November 2017 security update release
Nov 14, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."
Nov 14, 2017 - "The November security release consists of security updates for the following software:
Microsoft Office and Microsoft Office Services and Web Apps
ASP.NET Core and .NET Core
Chakra Core ...
Security Update Summary
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."
Nov 14, 2017
Nov 14, 2017 - "Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day...
Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
No critical updates for Windows, but for IE 11 and Microsoft Edge.
Lots of known issues. <<
Operating System Distribution:
Windows 7: 12 vulnerabilities of which 12 are rated important
Windows 8.1: 11 vulnerabilities of which 11 are rated important
Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important
Windows Server products:
Windows Server 2008: 11 vulnerabilities of which 11 are rated important
Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
Windows Server 2016: 12 vulnerabilities of which 12 are rated important
Other Microsoft Products
Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important ..."
Qualys analysis: https://blog.qualys....ve-adobe-update
Nov 14, 2017 - "This November Patch Tuesday is moderate in volume, and in severity. Microsoft released patches to address -53- unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS gets 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847, as they address a Security Feature Bypass, and a Privilege Elevation respectively. It should also be noted that CVE-2017-11848,CVE-2017-11827,CVE-2017-11883,CVE-2017-8700 have public exploits, but they do not appear to be used in any active campaigns.
From a prioritization standpoint, focus on the fixes for CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which all address the Scripting Engine in Edge and Internet Explorer, especially on laptops, and other workstation-type systems where the logged in user may have administrative privileges. Microsoft lists exploitation as More Likely for these vulnerabilities, especially if a user is tricked into viewing a malicious site or opening an attachment. While Microsoft lists the fix for CVE-2017-11882 as Important, there may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well. It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed. Therefore, it is recommended you ensure last month’s security patches are fully addressed. Alternatively, you can install this month’s Monthly Rollups, as they should include this fix.
Adobe has also released patches for 9 advisories, fixing a stunning -62- CVEs for Acrobat and Reader alone, so ensure that you are updating Adobe across your environment to stay protected."
Edited by AplusWebMaster, 14 November 2017 - 04:20 PM.