Published:
13 December 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0216 Security patches for Microsoft Windows 13 December 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Impact/Access: Administrator Compromise -- Existing Account Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-11927 CVE-2017-11899 CVE-2017-11885 Member content until: Friday, January 12 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2017. [1] This update resolves 3 vulnerabilities across the following products: Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-11885 Remote Code Execution Important CVE-2017-11899 Security Feature Bypass Important CVE-2017-11927 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4054521, KB4054520, KB4054523, KB4054522, KB4053579 KB4053578, KB4054518, KB4054519, KB4053580, KB4053581 KB4052303, KB4053473, KB4054517 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWjB0x4x+lLeg9Ub1AQgdkQ//bjR1+wUz8SgkIbQTZpG63e0avEVaQTPQ htjMqXhulyIcup5sXenL8ZHkCqfpwZtMYoypDHN3qFTK0dZTbXSLns0VYAO9ZCwf 0W8zhqHYL0eYmygLGyeAgwP2dXPQmib+AMbe5uU9liX/dBol/KyDxPTB3ga0Sw93 o8oHdr3tflfUhhThq5IekWTFUCXFXyUxl6vUPGq5DukIje1NrK37VSfdyibvD7+l 8xJ7quq/T51k+2T2idenEH+ZDZqE2jhmjpdyo6KeWhlpDEdun93n9/rTprqwhZp9 PQMR+e4MvNwt3v7z9HpCjkSTvB15k2KwvSfVDlA92t06f4Y0cDZn2t3pCrUTSzbM 7qqM6IapfQdOO/gM1ym2CkQ+s11QZ1FWnXP2PleVxEQUcwrhqyqLNrfrCIHS2LSi gzlcDvu/SHvnrxSWSTL4R9WAInJWpFkGxy+Wk7HX/3p427esrgYNpqBnPRGwOyq2 ye3ARaz5v5QZTII/x4QLuaF01vxghdppfArcIafqqQzvhm6qkwPqcA9mDdBI+gdD osaLL/ufDChTbUHz2s0TRQdhaHeSm3xGIcM3PghnHZ0K+mNvG4A6fgUby+jlGd6X edFmQmV+kuM0j3zfgzD1Cl6u9Qy7CNHbFrO9PajsdOuINx/yv25fQGOqDRaQ0iNx pjfqv1XMsK0= =+c6Z -----END PGP SIGNATURE-----