-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Releases
Issued: November 16, 2017
********************************************************************
Summary
=======
The following security advisory has been revised in the October 2017 Security Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security
Feature Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Revised the Affected Products table to
include Windows 10 Version 1709 for 32-bit Systems and Windows
10 Version 1709 for x64-based Systems because they are affected
by CVE-2017-15361, described in this advisory. In addition, the
following informational-only changes have been made: *Under
Recommended Action #4, Revised the list of affected Surface
devices to indicate that Surface Hub is not affected by this
vulnerability. *Under Recommended Action #6, updated the links
for information about clearing the TPM.
- Originally posted: October 10, 2017
- Updated: November 16, 2017
- CVE Severity Rating: Critical
- Version: 2.0
Other Information
=================
_____________________________________________________________________________________________________________________
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 16, 2017
********************************************************************
Summary
=======
The following CVEs and Security Advisory have been revised in the November 2017 Security Updates.
* CVE-2017-8700
* CVE-2017-11883
* ADV170020
Revision Information:
=====================
CVE-2017-8700
- Title: CVE-2017-8700 | ASP.NET Core Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Corrected the Download and Article links in
the Affected Products table. This is an informational change only.
- Originally posted: November 14, 2017
- Updated: November 16, 2017
- CVE Severity Rating: Moderate
- Version: 1.1
CVE-2017-11883
- Title: CVE-2017-11883 | ASP.NET Core Denial Of Service
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Updated the Denial of Service exploitability
assessment. This is an informational change only.
- Originally posted: November 14, 2017
- Updated: November 16, 2017
- CVE Severity Rating: Important
- Version: 1.1
ADV170020
- Title: ADV170020 | Microsoft Office Defense in Depth Update
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reasons for Revision: Added an Update FAQ to explain why some
customers are not being offered update 4011268. Added an Update
FAQ to explain why customers might be offered an update for
software that is not specifically indicated as being affected in
the Affected Software and Vulnerability Severity Ratings table.
These are informational changes only. Customers who have already
successfully installed the updates do not need to take any further
action.
- Originally posted: November 14, 2017
- Updated: November 16, 2017
- CVE Severity Rating: N/A
- Version: 1.1
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Userlevel 7
Thanks for the heads up Jeff..........appreciated.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.