JPCERT-AT-2017-0048
JPCERT/CC
2017-12-13
<<< JPCERT/CC Alert 2017-12-13 >>>
Microsoft Releases December 2017 Security Updates
https://www.jpcert.or.jp/english/at/2017/at170048.html
I. Overview
Microsoft has released December 2017 Security Updates. This contains
updates that are rated as "critical". Remote attackers leveraging these
vulnerabilities may be able to execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
December 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
ADV170022
December 2017 Flash Security Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170022
- KB4053577
CVE-2017-11886
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11886
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517
KB4054518, KB4054519
CVE-2017-11888
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11888
- KB4053578, KB4053579, KB4053580, KB4053581, KB4054517
CVE-2017-11889
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11889
- KB4053578, KB4053579, KB4053580, KB4053581, KB4054517
CVE-2017-11890
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11890
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11893
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11893
- KB4053578, KB4053579, KB4053580, KB4054517
CVE-2017-11894
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11894
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11895
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11895
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11901
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11901
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11903
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11903
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11905
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11905
- KB4053578, KB4053579, KB4053580, KB4054517
CVE-2017-11907
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11907
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11908
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11908
- KB4054517
CVE-2017-11909
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11909
- KB4053578, KB4053579, KB4053580, KB4054517
CVE-2017-11910
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11910
- KB4053578, KB4053579, KB4053580, KB4053581, KB4054517
CVE-2017-11911
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11911
- KB4053578, KB4053579, KB4053580, KB4054517
CVE-2017-11912
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11912
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
CVE-2017-11914
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11914
- KB4053578, KB4053579, KB4053580, KB4054517
CVE-2017-11918
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11918
- KB4053578, KB4053579, KB4053580, KB4053581, KB4054517
CVE-2017-11930
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11930
- KB4052978, KB4053578, KB4053579, KB4053580, KB4053581, KB4054517,
KB4054518, KB4054519
According to Microsoft, attacks leveraging the vulnerabilities have not
been observed in the wild. However, please apply the security update
programs as soon as possible.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update / Windows Update
http://www.update.microsoft.com/
Microsoft Update Catalog
https://catalog.update.microsoft.com/
III. References
Microsoft Corporation
December 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
Microsoft Corporation
Microsoft Security Updates for December 2017 (Monthly) (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2017/12/13/201712-security-updates/
Microsoft Corporation
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Adobe Systems Incorporated
Security updates available for Flash Player | APSB17-42
https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
JPCERT/CC
Alert Regarding Vulnerability in Adobe Flash Player (APSB17-42)
https://www.jpcert.or.jp/english/at/2017/at170047.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top