Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ================================
- Make MS Bulletin Great Again / MMSBGA
- --------------------------------
- Microsoft Security Bulletin for: 11-2017
- Update ID:{2017-Nov}
- Release date:{2017-11-16T08:00:00Z}
- Real release date:{2017-11-16T08:00:00Z} (mmsbga patch)
- Alias:{2017-Nov}
- Title:{November 2017 Security Updates}
- --------------------------------
- MS17-148 Vulnerabilities in Internet Explorer (12 CVE)
- Affected:
- ChakraCore
- Internet Explorer 10 on Windows Server 2012
- Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems
- Internet Explorer 11 on Windows 10 for 32-bit Systems
- Internet Explorer 11 on Windows 10 for x64-based Systems
- Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
- Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
- Internet Explorer 11 on Windows 8.1 for 32-bit systems
- Internet Explorer 11 on Windows 8.1 for x64-based systems
- Internet Explorer 11 on Windows RT 8.1
- Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Internet Explorer 11 on Windows Server 2012 R2
- Internet Explorer 11 on Windows Server 2016
- Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
- Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1703 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1709 for 64-based Systems
- Microsoft Edge on Windows 10 for 32-bit Systems
- Microsoft Edge on Windows 10 for x64-based Systems
- Microsoft Edge on Windows Server 2016
- Exploit:
- 9 x Remote Code Execution
- 3 x Information Disclosure
- Published: CVE-2017-11848, CVE-2017-11827
- Credits:
- The UK s National Cyber Security Centre (NCSC) (CVE-2017-11838)
- Hui Gao and Zhanglin He de Palo Alto Networks, Anonymous par Trend Micro's Zero Day Initiative (CVE-2017-11856)
- Hui Gao de Palo Alto Networks and Heige (a.k.a. SuperHei) de Knownsec 404 Security Team (CVE-2017-11855)
- Wei de Qihoo 360 Vulcan Team, Qixun Zhao de Qihoo 360 Vulcan Team (CVE-2017-11837)
- Yuki Chen de Qihoo 360 Vulcan team (CVE-2017-11846)
- Hui Gao de Palo Alto Networks (CVE-2017-11834, CVE-2017-11791)
- Anonymous par Trend Micro's Zero Day Initiative (CVE-2017-11869)
- Huang Anwen de ichunqiu Ker Team par Trend Micro's Zero Day Initiative (CVE-2017-11858)
- Cybellum Technologies LTD (CVE-2017-11827)
- Wei de Qihoo 360 Vulcan Team (CVE-2017-11843)
- ? (CVE-2017-11848)
- MS17-149 Vulnerabilities in Edge (24 CVE)
- Affected:
- ChakraCore
- Internet Explorer 10 on Windows Server 2012
- Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems
- Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems
- Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems
- Internet Explorer 11 on Windows 10 for 32-bit Systems
- Internet Explorer 11 on Windows 10 for x64-based Systems
- Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
- Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
- Internet Explorer 11 on Windows 8.1 for 32-bit systems
- Internet Explorer 11 on Windows 8.1 for x64-based systems
- Internet Explorer 11 on Windows RT 8.1
- Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Internet Explorer 11 on Windows Server 2012 R2
- Internet Explorer 11 on Windows Server 2016
- Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
- Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1511 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1607 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1703 for x64-based Systems
- Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems
- Microsoft Edge on Windows 10 Version 1709 for 64-based Systems
- Microsoft Edge on Windows 10 for 32-bit Systems
- Microsoft Edge on Windows 10 for x64-based Systems
- Microsoft Edge on Windows Server 2016
- Exploit:
- 3 x Security Feature Bypass
- 17 x Remote Code Execution
- 4 x Information Disclosure
- Published: CVE-2017-11827
- Credits:
- The UK s National Cyber Security Centre (NCSC) (CVE-2017-11838)
- Hui Gao de Palo Alto Networks (CVE-2017-11791)
- Omair (CVE-2017-11845)
- Yuki Chen de Qihoo 360 Vulcan team (CVE-2017-11846)
- Omair, Debasish Mandal (@debasishm89) de McAfee IPS Vulnerability Research (CVE-2017-11844)
- Wei de Qihoo 360 Vulcan Team, Qixun Zhao de Qihoo 360 Vulcan Team (CVE-2017-11837)
- Stefano Calzavara and Alvise Rabitti de Universit Ca'Foscari, Venezia (CVE-2017-11863)
- Alexander Inf hr (@insertScript) de Cure53 (CVE-2017-11833)
- Liu Long de Qihoo 360Vulcan Team (CVE-2017-11803)
- Microsoft ChakraCore Team (CVE-2017-11836, CVE-2017-11862)
- Ivan Fratric de Google Project Zero. (CVE-2017-11874)
- Huang Anwen de ichunqiu Ker Team par Trend Micro's Zero Day Initiative (CVE-2017-11858)
- Prakash Sharma (@1lastBr3ath) (CVE-2017-11872)
- Cybellum Technologies LTD (CVE-2017-11827)
- Wei de Qihoo 360 Vulcan Team (CVE-2017-11843)
- ? (CVE-2017-11871, CVE-2017-11870, CVE-2017-11866)
- Lokihardt de Google Project Zero (CVE-2017-11839, CVE-2017-11873, CVE-2017-11840, CVE-2017-11841, CVE-2017-11861)
- MS17-150 Vulnerabilities in Windows Kernel (5 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 4 x Information Disclosure
- 1 x Elevation of Privilege
- Credits:
- Mateusz Jurczyk de Google Project Zero (CVE-2017-11853)
- nyaacate de Viettel Cyber Security par Trend Micro's Zero Day Initiative (CVE-2017-11847)
- Georgios Baltas de MSRC Vulnerabilities & Mitigations Team (CVE-2017-11842)
- fanxiaocao and pjf de IceSword Lab, Qihoo 360 (CVE-2017-11849)
- Marcin Wiazowski par Trend Micro's Zero Day Initiative (CVE-2017-11851)
- MS17-151 Vulnerabilities in Office (5 CVE)
- Affected:
- Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
- Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
- Microsoft Excel 2007 Service Pack 3
- Microsoft Excel 2010 Service Pack 2 (32-bit editions)
- Microsoft Excel 2010 Service Pack 2 (64-bit editions)
- Microsoft Excel 2013 RT Service Pack 1
- Microsoft Excel 2013 Service Pack 1 (32-bit editions)
- Microsoft Excel 2013 Service Pack 1 (64-bit editions)
- Microsoft Excel 2016 (32-bit edition)
- Microsoft Excel 2016 (64-bit edition)
- Microsoft Excel 2016 for Mac
- Microsoft Excel Viewer 2007 Service Pack 3
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 2 (32-bit editions)
- Microsoft Office 2010 Service Pack 2 (64-bit editions)
- Microsoft Office 2013 Service Pack 1 (32-bit editions)
- Microsoft Office 2013 Service Pack 1 (64-bit editions)
- Microsoft Office 2016 (32-bit edition)
- Microsoft Office 2016 (64-bit edition)
- Microsoft Office Compatibility Pack Service Pack 3
- Microsoft Word 2007 Service Pack 3
- Microsoft Word 2010 Service Pack 2 (32-bit editions)
- Microsoft Word 2010 Service Pack 2 (64-bit editions)
- Exploit:
- 4 x Remote Code Execution
- 1 x Security Feature Bypass
- Credits:
- Wayne Low (@x9090) de Fortinet s FortiGuard Lab (CVE-2017-11854)
- Jonathan BirchMicrosoft Corporation (CVE-2017-11877)
- Dhanesh KizhakkinanFireEye Inc (CVE-2017-11884)
- Denis Selianin from Embedi (CVE-2017-11882)
- Jaanus Kp Clarified Security par Trend Micro's Zero Day Initiative (CVE-2017-11878)
- MS17-152 Vulnerabilities in Microsoft Graphics (GDI) (4 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 4 x Information Disclosure
- Credits:
- Wayne Low (@x9090) de Fortinet s FortiGuard Lab (CVE-2017-11832)
- kdot par Trend Micro's Zero Day Initiative, Hossein Lotfi, Secunia Research at Flexera Software, Wayne Low (@x9090) de Fortinet s FortiGuard Lab (CVE-2017-11835)
- Team "Pwn4Fun" from Best de Best ( BOB ) (CVE-2017-11852)
- fanxiaocao and pjf de IceSword Lab, Qihoo 360 (CVE-2017-11850)
- MS17-153 Vulnerabilities in ASP.NET (3 CVE)
- Affected:
- ASP.NET Core 1.0
- ASP.NET Core 1.1
- ASP.NET Core 2.0
- Exploit:
- 1 x Denial of Service
- 1 x Information Disclosure
- 1 x Elevation of Privilege
- Published: CVE-2017-8700, CVE-2017-11883
- Credits:
- K vin Chalet (CVE-2017-11879)
- ? (CVE-2017-8700, CVE-2017-11883)
- MS17-154 Vulnerabilities in Windows (2 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 2 x Information Disclosure
- Credits:
- Mateusz Jurczyk de Google Project Zero (CVE-2017-11831)
- Mateusz Jurczyk de Google Project zero (CVE-2017-11880)
- MS17-155 Vulnerability in Windows Media Player (1 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 1 x Information Disclosure
- Credits:
- James Lee de Kryptos Logic (CVE-2017-11768)
- MS17-156 Vulnerability in .Net (1 CVE)
- Affected:
- .NET Core 1.0
- .NET Core 1.1
- .NET Core 2.0
- Exploit:
- 1 x Denial of Service
- Credits:
- Bachraty Gergely (CVE-2017-11770)
- MS17-157 Vulnerability in Device Guard (1 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 1 x Security Feature Bypass
- Credits:
- James Forshaw de Google Project Zero (CVE-2017-11830)
- MS17-158 Vulnerability in Windows Search (1 CVE)
- Affected:
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server, version 1709 (Server Core Installation)
- Exploit:
- 1 x Denial of Service
- Credits:
- Lei Shi de Qihoo 360 Inc (CVE-2017-11788)
- MS17-159 Vulnerability in SharePoint (1 CVE)
- Affected:
- Microsoft Project Server 2013 Service Pack 1
- Microsoft SharePoint Enterprise Server 2016
- Exploit:
- 1 x Elevation of Privilege
- Credits:
- ? (CVE-2017-11876)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement