December 2017 Patch Tuesday: CVE-2017-11937, CVE-2017-11940
NEWS

December 2017 Patch Tuesday: CVE-2017-11937, CVE-2017-11940

The final Microsoft’s Patch Tuesday for 2017 has just rolled. Even though this is not the worst batch of updates released throughout the year, there are still several notable vulnerabilities that were addressed and that need our attention. Such flaws are CVE-2017-11937 and CVE-2017-11940 – remote code execution vulnerabilities found in the MMPE, MS Malware Protection Engine.

The flaws can lead to memory corruption as the engine would fail to scan certain files correctly. These flaws can be exploited by malicious actors if crafted files are deployed to leverage the bugs, which could inevitably lead to the system being compromised. A clarification has to be made. The patches for these flaws were available as separate updates and were included in the Patch Tuesday batch afterwards.

Related Story: Google’s Latest Android Security Update Fixes 47 Vulnerabilities

CVE-2017-11937 Official Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”.

CVE-2017-11940 Official Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”. This is different than CVE-2017-11937.

December 2017 Patch Tuesday

The last batch of updates for this year addressed a total of 12 critical vulnerabilities, and 10 important. Here is a short resume of some of the more notable of these flaws, in addition to the MMPE bugs. The definitions are taken from MITRE’s database:

CVE-2017-11899

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka “Microsoft Windows Security Feature Bypass Vulnerability”.

CVE-2017-11927

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka “Microsoft Windows Information Disclosure Vulnerability”.

Related Story: CVE-2017-15908: systemd Bug Puts Linux at Risk of DoS Attacks

CVE-2017-11885

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka “Windows RRAS Service Remote Code Execution Vulnerability”.

A Flaw in Microsoft Office 365 Also Just Found

One more vulnerability was also just disclosed by Preempt researchers who came across a flaw in Microsoft Office 365 when integrated with on-premises Active Directory Domain Services via the Azure AD Connect software. The flaw would needlessly grant users elevated admin privileges turning them into admins in stealth mode.

Most Active Directory audit systems easily alert on excessive privileges, but will often miss users who have elevated domain privileges indirectly through domain discretionary access control list (DACL) configuration,” Preemt researchers explained.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...