Jump to content


Photo

MS Security Updates - Nov 2017


  • Please log in to reply
4 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,013 posts

Posted 14 November 2017 - 01:22 PM

FYI...

November 2017 security update release
- https://blogs.techne...update-release/
Nov 14, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

> https://portal.msrc....e5-000d3a32fc99
Nov 14, 2017 - "The November security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ASP.NET Core and .NET Core
    Chakra Core ...

Known Issues:
- https://support.micr...s/help/4048954/
- https://support.micr...s/help/4048953/
- https://support.micr...us/help/4048955
- https://support.micr...s/help/4048952/
- https://support.micr...us/help/4048956
- https://support.micr...us/help/4048958
- https://support.micr...us/help/4048961
- https://support.micr...us/help/4048957
- https://support.micr...us/help/4048960

Security Update Summary
> https://portal.msrc....curity-guidance
___

- https://www.askwoody...-black-tuesday/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."
___

- https://www.us-cert....ecurity-Updates
Nov 14, 2017
___

ghacks.net: https://www.ghacks.n...r-2017-release/
Nov 14, 2017 - "Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day...
Executive Summary:
    Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
    No critical updates for Windows, but for IE 11 and Microsoft Edge.
    Lots of known issues. <<
Operating System Distribution:
    Windows 7: 12 vulnerabilities of which 12 are rated important
    Windows 8.1: 11 vulnerabilities of which 11 are rated important
    Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
    Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
    Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important
Windows Server products:
    Windows Server 2008: 11 vulnerabilities of which 11 are rated important
    Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
    Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
    Windows Server 2016: 12 vulnerabilities of which 12 are rated important
Other Microsoft Products
    Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
    Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important ..."

Qualys analysis: https://blog.qualys....ve-adobe-update
Nov 14, 2017 - "This November Patch Tuesday is moderate in volume, and in severity.  Microsoft released patches to address -53- unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS gets 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847, as they address a Security Feature Bypass, and a Privilege Elevation respectively. It should also be noted that CVE-2017-11848,CVE-2017-11827,CVE-2017-11883,CVE-2017-8700 have public exploits, but they do not appear to be used in any active campaigns.
From a prioritization standpoint, focus on the fixes for CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which all address the Scripting Engine in Edge and Internet Explorer, especially on laptops, and other workstation-type systems where the logged in user may have administrative privileges. Microsoft lists exploitation as More Likely for these vulnerabilities, especially if a user is tricked into viewing a malicious site or opening an attachment. While Microsoft lists the fix for CVE-2017-11882 as Important, there may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well. It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed. Therefore, it is recommended you ensure last month’s security patches are fully addressed. Alternatively, you can install this month’s Monthly Rollups, as they should include this fix.
Adobe has also released patches for 9 advisories, fixing a stunning -62- CVEs for Acrobat and Reader alone, so ensure that you are updating Adobe across your environment to stay protected."
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 14 November 2017 - 04:20 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,013 posts

Posted 15 November 2017 - 08:05 AM

FYI...

Additional information - MS released patches:
- https://www.security....com/id/1039780
- https://www.security....com/id/1039781
- https://www.security....com/id/1039782
- https://www.security....com/id/1039783
- https://www.security....com/id/1039787

- https://www.security....com/id/1039788
- https://www.security....com/id/1039789
- https://www.security....com/id/1039790
- https://www.security....com/id/1039792
- https://www.security....com/id/1039793

- https://www.security....com/id/1039794
- https://www.security....com/id/1039795
- https://www.security....com/id/1039796
- https://www.security....com/id/1039797
- https://www.security....com/id/1039801
___

November 2017 Office Update Release
- https://blogs.techne...update-release/
Nov 14, 2017 - "... This month, there are -23- security updates and 43 non-security updates. All of the security and non-security updates are listed in KB article 4051890*.
* https://support.micr...icrosoft-office
Last Review: Nov 14, 2017 - Rev: 10

A new version of Office 2013 Click-To-Run is available: 15.0.4981.1001

A new version of Office 2010 Click-To-Run is available: 14.0.7190.5001
___

> https://www.computer...henanigans.html
Nov 15, 2017 - "... It’s a messy month. With no “critical” Windows updates, as long as you don’t use IE or Edge, there’s no huge pressure to apply the updates just yet..."
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 15 November 2017 - 04:02 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,013 posts

Posted 17 November 2017 - 12:50 PM

FYI...

Patch alert...
... Patch Tuesday problems roll out, with a new acknowledgment from Microsoft about a dot matrix printer bug, continued reports of Win10 1703-to-1709 upgrades, one unconfirmed report of a forced 1607-to-1709 upgrade, and a memory violation error with CDPUserSvc...
> https://www.computer...s-continue.html
Nov 17, 2017

> https://www.askwoody...h-tuesday-crop/
Nov 17, 2017

> https://www.ghacks.n...r-2017-updates/
Nov 17, 2017

... Nov patch bugs... see the URLs above...

i.e.: Nov 14, 2017—KB4048957 (Monthly Rollup)
> https://support.micr...pdate-kb4048957
"... After installing this update, some Epson SIDM and Dot Matrix printers cannot print on x86 and x64-based systems.
Microsoft and Epson have determined the cause of the issue and are working on a solution. This problem is not related to the printer driver, so installing current or older print drivers will not resolve the issue.
Microsoft will provide an update in an upcoming release."
Article ID: 4048957 - Last Review: Nov 17, 2017 - Rev: 19
Applies to: Windows Server 2008 R2 Standard, Windows 7 Service Pack 1
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 18 November 2017 - 12:11 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,013 posts

Posted 20 November 2017 - 04:03 PM

FYI...

Windows ASLR Vulnerability
> https://www.us-cert....R-Vulnerability
Nov 20, 2017 - "... released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system..."

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
- https://www.kb.cert.org/vuls/id/817544
19 Nov 2017 - "Overview: Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR.
Description: Address Space Layout Randomization (ASLR)
Starting with Windows Vista, a feature called ASLR was introduced to Windows that helps prevent code-reuse attacks. By loading executable modules at non-predictable addresses, Windows can help to mitigate attacks that rely on code being at predictable locations. Return-oriented programming (ROP) is an exploit technique that relies on code that is loaded to a predictable or discoverable location. One weakness with the implementation of ASLR is that it requires that the code is linked with the /DYNAMICBASE flag to opt in to ASLR.
Mandatory ASLR and Windows 8: Both EMET and Windows Defender Exploit Guard can enable mandatory ASLR for code that isn't linked with the /DYNAMICBASE flag. This can be done on a per-application or system-wide basis. Before Windows 8, system-wide mandatory ASLR was implemented using the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages registry value. By settings this value to 0xFFFFFFFF, Windows will automatically relocate code that has a relocation table, and the new location of the code will be different across reboots of the same system or between different systems. Starting with Windows 8, system-wide mandatory ASLR is implemented differently than with prior versions of Windows. With Windows 8 and newer, system-wide mandatory ASLR is implemented via the HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions binary registry value. The other change introduced with Windows 8 is that system-wide ASLR must have system-wide bottom-up ASLR enabled to supply entropy to mandatory ASLR.
The Problem: Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of "On by default" does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated, but to the same address every time across reboots and even across different systems.
Impact: Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier.
Solution: The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Enable system-wide bottom-up ASLR on systems that have system-wide mandatory ASLR
To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or newer system, the following registry value should be imported:
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
    "MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

Note that importing this registry value will overwrite any existing system-wide mitigations specified by this registry value. The bottom-up ASLR setting specifically is the second 01 in the binary string, while the mandatory ASLR setting is the first 01. Also note that in the past, enabling system-wide mandatory ASLR could cause problems if older AMD/ATI video card drivers are in use. This issue was addressed in the Catalyst 12.6 drivers released in June, 2012."

> https://www.kb.cert.org/vuls/id/458153

> https://support.amd.com/en-us/download
___

> https://www.bleeping...res-how-to-fix/
Nov 17, 2017 - "... Optionally, Bleeping Computer has created an ASLR-fix registry fix file that users only need to download and double-click."
> https://download.ble...eg/ASLR-fix.reg
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 20 November 2017 - 05:50 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,013 posts

Posted Yesterday, 12:01 PM

FYI...

November 21, 2017—KB4055038
- https://support.micr...-2017-kb4055038
Nov 21, 2017 - "Summary: This update addresses an issue that prevents some Epson SIDM (Dot Matrix) and TM (POS) printers from printing on x86-based and x64-based systems..."
Last Review: Nov 21, 2017 - Rev: 9
Applies to:
Windows 8.1, Windows 7 Service Pack 1, Windows Server 2012 Standard, Windows Server 2012 R2 Standard, Windows Server 2008 R2 Service Pack 1
___

November 14, 2017—KB4048957 (Monthly Rollup)
- https://support.micr...pdate-kb4048957
"... After installing this update, some Epson SIDM (Dot Matrix) and TM (POS) printers cannot print on x86 and x64-based systems. This issue has been resolved in KB4055038."
Last Review: Nov 22, 2017 - Rev: 24
Applies to:
Windows Server 2008 R2 Standard, Windows 7 Service Pack 1

> See: "Known issues in this update..."
___

Also:

November 14, 2017—KB4048954
(OS Build 15063.726 and 15063.728)
Windows 10 Version 1703
- https://support.micr...pdate-kb4048954
Last Review: Nov 22, 2017 - Rev: 31
Applies to:
Windows 10, Windows 10 Version 1703

> See: "Known issues in this update..."
___

DDEAuto Attacks Could Leave You at Risk
- https://windowssecre...ve-you-at-risk/
Nov 21, 2017 - "Office has long been used as a means to infiltrate our systems a means by which attackers get into our systems. Every month Office is patched for remote code execution attacks.
Microsoft patches what vulnerabilities it can. Take the November Office updates that fixed issues with older obsolete components in Office 2016 that impacted ODBC drivers. But as pointed out in this research blog post*, mitigation in addition to patching is probably wise.
* https://embedi.com/b...idnt-know-about
The view that mitigation may be better than patching is reinforced with the disclosure of another Office vulnerability that won’t be patched. It can’t be patched, as it impacts functionality of your system. You have to make the determination of how much at risk you want to be. Called the DDEAuto attacks** allows the execution of malicious code on an email without the use of attachments or macros. These macro-less attacks have been used in various attacks[3] such as malware campaigns such as Vortex ransomware and Hancitor.
** https://community.so...kb/en-us/127711
3] https://www.endgame....-cause-analysis
In the example noted in the Sophos blog, an attack can come from in the form of a calendar invite instead of an email. The attachment is in the form of a RTF – or rich text format – and is often not in the form of a traditional attachment. So what can one do if you want to protect yourself from these attacks? Stop opening emails? Don’t open Excel or Word documents? An admirable protection scheme but not realistic to most computer users — and especially not to small businesses.
Defining DDE
Microsoft has long built into its Office products the means to exchange data between applications and other platforms. Dynamic Data Exchange or DDE is one such method."
 

:ninja: :ninja:


Edited by AplusWebMaster, Today, 10:04 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!