Cisco Blogs
Share

Microsoft Patch Tuesday – November 2017

- November 14, 2017 - 0 Comments

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.

In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 – Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked structure elements. A specifically crafted PDF document designed to trigger the vulnerability could cause an out-of-bounds access on the heap, potentially leading to arbitrary code execution. More details regarding this vulnerability are available here.

Read More >>

Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

Share