Microsoft has released security updates for several products as part of the company's November 2017 Patch Tuesday, the company's monthly update train.
This month, the Patch Tuesday updates include fixes for 53 security bugs in applications such as the Windows OS, several Office offerings, Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core, and the Chackra Core browser engine.
No zero-days this month
Details about four vulnerabilities were published online before today's patches, but fortunately, none were exploited in real-world attacks. The four are CVE-2017-8700 (ASP.NET Core Information Disclosure), 2017-11827 (Microsoft Browser Memory Corruption)[
1,
2], CVE-2017-11848 (Internet Explorer Information Disclosure), and CVE-2017-11883 (ASP.NET Core Denial Of Service).
The Patch Tuesday updates also include two security advisories, one delivering today's Flash updates, and the second, delivering various security-related patches to Office products, part of the Microsoft's Office Defense in Depth Update series.
Besides these, two other security fixes stand out. The first is CVE-2017-11830, a vulnerability that allows attackers to bypass the Windows Device Guard security feature, and CVE-2017-11887, a vulnerability that allows attackers to bypass macro execution protection in Microsoft Excel. Expect CVE-2017-11887 to become a favorite with malware distributors in the following weeks.
