Microsoft October 2017 Patch Tuesday addresses 62 security vulnerabilities in eight of it’s main product categories. Amoung these 28 CVE’s are rated as Critical, 34 are rated as Important.

Microsoft addressed three publicly disclosed issues in the October 2017 Patch Tuesday update, one of them is actively exploited in the wild. The bug which is already being exploited in active attacks resides in Microsoft Office (CVE-2017-11826). It is a memory corruption issue in Microsoft Office. Microsoft says the Windows zero day could allow remote code execution and it affects Microsoft Office 2007, 2010, 2013 and 2016.

Attackers aimed at a small number of organizations and triggered the vulnerability by tricking victims to open malicious RTF files. If that person is the system’s admin, it would allow an attacker to take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted, than users who operate with administrative user rights. Microsoft rates this vulnerability as Important, but since this vulnerability has been exploited in the wild, it is important that all users patch as soon as possible.


Another two vulnerabilities that were publicly disclosed, but have not yet been seen being exploited in the wild are CVE-2017-8703 and CVE-2017-11777.  CVE-2017-8703 is a problem with a feature only present in Windows 10 known as the Windows Subsystem for Linux. It allow attackers to run a specially crafted application and cause denial of service. Users running the latest version of Windows 10 (1703) with the Linux subsystem installed are vulnerable. An attack could lead to permanent denial of service and render the target system inoperable.


CVE-2017-11777, is a cross site scripting vulnerability resides in Microsoft SharePoint Enterprise Server 2013 and 2016.  The vulnerability is due to insufficient sanitization of user-supplied input while handling web request to an affected SharePoint server. An authenticated attacker can send a specially crafted request to an affected SharePoint server and run a script in the security context of the current user. Thus victim’s identity can be used to take actions on the SharePoint site on behalf of the user.


An another important vulnerability is related to Windows’ search service(CVE-2017-11771). This remote code execution vulnerability exists due to improper memory handling by Windows Search service. Successful exploits allow an attacker to execute arbitrary code and take control of the affected system. Failed attacks will cause a denial of service conditions. It can impact both servers and workstations. It can be exploited remotely via SMB to take complete control of a system. While an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya. Microsoft addresses this vulnerability by correcting how Windows Search handles objects in memory.


Aside from the above mentioned vulnerabilities October 2017 Patch Tuesday release also included fix for a remote code execution vulnerability CVE-2017-11779 in DNSAPI. It allows an attacker who successfully exploited the vulnerability to run arbitrary code in the context of the Local System Account. The attacker would only need to be on the same local network or in a man-in-the-middle position to take over a Windows system acting as a DNS server. So it is somewhat alarming. The NSEC3 resource unsafely parses its records, which allows an attacker to use a malicious DNS server to send corrupted DNS responses to the target. Microsoft addresses this vulnerability by modifying how Windows DNSAPI.dll handles DNS responses. It is rated as Critical, and advises that all admins patch immediately.

 

The October security release consists of security updates for the following software:

Microsoft Graphics
Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft Skype for Business and Lync
Microsoft JET Database Engine
Microsoft Windows
Chakra Core

Microsoft security bulletin summary for October 2017:

Product: Microsoft Graphics
CVE’s : CVE-2017-11762, CVE-2017-11763, CVE-2017-11824, CVE-2017-8693, CVE-2017-11816
Impact: Remote Code Execution, Information Disclosure, Elevation of Privilege
Severity Rating: Critical and Important
KB’s: KB4041676, KB4041681, KB4041689, KB4041690, KB4041691, KB4041693, KB4042122, KB4042895, KB4042120, KB4042121

Product: Microsoft Browsers
CVE’s : CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, CVE-2017-11813, CVE-2017-8727, CVE-2017-11797, CVE-2017-11801, CVE-2017-11821, CVE-2017-11822, CVE-2017-11790, CVE-2017-8726, CVE-2017-11794
Impact: Remote Code Execution, Information Disclosure
Severity Rating: Critical and Important
KB’s: KB4041676, KB4040685, KB4041681, KB4042895, KB4041689, KB4041690, KB4041691, KB4041693, KB4042123

Product: Microsoft Office
CVE’s : CVE-2017-11774, CVE-2017-11775, CVE-2017-11776, CVE-2017-11777, CVE-2017-11820, CVE-2017-11825, CVE-2017-11826, CVE-2017-11775,
Impact: Remote Code Execution, Information Disclosure
Severity Rating: Important
KB’s: KB4011162, KB4011178, KB4011196, KB4011180, KB3213623, KB3213630, KB3213648, KB4011068, KB4011194, KB4011217, KB4011222, KB4011231, KB4011232, KB4011236, KB3213627, KB3213647, KB4011157, KB2920723

Product: Microsoft Skype for Business and Lync
CVE : CVE-2017-11786
Impact: Elevation of Privilege
Severity Rating: Important
KB’s: KB4011179, KB4011159

Product: Microsoft JET Database Engine
CVE : CVE-2017-8717, CVE-2017-8718
Impact: Remote Code Execution
Severity Rating: Important
KB’s: KB4041676, KB4041681, KB4041689, KB4041690, KB4041691, KB4041693, KB4042007, KB4042895

Product: Microsoft Windows
CVE’s : CVE-2017-11779, CVE-2017-11771, CVE-2017-11819, CVE-2017-11765, CVE-2017-11769, CVE-2017-11772, CVE-2017-11780, CVE-2017-11781, CVE-2017-11782, CVE-2017-11783, CVE-2017-11784, CVE-2017-11785, CVE-2017-11814, CVE-2017-11817, CVE-2017-11818, CVE-2017-11823, CVE-2017-8689, CVE-2017-8694, CVE-2017-8703, CVE-2017-8715, CVE-2017-11815, CVE-2017-11829
Impact: Remote Code Execution, Information Disclosure, Elevation of Privilege, Denial of Service
Severity Rating: Critical and Important
KB’s: KB4041676, KB4041689, KB4041690, KB4041691, KB4041693, KB4042895, KB4042723

Product: ChakraCore
CVE’s : CVE-2017-11792, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, CVE-2017-11821, CVE-2017-11767
Impact: Remote Code Execution
Severity Rating: Critical
KB’s: KB4041676, KB4041689, KB4041691, KB4042895


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for October 2017
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for October 2017
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>