Virtual Administrator’s December 2017 Patch Recommendations
This month Microsoft released patches for 34 vulnerabilities with 19 of them rated Critical.
All December patches have been approved in our patch policy.
A very light patch month. Only the Internet Explorer/Edge, Adobe Flash Player and Windows Defender patches are listed as listed Critical. There were no Critical patches for Windows this month. None are publically disclosed or being actively exploited.
Out-of-band security update for Windows Defender released December 8, 2017 – see “Notable CVEs” below
A Microsoft Security Advisory was release (details below).
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- Microsoft Malware Protection Engine
Security Update Guide
Microsoft Security Advisory 4056318 (Published: December 12, 2017)
Guidance for securing AD DS account used by Azure AD Connect for directory synchronization
Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do to ensure that the account is properly secured.
Known Issues per Microsoft
Other Known Issues
KB4053579 – Cumulative update for Windows 10 Version 1607 to build 14393.1944
Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error “CDPUserSvc_XXXX has stopped working” appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is “cdp.dll”.
KB4051963 – Windows 10 Version 1709 (OS Build 16299.98)
Fixes the Dot matrix bug and the RDP/remote printing bug
Monthly Rollup/Security Only/Windows 10/Server 2016 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB4054518 – Windows 7, Windows Server 2008 R2
- KB4054519 – Windows 8.1, Windows Server 2012 R2
- KB4054520 – Windows Server 2012
Security Only Update
- KB4054521 – Windows 7, Windows Server 2008 R2
- KB4054522 – Windows 8.1, Windows Server 2012 R2
- KB4054523 – Windows Server 2012
Cumulative update for Windows 10
- KB4053581 – Original release version 1507 (OS Build 10240)
- KB4053578 – Version 1511 (OS Build 10586)
- KB4053579 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4053580 – Version 1703 “Creators Update” (OS Build 15063)
- KB4054517 – Version 1709 “Fall Creators Update” (OS Build 16299)
Note: Server 2016 uses the same KB as Windows 10 Version 1607
KB4052978 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7
KB4049016 – Windows 7, Windows Server 2008 R2
KB4049017 – Windows 8.1, Windows Server 2012 R2
KB4049018 – Windows Server 2012
KB4053577 – Security Update for Adobe Flash Player
December 2017 updates for Microsoft Office
CVE-2017-11940 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
CVE-2017-11937 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.