Today’s VERT Alert addresses the Microsoft November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th.
In-The-Wild & Disclosed CVEs
CVE-2017-8700
A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
CVE-2017-11827
A publicly disclosed vulnerability in Internet Explorer and Microsoft Edge could allow an attacker to gain access to a system with full user rights. The vulnerability exists due to the way Microsoft browsers access objects in memory. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)
CVE-2017-11883
A vulnerability exists in ASP.NET Core that could allow an unauthenticated attacker to cause a denial of service and render the application unresponsive. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
CVE-2017-11848
A publicly disclosed information disclosure vulnerability exists in Internet Explorer that could allow a malicious individual to identify when a user leaves a webpage. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)
Other Information
In addition to the Microsoft vulnerabilities included in the October Security Guidance, a number of security advisories were also published.
Adobe Flash November Update [ADV170019]
Microsoft has released updates for Adobe Flash. These correspond with Adobe Update APSB17-33.
