Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses the Microsoft October 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-746 on Wednesday, October 11th.

In-The-Wild & Disclosed CVEs

CVE-2017-8703

This CVE describes a publicly disclosed denial of service vulnerability which impacts the Windows Subsystem for Linux.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

CVE-2017-11777

Up next, we have a publicly disclosed Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server. Based on information provided by Microsoft, the attacker must also be authenticated to the system in order to successfully complete the attack against another user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

CVE-2017-11826

A memory corruption vulnerability in Microsoft office is the last one in this list for October. It has not only been publicly disclosed but also actively exploited in older releases of Microsoft Office. An attacker who successfully convinced a user to open a malicious office file would gain the ability to execute code as that user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the October Security Guidance, a number of security advisories were also published.

Vulnerability in TPM could allow Security Feature Bypass [ADV170012]

Microsoft has released an advisory regarding a vulnerability in certain Trusted Platform Module chipsets that weakens key strength. More details are available from the chipset manufacturer.  It is important to note Microsoft’s warning on patching this issue:

WARNING: Do NOT apply the TPM firmware update prior to applying the Windows operating system mitigation update. Doing so will render your system unable to determine if your system is affected. You will need this information to conduct full remediation.

Optional Windows NTLM SSO Authentication Changes [ADV170014]

This update changes how Windows 10 and Windows Server 2016 use NTLM Single Sign On (SSO) in conjunction with a Network Isolation Policy. By default, SSO is always allowed, but this change works with the Network Isolation Policy to control when SSO is allowed. The three configuration states are:

  • Always Allowed
  • Allowed when the resource is Private, Enterprise, or Unspecified. (Deny: Public)
  • Allowed when the resource is Private or Enterprise (Deny: Public and Unspecified)

Windows Server 2008 Defense in Depth Update [ADV170016]

Microsoft has released a defense in depth update for Windows Server 2008 SP2.

Office Defense in Depth Update [ADV170017]

Microsoft has released a defense in depth update for all versions of Microsoft Office from 2010 to 2016.

SANS White Paper: Security Basics