Patch Tuesday: Microsoft Security Bulletin Summary for December 2017

  • Post author:
  • Reading time:11 mins read

Microsoft patch update December 2017 Patch Tuesday addresses 32 security vulnerabilities in six of its main product categories. Among these 20 CVE’s are rated as Critical, and 12 are rated as Important.

None of the Windows OS patches are rated as critical, and there are no zero days patched in this month, although Internet Explorer with 13 patched vulnerabilities (9 critical) and Edge with 13 vulnerabilities (12 critical) should certainly turn your head.

Also last week Microsoft Security Bulletin December 2017 has released the out-of-band update to fix a critical issue in its Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937) and should  be given a high priority. This patch corrects a bug that allows remote code execution if the Malware Protection Engine scans a maliciously crafted file. If the Malware Protection Engine scans a jimmied file, the file can run  any commands. Because the MPE instance will run all the time in the background.

Some of the more interesting patches are:

CVE-2017-11927 – Microsoft Windows Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL.  Successful exploitation of this vulnerability allows attacker to disclose the user’s NTLM hash and  a brute-force attack to disclose the corresponding hash password.

This vulnerability takes control of Internet Explorer and CHM (compressed help) files. InfoTech Storage Format (ITS) is the storage format used in CHM files. Internet Explorer uses several different ITS protocol handlers, including ms-its, ms-itss, its, and mk:@MSITStore to access components inside CHM files. It is possible to access remote content using ITS outside of the Local Machine Zone as it allows attackers who trick users into browsing to a malicious website or to malicious SMB destinations to leak info. If an attacker can get the target to disclose the user’s NTLM hash, they could then attempt a brute-force attack to obtain the corresponding password. Patch resolves an information disclosure vulnerability in the Windows ‘its://’ protocol handler.

CVE-2017-11899 – Microsoft Windows Security Feature Bypass Vulnerability
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute.

The December security release consists of security updates for the following software:
– Internet Explorer
– Microsoft Edge
– Microsoft Windows
– Microsoft Office and Microsoft Office Services and Web Apps
– Microsoft Exchange Server
– ChakraCore
– Microsoft Malware Protection Engine.

Microsoft security bulletin summary for December 2017:

Product: Internet Explorer
CVE’s : CVE-2017-11886, CVE-2017-11887, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11906, CVE-2017-11907, CVE-2017-11912, CVE-2017-11913, CVE-2017-11919, and CVE-2017-11930
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.
KB’s: KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517, KB4054518, KB4054519, and KB4054520

Product: Microsoft Edge
CVE’s : CVE-2017-11888, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11919
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.
KB’s: KB4053578, KB4053579, KB4053580, KB4053581, and KB4054517

Product: Microsoft Windows
CVE’s : CVE-2017-11885, CVE-2017-11899, and CVE-2017-11927
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.
KB’s: KB4052303, KB4053473, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517, KB4054518, KB4054519, KB4054520, KB4054521, KB4054522,  and KB4054523

Product:   Microsoft Office and Microsoft Office Services and Web Apps
CVE’s :  CVE-2017-11934, CVE-2017-11935, CVE-2017-11936, and CVE-2017-11939
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.
KB’s: KB4011095, KB4011277, KB4011575, KB4011576, KB4011590, KB4011608, KB4011612, and KB4011614

Product:  Microsoft Exchange Server
CVE’s : CVE-2017-11932
Impact: Spoofing
Severity Rating: Important.
KB’s:  KB4045655

Product: ChakraCore
CVE’s :  CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, CVE-2017-11919, and CVE-2017-11930
Impact: Remote Code Execution, Information Disclosure.
Severity Rating: Critical and Important.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.