Virtual Administrator’s December 2017 Patch Recommendations

This month Microsoft released patches for 34 vulnerabilities with 19 of them rated Critical.

All December patches have been approved in our patch policy.

A very light patch month.  Only the Internet Explorer/Edge, Adobe Flash Player and Windows Defender patches are listed as listed Critical. There were no Critical patches for Windows this month. None are publically disclosed or being actively exploited.

 

Out-of-band security update for Windows Defender released December 8, 2017 – see “Notable CVEs” below

A Microsoft Security Advisory was release (details below).

 

Affected software

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • ChakraCore
  • Microsoft Malware Protection Engine

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Microsoft Security Advisory 4056318 (Published: December 12, 2017)

Guidance for securing AD DS account used by Azure AD Connect for directory synchronization

https://technet.microsoft.com/library/security/4056318

Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do to ensure that the account is properly secured.

 

Known Issues per Microsoft

None

 

Other Known Issues

None

 

Fixes

 

KB4053579 – Cumulative update for Windows 10 Version 1607 to build 14393.1944

https://support.microsoft.com/en-us/help/4053579/windows-10-update-kb4053579

Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error “CDPUserSvc_XXXX has stopped working” appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is “cdp.dll”.

 

KB4051963 – Windows 10 Version 1709 (OS Build 16299.98)

https://support.microsoft.com/en-us/help/4051963/windows-10-update-kb4051963

Fixes the Dot matrix bug and the RDP/remote printing bug

 

 

Monthly Rollup/Security Only/Windows 10/Server 2016 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4054518 – Windows 7, Windows Server 2008 R2
  • KB4054519 – Windows 8.1, Windows Server 2012 R2
  • KB4054520 – Windows Server 2012

 

Security Only Update

  • KB4054521 – Windows 7, Windows Server 2008 R2
  • KB4054522 – Windows 8.1, Windows Server 2012 R2
  • KB4054523 – Windows Server 2012

 

Cumulative update for Windows 10

  • KB4053581 – Original release version 1507 (OS Build 10240)
  • KB4053578 – Version 1511 (OS Build 10586)
  • KB4053579 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4053580 – Version 1703 “Creators Update” (OS Build 15063)
  • KB4054517 – Version 1709 “Fall Creators Update” (OS Build 16299)

Note: Server 2016 uses the same KB as Windows 10 Version 1607

 

KB4052978 – Cumulative Security Update for Internet Explorer 9/10/11

This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

.NET Framework

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7

KB4049016 – Windows 7, Windows Server 2008 R2

KB4049017 – Windows 8.1, Windows Server 2012 R2

KB4049018 – Windows Server 2012

 

KB4053577 – Security Update for Adobe Flash Player

 

December 2017 updates for Microsoft Office

https://support.microsoft.com/en-us/help/4055454/december-2017-updates-for-microsoft-office

 

Notable CVEs

CVE-2017-11940 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940

CVE-2017-11937 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.