Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Storm Center - Internet Security | DShield Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Thu, Oct 12th):Outlook S/MIME Flaw; #RubyGems Vuln; #Google Home Mini Recording Flaw; #Camaradar

Latest Diaries

October 2017 Security Updates

Published: 2017-10-10
Last Updated: 2017-10-10 21:42:48 UTC
by Richard Porter (Version: 1)
2 comment(s)
October 2017 Security Updates
DescriptionMSFT Severity
CVEDisclosed/ExploitedExploitability (old/current)Client SeverityServer Severity
Microsoft Office Remote Code Execution VulnerabilityImportant
CVE 2017-11825No/No?/?CriticalImportant
Internet Explorer Memory Corruption VulnerabilityCritical
CVE 2017-11822No/NoMore Likely/More LikelyCriticalCritical
CVE 2017-11813No/No?/?
Windows Subsystem for Linux Denial of Service VulnerabilityImportant
CVE 2017-8703Yes/No?/?ImportantImportant
Microsoft Edge Memory Corruption VulnerabilityImportant
CVE 2017-8726No/No?/?ImportantImportant
Microsoft Office Memory Corruption VulnerabilityImportant
CVE 2017-11826Yes/YesMore Likely/DetectedPatch NowImportant
Scripting Engine Memory Corruption VulnerabilityCritical
CVE 2017-11821No/No?/?CriticalCritical
CVE 2017-11792No/No?/?
CVE 2017-11793No/NoMore Likely/More Likely
CVE 2017-11796No/No?/?
CVE 2017-11798No/No?/?
CVE 2017-11799No/No?/?
CVE 2017-11800No/No?/?
CVE 2017-11801No/No?/?
CVE 2017-11802No/No?/?
CVE 2017-11804No/No?/?
CVE 2017-11805No/No?/?
CVE 2017-11806No/No?/?
CVE 2017-11807No/No?/?
CVE 2017-11808No/No?/?
CVE 2017-11809No/No?/?
CVE 2017-11810No/NoMore Likely/More Likely
CVE 2017-11811No/No?/?
CVE 2017-11812No/No?/?
Microsoft Windows Security Feature BypassImportant
CVE 2017-11823No/NoMore Likely/More LikelyImportantImportant
Windows SMB Information Disclosure VulnerabilityImportant
CVE 2017-11815No/No?/?ImportantImportant
Windows Shell Memory Corruption VulnerabilityCritical
CVE 2017-8727No/NoMore Likely/More LikelyCriticalCritical
Windows Server 2008 Defense in Depth
ADV170016No/NoLess Likely/Less Likely
Windows Information Disclosure VulnerabilityImportant
CVE 2017-11817No/NoLess Likely/Less LikelyImportantImportant
Internet Explorer Information Disclosure VulnerabilityImportant
CVE 2017-11790No/NoLess Likely/Less LikelyImportantImportant
Microsoft Office SharePoint XSS VulnerabilityImportant
CVE 2017-11775No/NoLess Likely/Less LikelyN/AImportant
CVE 2017-11777Yes/NoLess Likely/Less Likely
CVE 2017-11820No/NoLess Likely/Less Likely
Windows Search Remote Code Execution VulnerabilityCritical
CVE 2017-11771No/NoMore Likely/More LikelyCriticalCritical
Windows Shell Remote Code Execution VulnerabilityCritical
CVE 2017-11819No/No?/?CriticalCritical
Microsoft Outlook Security Feature Bypass VulnerabilityImportant
CVE 2017-11774No/NoLess Likely/Less LikelyImportantImportant
Scripting Engine Information Disclosure VulnerabilityCritical
CVE 2017-11797No/No?/?CriticalCritical
Windows SMB Elevation of Privilege VulnerabilityImportant
CVE 2017-11782No/NoMore Likely/More LikelyImportantImportant
Windows Security Feature Bypass VulnerabilityImportant
CVE 2017-8715No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Information Disclosure VulnerabilityImportant
CVE 2017-8693No/NoMore Likely/More LikelyImportantImportant
Windows Elevation of Privilege VulnerabilityImportant
CVE 2017-11783No/NoMore Likely/More LikelyImportantImportant
Microsoft Search Information Disclosure VulnerabilityImportant
CVE 2017-11772No/NoMore Likely/More LikelyImportantImportant
Microsoft Graphics Remote Code Execution VulnerabilityCritical
CVE 2017-11762No/NoMore Likely/More LikelyCriticalCritical
CVE 2017-11763No/NoMore Likely/More Likely
Microsoft Outlook Information Disclosure VulnerabilityImportant
CVE 2017-11776No/NoUnlikely/UnlikelyImportantImportant
Skype for Business Elevation of Privilege VulnerabilityImportant
CVE 2017-11786No/NoUnlikely/UnlikelyImportantImportant
Optional Windows NTLM SSO authentication changes
ADV170014No/NoLess Likely/Less Likely
Microsoft Edge Information Disclosure Vulnerability
CVE 2017-11794No/No?/?
Vulnerability in TPM could allow Security Feature BypassCritical
ADV170012No/NoLess Likely/Less LikelyCriticalCritical
Windows DNSAPI Remote Code Execution VulnerabilityCritical
CVE 2017-11779No/NoLess Likely/Less LikelyCriticalCritical
Win32k Elevation of Privilege VulnerabilityImportant
CVE 2017-8689No/NoMore Likely/More LikelyImportantImportant
CVE 2017-8694No/NoMore Likely/More Likely
Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE 2017-11824No/No?/?ImportantImportant
Windows Kernel Information Disclosure VulnerabilityImportant
CVE 2017-11765No/NoMore Likely/More LikelyImportantImportant
CVE 2017-11784No/NoLess Likely/Less Likely
CVE 2017-11785No/NoLess Likely/Less Likely
CVE 2017-11814No/NoMore Likely/More Likely
Windows Update Delivery Optimization Elevation of Privilege VulnerabilityImportant
CVE 2017-11829No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Remote Code Execution VulnerabilityImportant
CVE 2017-11780No/NoMore Likely/More LikelyImportantImportant
Office Defense in Depth UpdateNone
ADV170017No/NoLess Likely/Less LikelyNoneNone
Windows GDI Information Disclosure VulnerabilityImportant
CVE 2017-11816No/NoMore Likely/More LikelyImportantImportant
TRIE Remote Code Execution VulnerabilityImportant
CVE 2017-11769No/NoLess Likely/Less LikelyImportantImportant
Microsoft JET Database Engine Remote Code Execution VulnerabilityImportant
CVE 2017-8717No/NoLess Likely/Less LikelyImportantImportant
CVE 2017-8718No/NoLess Likely/Less Likely
Windows Storage Security Feature Bypass VulnerabilityImportant
CVE 2017-11818No/NoLess Likely/Less LikelyImportantImportant
Windows SMB Denial of Service VulnerabilityImportant
CVE 2017-11781No/NoUnlikely/UnlikelyImportantImportant
Keywords:
2 comment(s)
Join us at SANS! SANS DEV522: Defending Web Applications Security Essentials. Language agnostic techniques to secure web applications. For Developers, system administrators, project managers and QA testers.

If you have more information or corrections regarding our diary, please share.

Top of page

Recent Diaries

Base64 All The Things!
Oct 9th 2017
2 days ago by Xme (2 comments)

A strange JPEG file
Oct 8th 2017
3 days ago by DidierStevens (1 comment)

CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises
Oct 7th 2017
4 days ago by Russell (0 comments)

What's in a cable? The dangers of unauthorized cables
Oct 6th 2017
5 days ago by Johannes (0 comments)

pcap2curl: Turning a pcap file into a set of cURL commands for "replay"
Oct 5th 2017
6 days ago by Johannes (0 comments)

View All Diaries →
Top of page

Latest Discussions

Live Malware hosting site (research)
created Oct 6th 2017
6 days ago by Anonymous (0 replies)

CVE-2017-5638 probe
created Oct 5th 2017
6 days ago by Anonymous (0 replies)

What is Adobe Experience Manager?
created Oct 5th 2017
6 days ago by Anonymous (0 replies)

Placement of MSSP accessible log collector
created Sep 12th 2017
4 weeks ago by Anonymous (0 replies)

Placement of MSSP accessible log collector?
created Sep 12th 2017
4 weeks ago by Anonymous (0 replies)

View All Forums →
Top of page

Latest News

View All News →
Top of page

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
3 months ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
2 months ago by Johannes (12 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 month ago by Xme (2 comments)

OAUTH phishing against Google Docs ? beware!
May 3rd 2017
5 months ago by Bojan (6 comments)

Microsoft Patch Tuesday August 2017
Aug 8th 2017
2 months ago by Johannes (6 comments)