Today’s VERT Alert addresses the Microsoft
November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th.
In-The-Wild & Disclosed CVEs
A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core.
Microsoft has rated this as a 2 on the
Exploitability Index (Exploitation Less Likely)
A publicly disclosed vulnerability in Internet Explorer and Microsoft Edge could allow an attacker to gain access to a system with full user rights. The vulnerability exists due to the way Microsoft browsers access objects in memory.
Microsoft has rated this as a 1 on the
Exploitability Index (Exploitation More Likely)
A vulnerability exists in ASP.NET Core that could allow an unauthenticated attacker to cause a denial of service and render the application unresponsive.
Microsoft has rated this as a 2 on the
Exploitability Index (Exploitation Less Likely)
A publicly disclosed information disclosure vulnerability exists in Internet Explorer that could allow a malicious individual to identify when a user leaves a webpage.
Microsoft has rated this as a 2 on the
Exploitability Index (Exploitation Less Likely)
Other Information
In addition to the Microsoft vulnerabilities included in the October Security Guidance, a number of security advisories were also published.
Microsoft has released updates for Adobe Flash. These correspond with Adobe Update
APSB17-33.