In-The-Wild & Disclosed CVEs
CVE-2017-8703This CVE describes a publicly disclosed denial of service vulnerability which impacts the Windows Subsystem for Linux. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
CVE-2017-11777Up next, we have a publicly disclosed Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server. Based on information provided by Microsoft, the attacker must also be authenticated to the system in order to successfully complete the attack against another user. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
CVE-2017-11826A memory corruption vulnerability in Microsoft office is the last one in this list for October. It has not only been publicly disclosed but also actively exploited in older releases of Microsoft Office. An attacker who successfully convinced a user to open a malicious office file would gain the ability to execute code as that user. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)
Other InformationIn addition to the Microsoft vulnerabilities included in the October Security Guidance, a number of security advisories were also published.
Vulnerability in TPM could allow Security Feature Bypass [ADV170012]Microsoft has released an advisory regarding a vulnerability in certain Trusted Platform Module chipsets that weakens key strength. More details are available from the chipset manufacturer. It is important to note Microsoft’s warning on patching this issue:
WARNING: Do NOT apply the TPM firmware update prior to applying the Windows operating system mitigation update. Doing so will render your system unable to determine if your system is affected. You will need this information to conduct full remediation.
Optional Windows NTLM SSO Authentication Changes [ADV170014]This update changes how Windows 10 and Windows Server 2016 use NTLM Single Sign On (SSO) in conjunction with a Network Isolation Policy. By default, SSO is always allowed, but this change works with the Network Isolation Policy to control when SSO is allowed. The three configuration states are:
- Always Allowed
- Allowed when the resource is Private, Enterprise, or Unspecified. (Deny: Public)
- Allowed when the resource is Private or Enterprise (Deny: Public and Unspecified)