Security Alert (A17-10-03): Multiple Vulnerabilities in Microsoft Products (October 2017)

Description:

Microsoft has released 50 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and 7 of them enhancing the security as a defense in depth measure.

Reports indicate that the vulnerabilities are being exploited in the wild.

Affected Systems:

• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac
• Microsoft Office Compatibility Pack
• Microsoft Office Web Apps Server 2010, 2013
• Microsoft Office Word Viewer
• Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
• Microsoft Office Online Server 2016
• Word Automation Services
• Microsoft Lync 2013
• Microsoft Outlook 2010, 2013, 2013 RT, 2016
• Microsoft SharePoint Enterprise Server 2013, 2016
• Skype for Business 2016
• ChakraCore

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service or security feature bypass.

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99
https://support.microsoft.com/en-us/help/20171010/security-update-deployment-information
https://www.hkcert.org/my_url/en/alert/17101101
https://www.us-cert.gov/ncas/current-activity/2017/10/10/Microsoft-Releases-October-2017-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170016
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774 (to CVE-2017-11777)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11779 (to CVE-2017-11786)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11792 (to CVE-2017-11794)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11796 (to CVE-2017-11802)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11804 (to CVE-2017-11826)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11829