attacks.

None of the Windows OS patches are rated as critical, and no zero days are patched this month.
But according to Zero-Day Initiative, CVEs can be used to spread malware. Vulnerability Management Tool can resolve these issues.
"CVE-2017-11830 patches a Device Guard security feature bypass vulnerability that would allow malware authors to execute malicious files by making untrusted files seem trusted."
"CVE-2017-11877 fixes an Excel security feature bypass vulnerability that fails to enforce macro settings, which are often used by malware developers."

This month patches also include four publicly known exploits,
CVE-2017-8700 (an information disclosure flaw in ASP.NET Core)
CVE-2017-11827 (Microsoft browsers remote code execution)
CVE-2017-11848 (Internet Explorer information disclosure)
CVE-2017-11883 (denial of service affecting ASP.NET Core)


17-year-old bug invites attackers to install malware remotely:

MS Office components fail to properly handle objects in memory and corrupting memory in such a way that the attacker could execute malicious code in the context of the logged-in user.

Product: All versions of Microsoft Office released in the past 17 years.
CVECVE-2017-11882
Impact: Remote code execution.
Platform: All versions of Windows operating system.


The Microsoft Patch Tuesday November 2017 security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core and .NET Core
  • Chakra Core

Microsoft security bulletin summary for November 2017:


1)Product: Internet Explorer
CVE’s : CVE-2017-11791, CVE-2017-11827, CVE-2017-11834, CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846, CVE-2017-11848, CVE-2017-11855, CVE-2017-11856, CVE-2017-11858, CVE-2017-11869
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.
KB’s: KB4042895, KB4047206, KB4048952, KB4048953, KB4048954, KB4048955, KB4048956, KB4048957, KB4048958, KB4048959


2)Product: Microsoft Edge
CVE’s : CVE-2017-11791, CVE-2017-11803, CVE-2017-11827, CVE-2017-11833, CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11844, CVE-2017-11845, CVE-2017-11846, CVE-2017-11858, CVE-2017-11861, CVE-2017-11862, CVE-2017-11863, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, CVE-2017-11872, CVE-2017-11873, CVE-2017-11874
Impact: Remote Code Execution, Information Disclosure, Security Feature Bypass.
Severity Rating: Critical and Important
KB’s: KB4048952, KB4048953, KB4048954, KB4048955, KB4048956


3)Product: Microsoft Windows
CVE’s : CVE-2017-11768, CVE-2017-11788, CVE-2017-11830, CVE-2017-11831, CVE-2017-11832, CVE-2017-11835, CVE-2017-11842, CVE-2017-11847, CVE-2017-11849, CVE-2017-11850, CVE-2017-11851, CVE-2017-11852, CVE-2017-11853, CVE-2017-11880, CVE-2017-13080
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Security Feature Bypass
Severity Rating: Important
KB’s: KB4041676, KB4041678, KB4041679, KB4041681, KB4041687, KB4041689, KB4041690, KB4041691, KB4041693, KB4042723, KB4042895, KB4046184, KB4047211, KB4048952, KB4048953, KB4048954, KB4048955, KB4048956, KB4048957, KB4048958, KB4048959, KB4048960, KB4048961, KB4048962, KB4048968, KB4048970, KB4049164


4)Product: Microsoft Office and Microsoft Office Services and Web Apps
CVE’s : CVE-2017-11854, CVE-2017-11876, CVE-2017-11877, CVE-2017-11878, CVE-2017-11882, CVE-2017-11884
Impact: Elevation of Privilege, Remote Code Execution, Security Feature Bypass
Severity Rating: Important
KB’s: KB2553204, KB3162047, KB4011197, KB4011199, KB4011205, KB4011206, KB4011220, KB4011233, KB4011242, KB4011244, KB4011245, KB4011247, KB4011250, KB4011257, KB4011262, KB4011264, KB4011265, KB4011266, KB4011267, KB4011268, KB4011270, KB4011271, KB4011276


5)Product: ASP.NET Core and .NET Core
CVE’s : CVE-2017-11770, CVE-2017-11879, CVE-2017-11883, CVE-2017-8700
Impact: Denial of Service, Elevation of Privilege, Information Disclosure
Severity Rating: Important


6)Product: Chakra Core
CVE’s : CVE-2017-11791, CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, CVE-2017-11873, CVE-2017-11874
Impact: Remote Code Execution, Information Disclosure, Security Feature Bypass
Severity Rating: Critical and Important


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.