Scope of vulnerability:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ASP.NET Core and .NET Core
- Chakra Core
Serious vulnerabilities
- CVE-2017-11836 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11837 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11838 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11839 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11840 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11841 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11843 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11845 – Microsoft Edge Memory Corruption Vulnerability
- CVE-2017-11846 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11855 – Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11856 – Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11858 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11861 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11862 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11866 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11869 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11870 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11871 – Scripting Engine Memory Corruption Vulnerability
- CVE-2017-11873 – Scripting Engine Memory Corruption Vulnerability
High risk vulnerabilities
- CVE-2017-11768 – Windows Media Player Information Disclosure Vulnerability
- CVE-2017-11770 – ASP.NET Core Denial Of Service Vulnerability
- CVE-2017-11788 – Windows Search Denial of Service Vulnerability
- CVE-2017-11791 – Scripting Engine Information Disclosure Vulnerability
- CVE-2017-11803 – Microsoft Edge Information Disclosure Vulnerability
- CVE-2017-11827 – Microsoft Browser Memory Corruption Vulnerability
- CVE-2017-11830 – Device Guard Security Feature Bypass Vulnerability
- CVE-2017-11831 – Windows Information Disclosure Vulnerability
- CVE-2017-11832 – Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2017-11833 – Microsoft Edge Information Disclosure Vulnerability
- CVE-2017-11834 – Scripting Engine Information Disclosure Vulnerability
- CVE-2017-11835 – Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2017-11842 – Windows Kernel Information Disclosure Vulnerability
- CVE-2017-11844 – Microsoft Edge Information Disclosure Vulnerability
- CVE-2017-11847 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2017-11849 – Windows Kernel Information Disclosure Vulnerability
- CVE-2017-11850 – Microsoft Graphics Component Information Disclosure Vulnerability
- CVE-2017-11851 – Windows Kernel Information Disclosure Vulnerability
- CVE-2017-11852 – Windows GDI Information Disclosure Vulnerability
- CVE-2017-11853 – Windows Kernel Information Disclosure Vulnerability
- CVE-2017-11854 – Microsoft Word Memory Corruption Vulnerability
- CVE-2017-11863 – Microsoft Edge Security Feature Bypass Vulnerability
- CVE-2017-11872 – Microsoft Edge Security Feature Bypass Vulnerability
- CVE-2017-11874 – Microsoft Edge Security Feature Bypass Vulnerability
- CVE-2017-11877 – Microsoft Excel Security Feature Bypass Vulnerability
- CVE-2017-11878 – Microsoft Excel Memory Corruption Vulnerability
- CVE-2017-11879 – ASP.NET Core Elevation Of Privilege Vulnerability
- CVE-2017-11880 – Windows Information Disclosure Vulnerability
- CVE-2017-11882 – Microsoft Office Memory Corruption Vulnerability
- CVE-2017-11884 – Microsoft Office Memory Corruption Vulnerability
In the dangerous holes
- CVE-2017-11848 – Internet Explorer Information Disclosure Vulnerability
- CVE-2017-11876 – Microsoft Project Server Elevation of Privilege Vulnerability
- CVE-2017-8700 – ASP.NET Core Information Disclosure Vulnerability
- Ali Cloud security team suggests users to pay attention and update patches according to the business situation to improve server security:
- You are advised to enable the Windows Update function, click Check For Updates, download and install security patches based on service conditions, and restart the server to check the system running status. ;
Source:
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
- http://blog.talosintelligence.com/2017/11/ms-tuesday.html