Microsoft Patch Tuesday – November 2017

BeyondTrust Research Team, November 14th, 2017

Patch Tuesday

Welcome back to this month’s Microsoft Patch Tuesday. This Patch Tuesday fixed many known issues with Windows systems. In total, 139 separate vulnerabilities were addressed in this month’s patch. Microsoft Edge and Internet Explorer contained the only ‘Critical’ rated vulnerabilities, for which there were 16 and 8 in total respectively.

Microsoft JET Database

This month’s patch fixed an issue where applications based on the Microsoft JET Database Engine would encounter an error when creating or opening Microsoft Excel .xls files. The error from this issue would read: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”. This vulnerability was rated as Important.

Font Engine

Microsoft has addressed an information disclosure vulnerability for the Windows Embedded OpenType Font Engine. An attacker who successfully exploited this vulnerability could potentially read data that was intended to be disclosed. While on its own this information cannot be used to elevate privileges or execute commands, the information could be used on a compromised system to further compromise the system.

Windows Search

A denial of service vulnerability exists when Windows Search encounters an error handling objects in memory. An attacker who exploited this vulnerability could cause a remote denial of service on a system. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service, or through an unauthenticated SMB connection. Microsoft has rated this vulnerability as Important.

Internet Explorer 11 and Edge

Bearing the most critical vulnerabilities, IE11 and Edge contain vulnerabilities that allow for Information Disclosure and Remote Code Execution. An attacker would leverage vulnerabilities in the browser’s scripting engine to execute code with the context of the current user. An attacker would have to lure the victim to a malicious website, or take advantage of a compromised website.

Kernel

Patch Tuesday wouldn’t be the same without some Kernel fixes. An issue that allows for Information Disclosure due to improper memory initialization was patched for all Windows systems. An attacker would have to be authenticated and capable of running a specially crafted application to exploit this vulnerability. This vulnerability was rated as Important.

Microsoft Office

Microsoft Office comes bearing its usual host of vulnerabilities, the worst of which allows for Remote Code Execution. An attacker leveraging these vulnerabilities would be able to execute code with security context equal to that of the current user. This is another reminder that we should all exercise the principals of least-privilege when using applications. These vulnerabilities are rated Important.

Adobe Flash Player

Returning to Patch Tuesday after a one-month break due to a delay in patch availability, fixes to Adobe Flash Player are once again available. In total, five separate vulnerabilities were fixed. An attacker leveraging these vulnerabilities would be able to execute arbitrary code with the context of the affected application. Adobe has rated these vulnerabilities as Critical.