Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Patch Tuesday December 2017

December 13, 2017

  • Blog
  • Archive

patch tuesday

Welcome back to this month’s Microsoft Patch Tuesday. This Patch Tuesday was relatively lightweight, fixing a few issues with Windows systems. In total, 34 vulnerabilities in Windows and related software were addressed. The majority of the vulnerabilities reside in Microsoft’s web browsers, and the out-of-band update for Microsoft’s Malware Protection Engine is included in today’s patches as well.

Exchange

Exchange returns as a familiar face to be patched this round, with a vulnerability that allows for an attacker to perform script or content injection attacks. Such attacks could trick the user into disclosing sensitive information. This attack cloud be used as a pivot to chain an attack with other vulnerabilities in web services. This vulnerability is rated as Important.

Office

The usual office products require patching, hosting a handful of vulnerabilities. Excel received a fix for remote code execution, allowing an attacker to execute code with the security context of Excel. PowerPoint received a fix for an information disclosure vulnerability that could expose memory contents to an attacker, assisting them in further compromising an affected system. SharePoint received a fix for cross-site scripting, which would have allowed attackers to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, and inject malicious content in the browser of the user. These vulnerabilities are rated as Important.

Routing and Remote Access

Making an unusual appearance is Windows RRAS, which exists when a RPC server has Routing and Remote Access enabled. An attacker leveraging this vulnerability would be able to execute code on the target system with full user rights. Routing and Remote Access is an elective configuration, so systems without it enabled are not vulnerable. This vulnerability is rated as Important.

Windows Protocol Handler

Windows ‘its://’ protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in disclosing sensitive information to a malicious site. An attacker who tricked a user into using this protocol handler on a malicious site could use the disclosed NTLM hash to brute-force the corresponding hash password. This vulnerability is rated as Important.

Edge and Internet Explorer

As mentioned earlier, most of the patches from this Patch Tuesday are for Edge and Internet Explorer. These vulnerabilities reside in the Microsoft Scripting Engine in the browser that can exploit improper memory sanitization. The attacker would be able to execute code with the security context of the affected web browser. Microsoft rates these vulnerabilities as everything from Low to Critical.

Adobe Flash Player

As usual, Adobe has released fixes for Flash Player. The Adobe advisory describes the vulnerability as a ‘Business Logic Error’ where an unintended reset of a global settings preference file can occur. An attacker leveraging this vulnerability may be able to bypass elective security features. Adobe rates the vulnerability as Moderate, while Microsoft rates the vulnerability at Critical.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.