Microsoft has released security updates as part of its monthly Patch Tuesday release train, and this month, the company has patched 34 issues affecting products such as:
– Microsoft Windows
– Microsoft Office
– Microsoft Office Services and Web Apps
– Microsoft Exchange Server
– Microsoft Malware Protection Engine
– Internet Explorer
– Microsoft Edge
None of the security issues Microsoft fixed this month were publicly disclosed or exploited in real-world attacks before updates were released earlier today.
Of all bugs, two remote code execution bugs in the Microsoft Malware Protection Engine stand out —CVE-2017-11937 and CVE-2017-11940.
Both issues were reported by the UK National Cyber Security Centre (NCSC), a branch of the UK Government Communications Headquarters (GCHQ), the country’s official intelligence and security agency.
Bleeping Computer ran an article on one of the issues last week when Microsoft shipped an out-of-band update to fix the bug, which is now also included as an update part of the December 2017 Patch Tuesday.
Adobe fixes one Flash Player bug
As it is usual, the Microsoft Patch Tuesday security updates also include Adobe Flash Player fixes. Earlier today, Adobe issued is own Patch Tuesday security bulletin, which this month, only included one solitary bugfix for Adobe Flash Player.
Adobe said Flash Player 220.127.116.11 “addresses a regression that could lead to the unintended reset of the global settings preference file.” The bug is classified as a moderate severity issue, and by no means an immediate danger to users.
Below is a table listing of all the security issues fixed…