Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses the Microsoft November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th.

In-The-Wild & Disclosed CVEs

CVE-2017-8700

A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

CVE-2017-11827

A publicly disclosed vulnerability in Internet Explorer and Microsoft Edge could allow an attacker to gain access to a system with full user rights. The vulnerability exists due to the way Microsoft browsers access objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2017-11883

A vulnerability exists in ASP.NET Core that could allow an unauthenticated attacker to cause a denial of service and render the application unresponsive.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) 

CVE-2017-11848

A publicly disclosed information disclosure vulnerability exists in Internet Explorer that could allow a malicious individual to identify when a user leaves a webpage.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the October Security Guidance, a number of security advisories were also published.

Adobe Flash November Update [ADV170019]

Microsoft has released updates for Adobe Flash. These correspond with Adobe Update APSB17-33.

10 Ways Tripwire Outperforms Other Cybersecurity Solutions
<!-- -->