|Microsoft Browser – IE and Edge||CVE-2017-11848, CVE-2017-11856, CVE-2017-11855, CVE-2017-11827, CVE-2017-11833, CVE-2017-11803, CVE-2017-11844, CVE-2017-11845, CVE-2017-11874, CVE-2017-11872, CVE-2017-11863|
|Microsoft Browser – Scripting engine||CVE-2017-11834, CVE-2017-11791, CVE-2017-11839, CVE-2017-11871, CVE-2017-11870, CVE-2017-11873, CVE-2017-11838, CVE-2017-11858, CVE-2017-11836, CVE-2017-11837, CVE-2017-11866, CVE-2017-11869, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11861, CVE-2017-11862|
|APSB17-33: Adobe Flash Player||CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-11215, CVE-2017-11225|
|Browsers – Chrome||CVE-2017-15398, CVE-2017-15399|
|Microsoft Office||CVE-2017-11878, CVE-2017-11877, CVE-2017-11882, CVE-2017-11854, CVE-2017-11884|
|Windows Kernel||CVE-2017-11847, CVE-2017-11853,CVE-2017-11851,CVE-2017-11849,CVE-2017-11842|
|ASP.NET||CVE-2017-11883, CVE-2017-11879, CVE-2017-8700|
|Microsoft Miscellaneous||CVE-2017-11830, CVE-2017-11832, CVE-2017-11835, CVE-2017-11852, CVE-2017-11831, CVE-2017-11880, CVE-2017-11768, CVE-2017-11788|
|Microsoft Project Server||CVE-2017-11876|
The November 2017 Patch Priority Index (PPI) brings together a collection of high priority vulnerabilities that should be patched as soon as possible. The PPI this month includes vulnerabilities from Microsoft, Adobe and Chrome.
Microsoft has announced two publicly disclosed vulnerabilities in its browser products. A publicly disclosed vulnerability (CVE-2017-11827) in Internet Explorer and Microsoft Edge could allow an attacker to gain access to a system with full user rights. The vulnerability exists due to the way Microsoft browsers access objects in memory.
Another publicly disclosed information disclosure vulnerability (CVE-2017-11848) exists in Internet Explorer that could allow a malicious individual to identify when a user leaves a web page.
Based on the vulnerability highlights, we recommend placing Microsoft Edge, Internet Explorer and Microsoft Scripting Engine patching at the top of your priority list for November. Following these, administrators should focus on ensuring patches are applied for Adobe Flash.
Next, users should ensure the latest patch for Chrome has been applied. The latest stable release issued on Monday, November 6, 2017, includes fixes for two vulnerabilities.
CVE-2017-15398 is a stack buffer overflow in QUIC and has been rated Critical. The patch also includes a fix for CVE-2017-15399 that resolves a Use After Free vulnerability in V8.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-november-2017/