The document details the Patch Tuesday webinar held on November 15, 2017, covering various security vulnerabilities affecting Microsoft products, including browsers and Windows operating systems. Key vulnerabilities discussed include remote code execution and denial of service issues, alongside links to relevant disclosures and known issues. It emphasizes the importance of updating to the latest Windows versions and provides specific bulletins outlining the affected products and required actions.

1. Patch Tuesday Webinar
Wednesday, November 15, 2017
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 801 615 999

2. Agenda
November 2017 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

3.  Overview

5.  In the News

6. In the News -
 KRACK (Key Reinstallation Attack)
 https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html
 Don’t Count on Office 365 for Email Protection
 https://www.darkreading.com/cloud/office-365-missed-34000-phishing-emails-last-month/d/d-
id/1330282?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
 Bug Tracking Databases – The Holy Grail for Hackers?
 https://www.databreachtoday.com/googles-bug-tracking-database-had-bad-bug-a-10416

7. Public Disclosures
 CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability
 A remote code execution vulnerability exists in the way that Microsoft browsers
access objects in memory. The vulnerability could corrupt memory in a way that
could allow an attacker to execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user.
An attacker would have no way to force users to view the attacker-controlled content
on a exploited website. Instead, an attacker would have to convince users to take
action, typically via an enticement in email or instant message, or by getting them to
open an email attachment.
 CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability
 An information disclosure vulnerability exists when Internet Explorer improperly
handles page content, which could allow an attacker to detect the navigation of the
user leaving a maliciously crafted page. Compromised websites and websites that
accept or host user-provided content could contain specially crafted content that
could exploit the vulnerability.

8. Public Disclosures
 CVE-2017-11883 - ASP.NET Core Denial Of Service Vulnerability
 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An
attacker who successfully exploited this vulnerability could cause a denial of service against a
ASP.NET Core web application. The vulnerability can be exploited remotely, without
authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted
requests to the .NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application
handles web requests.
 CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability
 An information disclosure vulnerability exists in ASP.NET Core that allows bypassing Cross-origin
Resource Sharing (CORS) configurations.
An attacker who successfully exploited the vulnerability could retrieve content, that is normally
restricted, from a web application.
The security update addresses the vulnerability by enforcing CORS configuration to prevent its
bypass.

9. Known Issues Things to be aware of
 Windows 10 Version 1511 will continue to receive limited, critical updates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Everyone strongly urged to update to latest version of Windows 10

10.  Bulletins

11. MS17-11-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 1511, 1607, and 1703, Server 2016, IE 11
and Microsoft Edge
 Description: This bulletin references KB articles 4042895, 4048952, 4048953,
4048954, 4048955 and 4048956. See bulletins for extensive list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
 Fixes 40 Vulnerabilities: CVE-2017-11827 and CVE-2017-11848 are publicly
disclosed. See Details column of Security Update Guide for complete list.
 Restart Required: Requires Restart
 Known Issues: See next slide
 NOTE: Education and Enterprise versions of Windows 10 version 1511 supported until
April 2018.

12. November’s Known Issues for Windows 10
 KB 4048952 - Windows 10 Version 1511
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048952/windows-10-update-kb4048952
 KB 4048953 - Windows 10, Windows Server 2016, Windows 10 Version 1607
 After installing KB 4041691, package users may see an error dialog that indicates that an
application exception has occurred when closing some applications. This can affect applications
that use mshtml.dll to load web content. The failure only occurs when a process is already
shutting down, and doesn't affect application functionality.
 Universal Windows Platform (UWP) applications that use JavaScript and asm.js may stop
working after installing KB 4048953.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048953/windows-10-update-kb4048953

13. November’s Known Issues for Windows 10 (cont)
 KB 4048954 - Windows 10, Windows 10 Version 1703
 Installing this KB may change Czech and Arabic languages to English for Microsoft Edge and
other applications. (Carried over from previous months.)
 Universal Windows Platform (UWP) applications that use JavaScript and asm.js may stop
working after installing KB 4041676.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048954/windows-10-update-kb4048954
 KB 4048955 - Windows 10, Windows 10 version 1709
 Universal Windows Platform (UWP) applications that use JavaScript and asm.js may stop
working after installing KB 4048955.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048955/windows-10-update-kb40489545

14. November’s Known Issues for Windows 10 (cont)
 KB 4048956 - Windows 10, Windows 10 Version 1703
 After installing KB 4042895, package users may receive an error message that states that an
application exception has occurred when some applications are closed. This can affect
applications that use mshtml.dll to load web content. This problem occurs only when a process
is already shutting down, and doesn't affect application functionality.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048956/windows-10-update-kb40489546

15. MS17-11-IE: Security Updates for Internet Explorer
 Maximum Severity: Critical
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer
4047206 are also included in the November 2017 Security Monthly Quality Rollup.
Installing either the Security Update for Internet Explorer or the Security Monthly
Quality Rollup installs the fixes that are in this update. This bulletin references 10 KB
articles.
 Impact: Remote Code Execution, Information Disclosure
 Fixes 12 vulnerabilities: CVE-2017-11791, CVE-2017-11827, CVE-2017-11834,
CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846, CVE-2017-
11848, CVE-2017-11855, CVE-2017-11856, CVE-2017-11858, CVE-2017-11869
 Restart Required: Requires Browser Restart
 Known Issues: None reported

16. MS17-11-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4041686 (released October 17, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4048957.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 11 (shown) + 12 (IE) Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-
2017-11831, CVE-2017-11832, CVE-2017-11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-
11851, CVE-2017-11852, CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: See next slide

17. November’s Known Issues for Windows 7 and Server 2008 R2
 KB 4048957 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service
Pack 1
 After installing KB 4041681, package users may see an error dialog that indicates that an
application exception has occurred when closing some applications. This can affect applications
that use mshtml.dll to load web content. The failure only occurs when a process is already
shutting down, and doesn't affect application functionality.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957

18. MS17-11-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4041692 (released October 17, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4048959.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 11 (shown) + 12 (IE) Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-
2017-11831, CVE-2017-11832, CVE-2017-11842, CVE-2017-11847, CVE-2017-11849, CVE-2017-
11850, CVE-2017-11851, CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: None Reported

19. MS17-11-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4041685 (released October 17, 2017). This bulletin includes updates for IE.
This bulletin is based on KB 4048958.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 10 (shown) + 12 (IE) Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-
2017-11831, CVE-2017-11842, CVE-2017-11847, CVE-2017-11849, CVE-2017-11850, CVE-2017-
11851, CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: See next slide

20. November’s Known Issues for Windows 8.1 and Server 2012 R2
 KB 4048958 - Windows 8.1, Windows Server 2012 R2 Standard
 After installing KB 4041693, package users may see an error dialog that indicates that an
application exception has occurred when closing some applications. This can affect applications
that use mshtml.dll to load web content. The failure only occurs when a process is already
shutting down, and doesn't affect application functionality.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048958/windows-81-update-kb4048958

21. MS17-11-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4048951.
 Impact: Remote Code Execution
 Fixes 5 Vulnerabilities: CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-
11215, CVE-2017-11225
 Restart Required: Requires Application Restart

22. MS17-11-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2007, 2010, 2013, 2016, 2016 macOS; Word 2007, 2010,
2013, 2016, 2016 macOS; Excel 2007, 2010, 2013, 2016, 2016 macOS; SharePoint
Enterprise Server 2016, Project Server 2013, Web Apps Server 2010, 2013
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 25 KB articles.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege,
Defense in Depth
 Fixes 7 Vulnerabilities: ADV170020, CVE-2017-11854, CVE-2017-11876, CVE-
2017-11877, CVE-2017-11878, CVE-2017-11882, CVE-2017-11884
 Restart Required: Requires Restart
 Known Issues: You must have the latest service packs installed in order to install
many of these security patches. Example, Office 2010 SP2, Excel 2013 SP1, etc.

23. MS17-11-2K8: Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008
 Description: This security update includes a critical fixes for Windows Search which
improperly handles objects in memory, the Windows kernel which fails to correctly
initialize a memory address and improperly initializes objects in memory, and the way
that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially
crafted embedded fonts. This bulletin references 5 KB articles.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 10 vulnerabilities: CVE-2017-11788, CVE-2017-11831, CVE-2017-11832, CVE-2017-
11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-11851, CVE-2017-11852, CVE-2017-11853,
CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: None reported

24. MS17-11-SO7: Security-only Update for Win 7 and Server 2008 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Microsoft Windows Search Component, Microsoft
Graphics Component, Windows kernel-mode drivers, Windows Media Player, and
Windows kernel. This bulletin is based on KB 4048960.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 11 Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-2017-11831, CVE-2017-
11832, CVE-2017-11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-11851, CVE-2017-11852,
CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: See next slide

25. November’s Known Issues for Windows 7 and Server 2008 R2
 KB4048960 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service
Pack 1
 After installing KB4041681, package users may see an error dialog that indicates that an
application exception has occurred when closing some applications. This can affect applications
that use mshtml.dll to load web content. The failure only occurs when a process is already
shutting down, and doesn't affect application functionality.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048960/windows-7-update-kb4048960

26. MS17-11-SO8: Security-only Update Server 2012
 Maximum Severity: Important
 Affected Products: Microsoft Server 2012
 Description: Security updates to Microsoft Windows Search Component, Microsoft
Graphics Component, Windows kernel-mode drivers, Windows Media Player, and
Windows kernel. This bulletin is based on KB 4048962.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 11 Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-2017-11831, CVE-2017-
11832, CVE-2017-11842, CVE-2017-11847, CVE-2017-11849, CVE-2017-11850, CVE-2017-11851,
CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: None reported

27. MS17-11-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Maximum Severity: Important
 Affected Products: Microsoft Windows 8.1 and Server 2012 R2
 Description: Security updates to Microsoft Windows Search Component, Windows
Media Player, Microsoft Graphics Component, Windows kernel-mode drivers, and the
Windows kernel. This bulletin is based on KB 4048961.
 Impact: Denial of Service, Elevation of Privilege and Information Disclosure
 Fixes 10 Vulnerabilities: CVE-2017-11768, CVE-2017-11788, CVE-2017-11831, CVE-2017-11842, CVE-
2017-11847, CVE-2017-11849, CVE-2017-11850, CVE-2017-11851, CVE-2017-11853, CVE-2017-11880
 Restart Required: Requires Restart
 Known Issues: See next slide

28. November’s Known Issues for Windows 8.1 and Server 2012 R2
 KB 4048961 - Windows 8.1, Windows Server 2012 R2 Standard
 After installing KB 4041693, package users may see an error dialog that indicates that an
application exception has occurred when closing some applications. This can affect applications
that use mshtml.dll to load web content. The failure only occurs when a process is already
shutting down, and doesn't affect application functionality.
 After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services
(SSRS) may not be able to scroll through a drop-down menu using the scroll bar.
 https://support.microsoft.com/en-us/help/4048961/windows-81-update-kb40489561

29. APSB17-33: Security Update for Adobe Flash Player
 Maximum Severity: Critical (Adobe rating Priority 2)
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates
address critical vulnerabilities that could lead to code execution.
 Impact: Remote Code Execution
 Fixes 5 Vulnerabilities: CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-
11215, CVE-2017-11225
 Restart Required: Requires Application Restart

30. APSB17-36: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical (Adobe rating Priority 2)
 Affected Products: Adobe Acrobat and Reader. Updates for both products for
versions DC (Continuous Track), 2017, DC (Classic Track), and XI.
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and Macintosh. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.
 Impact: Remote Code Execution
 Fixes 62 Vulnerabilities: See Adobe bulletin for details
 Restart Required: Requires Application Restart

31. APSB17-40: Security Update for Adobe Shockwave Player
 Maximum Severity: Critical (Adobe rating Priority 2)
 Affected Products: Adobe Shockwave Player
 Description: Adobe has released a security update for Adobe Shockwave
Player for Windows. This update resolves a critical memory corruption
vulnerability that could lead to code execution.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2017-11294
 Restart Required: Requires Application Restart

32. Chrome-210: Security Update for Chrome
 Maximum Severity: Critical
 Affected Products: Google Chrome
 Description: The stable channel has been updated to 62.0.3202.94 for
Windows, Mac and Linux which will roll out over the coming days/weeks.
 Impact: Not yet reported
 Vulnerability: Not yet reported
 Restart Required: Requires Application Restart

33. FF17-018: Security Update for Firefox
 Maximum Severity: Critical
 Affected Products: Mozilla Firefox 57 (Quantum)
 Description: Security vulnerabilities fixed in Firefox 57
 Impact: Remote code execution
 Fixes 15 Vulnerabilities: See Mozilla Foundation Security Advisory 2017-24.
 Restart Required: Requires Application Restart

34. Between Patch Tuesday’s
 New Product Support: Kerberos for Windows, Webex Meeting Center
 Security Updates: Itunes (1), Apple Mobile Device Support (1), Adobe Flash
(2), CCleaner (1), Chrome (3), CoreFTP (3), Dropbox (1), Firefox (1), Foxit
Reader (1), FileZilla (1), Foxit PhantomPDF (1), ICloud (1), Java Runtime
Environment (1), Java Development Kit (1), LibreOffice (2), Microsoft (1),
Opera (3), OpenOffice (1), Skype (1), SeaMonkey (1), Wireshark (1), Webex
Productivity Tools (1)
 Non-Security Updates: Aimp (1), Audacity (1), Bandicut (1), GOM Player
(1), GoodSync (6), Google Backup and Sync (2), IrfanView (1), Java Runtime
Environment (1), Java Development Kit (1), KeePass Pro (1), Kerberos for
Windows (1), Malwarebytes (1), Microsoft (47), VirtualBox (1), PDFCreator
(2), Plex Media Player (2), Plex Media Server (2), PeaZip (1), Royal TS (1),
Snagit (1), TeamViewer (1), WinSCP (1), Cisco WebEx Meeting Center (1),
Webex Productivity Tools (1), WinZip (1), XnView (1)

35. Third Party CVE Information
 SeaMonkey 2.49.1
 Bulletin SM17-2491, KB QSM2491, Released 11/06/17
 Fixes 9 Vulnerabilities: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-
2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824,
CVE-2017-7825
 Google Chrome 62.0.3202.89
 Bulletin CHROME-209, KB QGC620320289, Released 11/07/17
 Fixes 2 Vulnerabilities: CVE-2017-15398,CVE-2017-15399
 Adobe Flash Player
 Bulletin MS17-10-AFP, KB Q4049179, Released 10/17/17
 Fixes 1 Vulnerability: CVE-2017-11292

37. Thank You