【威胁通告】微软发布11月补丁修复53个安全问题

文章目录

微软于周二发布了11月安全更新补丁,修复了53个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、Adobe Flash Player、ASP .NET、ASP.NET、Device Guard、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows Search Component、None、Windows Kernel、Windows Kernel-Mode Drivers以及Windows Media Player。

相关信息如下(红色部分威胁相对比较高):

产品CVE 编号CVE 标题
.NET FrameworkCVE-2017-11770.NET CORE 拒绝服务漏洞
Adobe Flash PlayerADV170019November 2017 Flash 安全更新s
ASP .NETCVE-2017-8700ASP.NET Core 信息泄露漏洞
ASP.NETCVE-2017-11879ASP.NET Core 提权漏洞
Device GuardCVE-2017-11830Device Guard 安全功能绕过漏洞
Internet ExplorerCVE-2017-11856Internet Explorer 内存破坏漏洞
Internet ExplorerCVE-2017-11848Internet Explorer 信息泄露漏洞
Internet ExplorerCVE-2017-11855Internet Explorer 内存破坏漏洞
Microsoft BrowsersCVE-2017-11827Microsoft Browser 内存破坏漏洞
Microsoft EdgeCVE-2017-11803Microsoft Edge 信息泄露漏洞
Microsoft EdgeCVE-2017-11833Microsoft Edge 信息泄露漏洞
Microsoft EdgeCVE-2017-11844Microsoft Edge 信息泄露漏洞
Microsoft EdgeCVE-2017-11845Microsoft Edge 内存破坏漏洞
Microsoft EdgeCVE-2017-11863Microsoft Edge 安全功能绕过漏洞
Microsoft EdgeCVE-2017-11872Microsoft Edge 安全功能绕过漏洞
Microsoft EdgeCVE-2017-11874Microsoft Edge 安全功能绕过漏洞
Microsoft Graphics ComponentCVE-2017-11832Windows EOT Font Engine 信息泄露漏洞
Microsoft Graphics ComponentCVE-2017-11851Windows Kernel 信息泄露漏洞
Microsoft Graphics ComponentCVE-2017-11835Windows EOT Font Engine 信息泄露漏洞
Microsoft Graphics ComponentCVE-2017-11850Microsoft Graphics Component 信息泄露漏洞
Microsoft Graphics ComponentCVE-2017-11852Windows GDI 信息泄露漏洞
Microsoft OfficeCVE-2017-11876Microsoft Project Server 特权提升漏洞
Microsoft OfficeCVE-2017-11877Microsoft Excel 安全功能绕过漏洞
Microsoft OfficeCVE-2017-11878Microsoft Excel 内存破坏漏洞
Microsoft OfficeADV170020Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2017-11884Microsoft Office 内存破坏漏洞
Microsoft OfficeCVE-2017-11854Microsoft Word 内存破坏漏洞
Microsoft OfficeCVE-2017-11882Microsoft Office 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11791Scripting Engine 信息泄露漏洞
Microsoft Scripting EngineCVE-2017-11837Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11839Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11841Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11861Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11862Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11870Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11873Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11834Scripting Engine 信息泄露漏洞
Microsoft Scripting EngineCVE-2017-11836Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11838Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11840Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11843Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11846Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11866Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11858Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11869Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2017-11871Scripting Engine 内存破坏漏洞
Microsoft Windows Search ComponentCVE-2017-11788Windows Search 拒绝服务漏洞
NoneCVE-2017-11883ASP.NET Core Denial Of Service Vulnerability
Windows KernelCVE-2017-11831Windows 信息泄露漏洞
Windows KernelCVE-2017-11847Windows Kernel 特权提升漏洞
Windows KernelCVE-2017-11880Windows 信息泄露漏洞
Windows Kernel-Mode DriversCVE-2017-11842Windows Kernel 信息泄露漏洞
Windows Kernel-Mode DriversCVE-2017-11849Windows Kernel 信息泄露漏洞
Windows Kernel-Mode DriversCVE-2017-11853Windows Kernel 信息泄露漏洞
Windows Media PlayerCVE-2017-11768Windows Media Player 信息泄露漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

附件

ADV170019 – November 2017 Flash Security Updates

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
ADV170019
MITRE
NVD
CVE Title: November 2017 Flash Security Updates
Description:This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB17-33: CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-11215, CVE-2017-11225.FAQ:How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.

Mitigations:

Workarounds:

Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.

  • Prevent Adobe Flash Player from running

You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To set the kill bit for the control in the registry, perform the following steps:

    1. Paste the following into a text file and save it with the .reg file extension.

Copy

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]”Compatibility Flags”=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]”Compatibility Flags”=dword:00000400

    1. Double-click the .reg file to apply it to an individual system.You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.

Note You must restart Internet Explorer for your changes to take effect.

Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer.

How to undo the workaround. Delete the registry keys that were added in implementing this workaround.

 

  • Prevent Adobe Flash Player from running in Internet Explorer through Group Policy

Note The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:

Group Policy Overview

What is Group Policy Object Editor?

Core Group Policy tools and settings

To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:

Note This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.

    1. Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.
    2. Navigate to the following node:Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Add-on Management
    3. Double-click Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects.
    4. Change the setting to Enabled.
    5. Click Apply and then click OK to return to the Group Policy Management Console.
    6. Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect.

 

  • Prevent Adobe Flash Player from running in Office 2010 on affected systems

Note This workaround does not prevent Adobe Flash Player from running in Internet Explorer.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:

    1. Create a text file named Disable_Flash.reg with the following contents:

Copy

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]”Compatibility Flags”=dword:00000400

    1. Double-click the .reg file to apply it to an individual system.

3.      Note You must restart Internet Explorer for your changes to take effect.

You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.

 

  • Prevent ActiveX controls from running in Office 2007 and Office 2010

To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:

    1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
    2. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.
    3. Click OK to save your settings.

Impact of workaround. Office documents that use embedded ActiveX controls may not display as intended.

How to undo the workaround.

To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:

    1. Click File, click Options, click Trust Center, and then click Trust Center Settings.
    2. Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.
    3. Click OK to save your settings.

 

  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones

You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.

To raise the browsing security level in Internet Explorer, perform the following steps:

    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Security tab, and then click Internet.
    3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    4. Click Local intranet.
    5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    6. Click OK to accept the changes and return to Internet Explorer.

Note If no slider is visible, click Default Level, and then move the slider to High.

Note Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.

Impact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in “Add sites that you trust to the Internet Explorer Trusted sites zone”.

 

  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:

    1. In Internet Explorer, click Internet Options on the Tools menu.
    2. Click the Security tab.
    3. Click Internet, and then click Custom Level.
    4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    5. Click Local intranet, and then click Custom Level.
    6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    7. Click OK to return to Internet Explorer, and then click OK again.

Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.

Impact of workaround. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in “Add sites that you trust to the Internet Explorer Trusted sites zone”.

 

  • Add sites that you trust to the Internet Explorer Trusted sites zone

After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.

To do this, perform the following steps:

    1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
    2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
    3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
    4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
    5. Repeat these steps for each site that you want to add to the zone.
    6. Click OK two times to accept the changes and return to Internet Explorer.

Note Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and they require an ActiveX control to install the update.

Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

ADV170019
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Adobe Flash Player on Windows Server 20124048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for 32-bit systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for x64-based systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 R24048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.14048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for 32-bit Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for x64-based Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 20164048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for 64-based Systems4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server, version 1709 (Server Core Installation)4048951 Security UpdateCriticalRemote Code Execution4049179Base: N/A
Temporal: N/A
Vector: N/A
Yes

ADV170020 – Microsoft Office Defense in Depth Update

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
ADV170020
MITRE
NVD
CVE Title: Microsoft Office Defense in Depth Update
Description:Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.
NoneDefense in Depth

Affected Software

The following tables list the affected software details for the vulnerability.

ADV170020
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Word 2007 Service Pack 34011266 Security UpdateNoneDefense in Depth3213648Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions)4011270 Security UpdateNoneDefense in Depth3213630Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions)4011270 Security UpdateNoneDefense in Depth3213630Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions)4011268 Security UpdateNoneDefense in Depth3213627Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions)4011268 Security UpdateNoneDefense in Depth3213627Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2010 Service Pack 24011271 Security UpdateNoneDefense in Depth4011194Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions)4011250 Security UpdateNoneDefense in Depth4011232Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions)4011250 Security UpdateNoneDefense in Depth4011232Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 14011250 Security UpdateNoneDefense in Depth4011232Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps Server 2013 Service Pack 14011247 Security UpdateNoneDefense in Depth4011231Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 for MacRelease Notes Security UpdateNoneDefense in Depth4011231Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Word 2016 (32-bit edition)4011242 Security UpdateNoneDefense in Depth4011222Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition)4011242 Security UpdateNoneDefense in Depth4011222Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 20164011244 Security UpdateNoneDefense in Depth4011217Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer4011264 Security UpdateNoneDefense in Depth4011236Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Compatibility Pack Service Pack 34011265 Security UpdateNoneDefense in Depth3213647Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 24011267 Security UpdateNoneDefense in Depth3213623Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 14011245 Security UpdateNoneDefense in Depth4011068Base: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11768 – Windows Media Player Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11768
MITRE
NVD
CVE Title: Windows Media Player Information Disclosure Vulnerability
Description:An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.The update addresses the vulnerability by changing the way Windows Media Player discloses file information.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11768
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 2.5
Temporal: 2.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O
Yes

CVE-2017-11770 – .NET CORE Denial Of Service Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11770
MITRE
NVD
CVE Title: .NET CORE Denial Of Service Vulnerability
Description:A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.A remote unauthenticated attacker could exploit this vulnerability by providing a specially crafted certificate to the .NET Core application.The update addresses the vulnerability by correcting how the .NET Core web application handles parsing certificate data.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantDenial of Service

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11770
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
.NET Core 1.0Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes
.NET Core 1.1Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes
.NET Core 2.0Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes

CVE-2017-11788 – Windows Search Denial of Service Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11788
MITRE
NVD
CVE Title: Windows Search Denial of Service Vulnerability
Description:A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through a Server Message Block (SMB) connection.The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:

Disable WSearch service

Interactive workaround deployment steps

  1. Click Start, click Run, type “regedit” (without the quotation marks), and then click OK.
  2. Expand HKEY_LOCAL_MACHINE
  3. Expand System, then CurrentControlSet, then Services
  4. Click on WSearch
  5. Click the File menu and select Export.
  6. In the Export Registry File dialog type “WSearch_configuration_backup.reg” and press Save.
  7. Double-click the value named Start and change the Value data field to 4
  8. Click OK
  9. Run the following command at a command prompt running as an administrator:
                   sc stop WSearch

Impact of workaround

The Windows Search functionality will not be available to applications that use it for searches.

How do undo the workaround

  1. Click Start , click Run , type “regedit ” (without the quotation marks), and then click OK.
  2. Click the File menu and select Import.
  3. In the Import Registry File dialog select “WSearch_configuration_backup.reg” and press Open.

 

Managed workaround deployment steps

  1. First a backup copy of the registry keys can be made from a managed deployment script with the following command:
                    regedit /e WSearch_configuration_backup.reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WSearch
  2. Next save the following to a file with a .REG extension (e.g. Disable_WSearch.reg)
                    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WSearch]
    “Start”=dword:00000004
  3. Run the registry script created in step 2 on the target machine with the following command:
                     regedit /s Disable_WSearch .reg
  4. Run the following command at a command prompt running as an administrator:
                      sc stop WSearch

Impact of workaround

The Windows Search functionality will not be available to applications that use it for searches.

How to undo the workaround

Restore the original state by running the following command:
regedit /s WSearch_configuration_backup.reg

Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantDenial of Service

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11788
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4047211 Security UpdateImportantDenial of Service4041681Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantDenial of Service4041690Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantDenial of Service4041690Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantDenial of Service4041693Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantDenial of Service4041693Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantDenial of Service4041693Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantDenial of Service4041693Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantDenial of Service4041693Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantDenial of Service4042895Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantDenial of Service4042895Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantDenial of Service4041689Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantDenial of Service4041689Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantDenial of Service4041691Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantDenial of Service4041691Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantDenial of Service4041691Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantDenial of Service4041691Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantDenial of Service4041676Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantDenial of Service4041676Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantDenial of Service4042198Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24047211 Security UpdateImportantDenial of Service4042198Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24047211 Security UpdateImportantDenial of Service4042198Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24047211 Security UpdateImportantDenial of Service4042198Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4047211 Security UpdateImportantDenial of Service4042198Base: 5.9
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes

CVE-2017-11791 – Scripting Engine Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11791
MITRE
NVD
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site.The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11791
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantInformation Disclosure4041681Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantInformation Disclosure4041681Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
LowInformation Disclosure4041681Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
LowInformation Disclosure4041693Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4042895 Security UpdateImportantInformation Disclosure4038781Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateLowInformation Disclosure4041691Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
LowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateLowInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11803 – Microsoft Edge Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11803
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site.The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11803
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11827 – Microsoft Browser Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11827
MITRE
NVD
CVE Title: Microsoft Browser Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11827
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
LowRemote Code Execution4041681Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
LowRemote Code Execution4041693Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupImportantRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateImportantRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateImportantRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateLowRemote Code Execution4041691Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowRemote Code Execution4042198Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
LowRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateImportantRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateImportantRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11830 – Device Guard Security Feature Bypass Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11830
MITRE
NVD
CVE Title: Device Guard Security Feature Bypass Vulnerability
Description:A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute.In an attack scenario, an attacker could make an untrusted file appear to be a trusted file.The update addresses the vulnerability by correcting how Device Guard handles untrusted files.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantSecurity Feature Bypass

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11830
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 10 for 32-bit Systems4048956 Security UpdateImportantSecurity Feature Bypass4042895Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantSecurity Feature Bypass4042895Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantSecurity Feature Bypass4041689Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantSecurity Feature Bypass4041689Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O
Yes

CVE-2017-11831 – Windows Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11831
MITRE
NVD
CVE Title: Windows Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11831
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4046184 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24046184 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24046184 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24046184 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4046184 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11832 – Windows EOT Font Engine Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11832
MITRE
NVD
CVE Title: Windows EOT Font Engine Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts.The security update addresses the vulnerability by correcting how the Windows EOT font engine handles embedded fonts.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11832
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048968 Security UpdateImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11833 – Microsoft Edge Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11833
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerability. However, in all cases an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker’s site.The security update addresses the vulnerability by correcting how Microsoft Edge handles cross-origin requests.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11833
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateLowInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11834 – Scripting Engine Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11834
MITRE
NVD
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site.The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11834
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantInformation Disclosure4041681Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ImportantInformation Disclosure4041681Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
LowInformation Disclosure4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantInformation Disclosure4041693Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
ImportantInformation Disclosure4041693Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
LowInformation Disclosure4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateLowInformation Disclosure4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 5.3
Temporal: 4.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
LowInformation Disclosure4040685Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11835 – Windows EOT Font Engine Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11835
MITRE
NVD
CVE Title: Windows EOT Font Engine Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts.The security update addresses the vulnerability by correcting how the Windows EOT font engine handles embedded fonts.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11835
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048968 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11836 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11836
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11836
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11837 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11837
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11837
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11838 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11838
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11838
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11839 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11839
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11839
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes

CVE-2017-11840 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11840
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11840
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11841 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11841
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11841
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11842 – Windows Kernel Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11842
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11842
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes

CVE-2017-11843 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11843
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11843
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
ModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11844 – Microsoft Edge Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11844
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site.The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

LowInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11844
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11845 – Microsoft Edge Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11845
MITRE
NVD
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11845
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11846 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11846
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11846
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
ModerateRemote Code Execution4040685Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11847 – Windows Kernel Elevation of Privilege Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11847
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description:An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantElevation of Privilege

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11847
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantElevation of Privilege4041681Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantElevation of Privilege4041681Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantElevation of Privilege4041681Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantElevation of Privilege4041681Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantElevation of Privilege4041681Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantElevation of Privilege4042120Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantElevation of Privilege4041690Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantElevation of Privilege4041690Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantElevation of Privilege4041693Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantElevation of Privilege4041693Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantElevation of Privilege4041693Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantElevation of Privilege4041693Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantElevation of Privilege4041693Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantElevation of Privilege4042895Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantElevation of Privilege4042895Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantElevation of Privilege4041689Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantElevation of Privilege4041689Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantElevation of Privilege4041691Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantElevation of Privilege4041691Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantElevation of Privilege4041691Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantElevation of Privilege4041691Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantElevation of Privilege4041676Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantElevation of Privilege4041676Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantElevation of Privilege4042198Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048970 Security UpdateImportantElevation of Privilege4042120Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048970 Security UpdateImportantElevation of Privilege4042120Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048970 Security UpdateImportantElevation of Privilege4042120Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantElevation of Privilege4042120Base: 7
Temporal: 6.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

CVE-2017-11848 – Internet Explorer Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11848
MITRE
NVD
CVE Title: Internet Explorer Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specially crafted website. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by changing how page content is handled by Internet Explorer.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

LowInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11848
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeLowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateInformation Disclosure4041681Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateInformation Disclosure4041681Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
LowInformation Disclosure4041681Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
ModerateInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
ModerateInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
LowInformation Disclosure4041693Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupModerateInformation Disclosure4041693Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateModerateInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateModerateInformation Disclosure4042895Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateModerateInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateModerateInformation Disclosure4041689Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateLowInformation Disclosure4041691Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateModerateInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateModerateInformation Disclosure4041691Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateModerateInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateModerateInformation Disclosure4041676Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateModerateInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateModerateInformation Disclosure4042198Base: 4.3
Temporal: 3.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowInformation Disclosure4042198Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
LowInformation Disclosure4040685Base: 2.4
Temporal: 2.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11849 – Windows Kernel Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11849
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11849
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11850 – Microsoft Graphics Component Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11850
MITRE
NVD
CVE Title: Microsoft Graphics Component Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11850
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes

CVE-2017-11851 – Windows Kernel Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11851
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11851
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11852 – Windows GDI Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11852
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11852
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11853 – Windows Kernel Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11853
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11853
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for x64-based Systems Service Pack 24048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4048970 Security UpdateImportantInformation Disclosure4042120Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O
Yes

CVE-2017-11854 – Microsoft Word Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11854
MITRE
NVD
CVE Title: Microsoft Word Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11854
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Word 2007 Service Pack 34011266 Security UpdateImportantRemote Code Execution3213648Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions)4011270 Security UpdateImportantRemote Code Execution3213630Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions)4011270 Security UpdateImportantRemote Code Execution3213630Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions)4011268 Security UpdateImportantRemote Code Execution3213627Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions)4011268 Security UpdateImportantRemote Code Execution3213627Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Compatibility Pack Service Pack 34011265 Security UpdateImportantRemote Code Execution3213647Base: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11855 – Internet Explorer Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11855
MITRE
NVD
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ModerateRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11855
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
ModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

CVE-2017-11856 – Internet Explorer Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11856
MITRE
NVD
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11856
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

CVE-2017-11858 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11858
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11858
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
ModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11861 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11861
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11861
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11862 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11862
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11862
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11863 – Microsoft Edge Security Feature Bypass Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11863
MITRE
NVD
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description:A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network.The security update addresses the bypass by correcting how the Edge CSP validates documents.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantSecurity Feature Bypass

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11863
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateImportantSecurity Feature Bypass4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateImportantSecurity Feature Bypass4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantSecurity Feature Bypass4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantSecurity Feature Bypass4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateLowSecurity Feature Bypass4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowSecurity Feature Bypass4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11866 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11866
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11866
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11869 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11869
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11869
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 24047206 IE CumulativeModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
CriticalRemote Code Execution4041681Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 14047206 IE Cumulative
4048957 Monthly Rollup
ModerateRemote Code Execution4041681Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems4047206 IE Cumulative
4048958 Monthly Rollup
CriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R24047206 IE Cumulative
4048958 Monthly Rollup
ModerateRemote Code Execution4041693Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.14048958 Monthly RollupCriticalRemote Code Execution4041693Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems4048956 Security UpdateCriticalRemote Code Execution4042895Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 20124048959 Monthly Rollup
4047206 IE Cumulative
ModerateRemote Code Execution4040685Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

CVE-2017-11870 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11870
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ModerateRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11870
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11871 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11871
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11871
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11872 – Microsoft Edge Security Feature Bypass Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11872
MITRE
NVD
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description:A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted to a destination website of the attacker’s choice.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles redirect requests.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantSecurity Feature Bypass

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11872
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows Server 20164048953 Security UpdateLowSecurity Feature Bypass4041691Base: 6.5
Temporal: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 6.5
Temporal: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantSecurity Feature Bypass4041691Base: 6.5
Temporal: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 6.5
Temporal: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 6.5
Temporal: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11873 – Scripting Engine Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11873
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

CriticalRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11873
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateCriticalRemote Code Execution4041689Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 20164048953 Security UpdateModerateRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateCriticalRemote Code Execution4041691Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateCriticalRemote Code Execution4041676Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateModerateRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyCriticalRemote Code Execution4042198Base: 4.2
Temporal: 3.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11874 – Microsoft Edge Security Feature Bypass Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11874
MITRE
NVD
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description:A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.To exploit the CFG bypass vulnerability, a user must be logged on and running an affected version of Microsoft Edge. The user would then need to browse to a malicious website.The security update addresses the CFG bypass vulnerability by helping to ensure that Microsoft Edge properly handles accessing memory in code compiled by the Edge JIT compiler.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantSecurity Feature Bypass

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11874
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantSecurity Feature Bypass4041676Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantSecurity Feature Bypass4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server, version 1709 (Server Core Installation)4048955 Security UpdateLowSecurity Feature Bypass4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes
ChakraCoreCommit Security OnlyImportantSecurity Feature Bypass4042198Base: 3.1
Temporal: 2.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11876 – Microsoft Project Server Elevation of Privilege Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11876
MITRE
NVD
CVE Title: Microsoft Project Server Elevation of Privilege Vulnerability
Description:An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site.In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted webpage that is designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message. An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read, use the victim’s identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.The update addresses the vulnerability by modifying how Microsoft Project Server manages user session authentication.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ModerateElevation of Privilege

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11876
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Project Server 2013 Service Pack 14011257 Security UpdateModerateElevation of Privilege3203399Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 20164011244 Security UpdateModerateElevation of Privilege4011217Base: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11877 – Microsoft Excel Security Feature Bypass Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11877
MITRE
NVD
CVE Title: Microsoft Excel Security Feature Bypass Vulnerability
Description:A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run.   To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software.   The security update addresses the vulnerability by enforcing macro settings on Excel documents.FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.
ImportantSecurity Feature Bypass

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11877
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Excel 2007 Service Pack 34011199 Security UpdateImportantSecurity Feature Bypass4011062Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel Viewer 2007 Service Pack 34011206 Security UpdateImportantSecurity Feature Bypass4011065Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions)4011197 Security UpdateImportantSecurity Feature Bypass4011061Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions)4011197 Security UpdateImportantSecurity Feature Bypass4011061Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions)4011233 Security UpdateImportantSecurity Feature Bypass4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions)4011233 Security UpdateImportantSecurity Feature Bypass4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 14011233 Security UpdateImportantSecurity Feature Bypass4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 for MacRelease Notes Security UpdateImportantSecurity Feature Bypass4011108Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Excel 2016 (32-bit edition)4011220 Security UpdateImportantSecurity Feature Bypass4011050Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition)4011220 Security UpdateImportantSecurity Feature Bypass4011050Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Compatibility Pack Service Pack 34011205 Security UpdateImportantSecurity Feature Bypass4011064Base: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11878 – Microsoft Excel Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11878
MITRE
NVD
CVE Title: Microsoft Excel Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11878
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Excel 2007 Service Pack 34011199 Security UpdateImportantRemote Code Execution4011062Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel Viewer 2007 Service Pack 34011206 Security UpdateImportantRemote Code Execution4011065Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions)4011197 Security UpdateImportantRemote Code Execution4011061Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions)4011197 Security UpdateImportantRemote Code Execution4011061Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions)4011233 Security UpdateImportantRemote Code Execution4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions)4011233 Security UpdateImportantRemote Code Execution4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 14011233 Security UpdateImportantRemote Code Execution4011108Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition)4011220 Security UpdateImportantRemote Code Execution4011050Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition)4011220 Security UpdateImportantRemote Code Execution4011050Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Compatibility Pack Service Pack 34011205 Security UpdateImportantRemote Code Execution4011064Base: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11879 – ASP.NET Core Elevation Of Privilege Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11879
MITRE
NVD
CVE Title: ASP.NET Core Elevation Of Privilege Vulnerability
Description:An open redirect vulnerability exists in ASP.NET Core that could lead to elevation of privilege. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link.When an authenticated user clicks the link, the authenticated user’s browser session could be redirected to a malicious site that is designed to steal log-in session information such as cookies or authentication tokens.The update addresses the vulnerability by correcting how ASP.NET Core handles open redirect requests.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantElevation of Privilege

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11879
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
ASP.NET Core 2.0Commit Security UpdateImportantElevation of PrivilegeBase: N/A
Temporal: N/A
Vector: N/A
Yes

CVE-2017-11880 – Windows Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11880
MITRE
NVD
CVE Title: Windows Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11880
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Windows 7 for 32-bit Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)4048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 14048957 Monthly Rollup
4048960 Security Only
ImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)4049164 Security UpdateImportantInformation Disclosure4041681Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20124048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation)4048959 Monthly Rollup
4048962 Security Only
ImportantInformation Disclosure4041690Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R24048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.14048958 Monthly RollupImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation)4048958 Monthly Rollup
4048961 Security Only
ImportantInformation Disclosure4041693Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for 32-bit Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems4048956 Security UpdateImportantInformation Disclosure4042895Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems4048952 Security UpdateImportantInformation Disclosure4041689Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 20164048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation)4048953 Security UpdateImportantInformation Disclosure4041691Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems4048954 Security UpdateImportantInformation Disclosure4041676Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 64-based Systems4048955 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 24049164 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 24049164 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 24049164 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)4049164 Security UpdateImportantInformation Disclosure4042198Base: 4.7
Temporal: 4.2
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

CVE-2017-11882 – Microsoft Office Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11882
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.The security update addresses the vulnerability by correcting how the affected Office component handles objects in memory.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11882
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Office 2007 Service Pack 34011276 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions)2553204 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions)2553204 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions)3162047 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions)3162047 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition)4011262 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition)4011262 Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-11883 – ASP.NET Core Denial Of Service Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11883
MITRE
NVD
CVE Title: ASP.NET Core Denial Of Service Vulnerability
Description:A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application.The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantDenial of Service

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11883
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
ASP.NET Core 2.0Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes
ASP.NET Core 1.1Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes
ASP.NET Core 1.0Commit Security UpdateImportantDenial of ServiceBase: N/A
Temporal: N/A
Vector: N/A
Yes

CVE-2017-11884 – Microsoft Office Memory Corruption Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-11884
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.

FAQ:

This security update is for the Click-to-Run (C2R) version only. For more information and the current Click-to-Run version number, see Office 365 client update channel releases.

I am being offered this update for software that is not specifically indicated as being affected in the Affected Products table. Why am I being offered this update? When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.

For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Products table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Products table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Products table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Products table.

For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.

Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ImportantRemote Code Execution

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-11884
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editionsClick to Run Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editionsClick to Run Security UpdateImportantRemote Code ExecutionBase: N/A
Temporal: N/A
Vector: N/A
Maybe

CVE-2017-8700 – ASP.NET Core Information Disclosure Vulnerability

CVE IDVulnerability DescriptionMaximum Severity RatingVulnerability Impact
CVE-2017-8700
MITRE
NVD
CVE Title: ASP.NET Core Information Disclosure Vulnerability
Description:An information disclosure vulnerability exists in ASP.NET Core that allows bypassing Cross-origin Resource Sharing (CORS) configurations.An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2017 08:00:00    Information published.

ModerateInformation Disclosure

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-8700
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
ASP.NET Core 1.1Commit Security UpdateModerateInformation DisclosureBase: N/A
Temporal: N/A
Vector: N/A
Maybe
ASP.NET Core 1.0Commit Security UpdateModerateInformation DisclosureBase: N/A
Temporal: N/A
Vector: N/A
Maybe

 

 

 

=============

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

 

关于绿盟科技

==============

北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。

基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。

北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易,股票简称:绿盟科技,股票代码:300369。

 

 

Spread the word. Share this post!

Meet The Author

Leave Comment