Microsoft Security Updates November 2017 release

Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day.

This guide provides end users and system administrators with information on all security and non-security updates, and security advisories that Microsoft released since the October 2017 Patch Day.

It offers an Excel spreadsheet that lists all security updates released for Microsoft products, information on operating system distribution, download information, and other information related to the updates.

Click on the following link to download an Excel spreadsheet listing all security updates (with details) released in November 2017 by Microsoft: microsoft-windows-security-updates-overview-november-2017.zip

Microsoft Security Updates November 2017

Executive Summary

  • Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
  • No critical updates for Windows, but for IE 11 and Microsoft Edge.
  • Lots of known issues.

Operating System Distribution

  • Windows 7: 12 vulnerabilities of which 12 are rated important
  • Windows 8.1: 11 vulnerabilities of which 11 are rated important
  • Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
  • Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
  • Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important

Windows Server products:

  • Windows Server 2008: 11 vulnerabilities of which 11 are rated important
  • Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
  • Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
  • Windows Server 2016: 12 vulnerabilities of which 12 are rated important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
  • Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important

Security Updates

KB4048961 — Windows 8.1 and Server 2012 R2 Security-only Rollup.

  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Security updates to Microsoft Windows Search Component, Windows Media Player, Microsoft Graphics Component, Windows kernel-mode drivers, and the Windows kernel.

KB4048957 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Same as KB4048961

KB4048960 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Security-only Rollup

  • Same as KB4048961

KB4048958 — Windows 8.1 and Server 2012 R2 Monthly Rollup.

  • Addressed issue where the virtual smart card doesn’t assess the Trusted Platform Module (TPM) vulnerability correctly.
  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
  • Addressed issue that caused SharePoint Online sites to stop working in Internet Explorer.
  • And security updates that are part of KB4048961.

KB4048955 — Windows 10 Version 1709 —

  • Addressed issue that causes the Mixed Reality Portal to stop responding on launch.
  • Addressed issue that causes a black screen to appear when you switch between windowed and full-screen modes when playing some Microsoft DirectX games.
  • Addressed a compatibility issue that occurs when you play back a Game DVR PC recording using Android or iOS devices.
  • Addressed issue where the functional keys stop working on Microsoft Designer Keyboards.
  • Addressed issue to ensure that certain USB devices and head-mounted displays (HMD) are enumerated properly after the system wakes up from Connected Standby.
  • Addressed issue where the virtual smart card doesn’t assess the Trusted Platform Module (TPM) vulnerability correctly.
  • Addressed issue where Get-StorageJob returns nothing when there are storage jobs running on the machine.
  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Addressed issue where application tiles are missing from the Start menu. Additionally, applications that the Store app show as installed don’t appear on the application list of the Start menu. Computers that have Internet connectivity and upgrade on or after November 14, 2017 will receive this preventative solution and avoid this issue. Machines that lack network connectivity or have already encountered this issue should follow the steps in the Microsoft
  • Answers thread “Missing apps after installing Windows 10 Fall Creators Update”. Microsoft will release and document an additional solution in a future release.
  • Addressed issue where Microsoft Edge cannot create a WARP support process and appears to stop responding for up to 3 seconds during a wait timeout. During the timeout period, users cannot navigate or interact with the requested page.
  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Microsoft Graphics Component, Windows kernel, Internet Explorer, and Windows Media Player.

KB4048954 — Windows 10 Version 1703 — November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)

  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Addressed issue where the RDP Connection from a Windows 10 1703 client to Windows Server 2008 R2 fails with the error: “An internal error occurred”. This problem occurs when the server is configured in RemoteFX mode. You may also see a black or incorrectly painted screen.
  • Addressed issue where, after an OS upgrade, setting an offline schedule in the Sync Center applet of Control Panel fails. The error message that appears is: “Sync Center Error. An error occurred displaying sync schedules. Error: 0x80070005. Access Denied.”
  • Addressed issue where RemoteApp and Desktop Connection settings fail to apply when you set them using Group Policy or a script.
  • Addressed issue where the virtual smart card doesn’t assess the Trusted Platform Module (TPM) vulnerability correctly.
  • Addressed issue where opening Microsoft Office files from a file server that has Windows Information Protection enabled fails with the error: “Sorry we couldn’t open document xxxx”.
  • Addressed issue where, when using the FDVDenyWriteAccess policy, Windows will continue to prevent a drive from being made writable even after BitLocker encryption completes.
  • Addressed issue where Surface Hub devices cannot connect to Azure Active Directory to log on when they are behind a proxy server.
  • Addressed issue where attempting to clean temporary files on the Windows Phone results in the error code “E_FAIL”.
  • Addressed issue where the functional keys stop working on Microsoft Designer Keyboards.
  • Addressed issue where modern applications built using JavaScript may fail to initialize.
  • Addressed issue where GetWindowLong may fail when called on a window whose thread isn’t processing Windows messages.
  • Addressed issue where, after installing KB4038788 and rebooting, a black screen appears with only a cursor, and you must reboot in order to log in successfully.
  • Addressed issue in Internet Explorer where an intranet site was being treated as an internet site.
  • Addressed a memory leak in Microsoft Edge caused by the startup of an internal process.
  • Addressed issue with the launch of HTML dialogs in Windows PE systems.
  • Addressed issue with scrolling that sometimes causes Microsoft Edge to stop responding.
  • Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
  • Addressed issue where the PDF download progress bar stops when opening a PDF file from a cloud-backed web services site.
  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, the Microsoft Windows Search Component, and Windows Media Player.

KB4048953 — Windows 10 Version 1607 and Windows Server 2016 November 14, 2017—KB4048953 (OS Build 14393.1884)

  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Addressed issue where attempting to clean temporary files on the Windows Phone results in the error code “E_FAIL”.
  • Addressed issue with the launch of HTML dialogs in Windows PE systems.
  • Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Device Guard, Windows kernel-mode drivers, Microsoft Graphics Component, the Microsoft Windows Search Component, and Windows Media Player.

KB4048952 — Windows 10 Version 1511 November 14, 2017—KB4048952 (OS Build 10586.1232)

  • Addressed issue with the rendering of a graphics element in Internet Explorer.
  • Addressed issue where access to the Trusted Platform Module (TPM) for administrative operations wasn’t restricted to administrative users.
  • Plus items 1, 4 and 5 of KB4048953.

KB4048956 — Windows 10 Version 1507 November 14, 2017—KB4048956 (OS Build 10240.17673)

  • Addressed issue where roaming user profile–enabled accounts intermittently synchronize the appdatalocal and locallow folders with the profile server. Side effects include increased profile size, which can result in logon failures when there is full disk usage. Other symptoms include increased network bandwidth and logon or logoff delays on domain-joined computers.
  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.
  • Addressed issue where access to the Trusted Platform Module (TPM) for administrative operations isn’t restricted to administrative users.
  • Addressed issue where the virtual smart card doesn’t assess the Trusted Platform Module (TPM) vulnerability correctly.
  • Addressed issue where, during BitLocker decryption or encryption of a drive, files protected with the Encrypting File System (EFS) may become corrupted.
  • Addressed issue that caused SharePoint Online sites to stop working in Internet Explorer.
    Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
  • Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, Microsoft Windows Search Component, and Windows Media Player.

KB4046184 — Security update for the information disclosure vulnerability in Windows Server 2008

KB4047206 — Cumulative Security Update for Internet Explorer

KB4047211 — Security update for the Windows Search denial of service vulnerability in Windows Server 2008

KB4048951 — 2017-11 Security Update for Adobe Flash Player for Windows Server 2016, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB4048959 — 2017-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4048960 — 2017-11 Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4048962 — 2017-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4048968 — 2017-11 Security Update for Windows Server 2008 and Windows XP Embedded

KB4048970 — Security update for vulnerabilities in Windows Server 2008

KB4049164 — Security update for the information disclosure vulnerability in Windows Server 2008

KB4050795 — “Unexpected error from external database driver” error when you create or open Microsoft Excel .xls files

KB4049179 — 2017-10 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

Known Issues

After installing KB4041693 or KB4041691, error dialogs may be shown that indicate exceptions during the closing of applications.

  • Solution: Microsoft is working on a fix.

After installing KB4048957, KB4048961, KB4048958, KB4048960, KB4048953 updates, Internet Explorer 11 users who use SQL Server Reporting Services may not be able to scroll through drop down menus using the scroll bar.

  • Solution: Press F12, select Emulation, change the Document mode to 10.

UWP apps that use JavaScript and asm.js may stop working after installing KB4048953.

  • Solution: Uninstall the application in question, and re-install it

Installing KB4048954 may change Czech and Arabic languages to English for Edge and other apps.

  • Solution: Microsoft is still working on a solution

Security advisories and updates

Microsoft Security Advisory 4053440 — Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields

ADV170020 — Microsoft Office Defense in Depth Update

ADV170019 — November 2017 Flash Security Updates

ADV170018 — October Flash Security Update

Non-security related updates

KB4049016 — 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4049017 — 2017-11 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4049018 — 2017-11 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4049019 — 2017-11 Quality Rollup for .NET Framework 2.0 on Windows Server 2008

KB4019276 — Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2

KB4049011 — Servicing stack update for Windows 10 Version 1703: November 14, 201

KB4049065 — Servicing stack update for Windows 10 Version 1607 and Windows Server 2016: November 14, 2017

KB4051314 — Compatibility update for upgrading to Windows 10 Version 1709: November 14, 2017

KB890830 — Windows Malicious Software Removal Tool – November 2017

KB4049370 — November 2, 2017—KB4049370 (OS Build 15063.675) for Windows 10 Version 1703

  • Addressed issue where after installing KB4038788, some Microsoft Surface Laptops boot to a black screen. Additionally, you must press the power button for a long time to recover.

KB4052231 — November 2, 2017—KB4052231 (OS Build 14393.1797) for Windows 10 Version 1607 and Windows Server 2016.

  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is, “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.

KB4052232 — November 2, 2017—KB4052232 (OS Build 10586.1177) for Windows 10 Version 1511

  • same as KB4052231

KB2952664 — Compatibility update for keeping Windows up-to-date in Windows 7

KB2976978 — Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8

KB4051613 — Update for Adobe Flash Player for Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB4019276 — Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2

KB4035176 — October 17, 2017—KB4035176 Improvements and Fixes to Universal C Runtime in Windows

KB4041685 — 2017-10 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4041686 — 2017-10 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2

KB4043961 — October 17, 2017—KB4043961 (OS Build 16299.19) for Windows 10 Version 1709

  • Addressed issue where, after removing apps, they’re reinstalled on every restart, logoff, and login.
  • Addressed issue where localization of the error output from a JET database is broken. Only English error strings are reported.
  • Security updates to Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Windows Search Component, Windows TPM, Windows NTLM, Device Guard, Microsoft Scripting Engine, Windows Wireless Networking, Microsoft Windows DNS, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server .

KB4041688 — October 17, 2017—KB4041688 (OS Build 14393.1794) for Windows 10 Version 1607 and Windows Server 2016

  • Addressed rare issue where fonts may be corrupted after the Out of Box Experience is completed. This issue occurs on images that have multiple language packs installed.
  • Addressed issue where downloading updates using express installation files may fail after installing OS Updates 14393.1670 through 14393.1770.
  • Addressed issue that causes an error when trying to access shares on a file server.
  • Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
  • Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
  • Addressed issue where restricting the RPC port of the Next Generation Credentials (Windows Hello) service causes the system to stop responding when logging on.
  • Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This causes users to see the PIN prompt multiple times in a short time period. Normally, the PIN prompt only displays once.
  • Improved M.2 NVMe SSD throughput when the queue size increases.
  • Addressed issue where running Event Tracing for Windows with Volsnap may result in error 0x50.
  • Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy copies folders successfully.
  • Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.
  • Addressed issue where a disk losing communication with its S2D cluster may lead to a stale fault domain descriptor for the enclosure.
  • Addressed issue where, if an update to a pool config header occurs when it’s performing a read function, a stop error may occur in a Windows Server 2016 Storage Spaces Directory (S2D) deployment.
  • Addressed issue to allow UEFI-based customers to pre-stage UEFI-based Gen 2 VMs to run Windows Setup automatically.
  • Addressed issue that intermittently misdirects AD Authority requests to the wrong Identity Provider because of incorrect caching behavior. This can affect authentication features like Multi-Factor Authentication.
  • Added the ability for AAD Connect Health to report AD FS server health with correct fidelity (using verbose auditing) on mixed WS2012R2 and WS2016 AD FS farms.
  • Addressed issue where the PowerShell cmdlet that raises the farm behavior level fails with a timeout during the upgrade from the 2012 R2 AD FS farm to AD FS 2016. The failure occurs because there are many relying party trusts.
  • Addressed issue where adding user rights to an RMS template causes the Active Directory RMS management console (mmc.exe) to stop working with an unexpected exception.
  • Addressed issue where AD FS causes authentication failures by modifying the WCT parameter value while federating the requests to another Security Token Server (STS).
  • Updated the SPN and UPN uniqueness feature to work within the forest root tree and across other trees in the forest. The updated NTDSAI.DLL won’t allow a subtree to add an SPN or a UPN as a duplicate across the entire forest.
  • Addressed issue where the language bar stays open after closing a RemoteApp application, which prevents sessions from being disconnected.
    Addressed issue where the working directory of RemoteApps on Server 2016 is set to %windir%System32 regardless of the application’s directory.
    Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
  • Addressed issue where the ServerSecurityDescriptor registry value doesn’t migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
  • Addressed issue where policies are not pushed for servers that have an updated Instance ID. This occurs when synchronizing the removal of the old server resources with the notifications about NICs (port profile changes) from the host.
  • Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don’t propagate to child objects. No errors are logged.
  • Added support for LTO8 tape drives into ltotape.sys for Windows Server 2016.

KB4041692 — 2017-10 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4042076 — 2017-10 Preview of Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4042077 — 2017-10 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4042078 — 2017-10 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4042201 — 2017-10 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4048606 — Compatibility update for upgrading to Windows 10 Version 1709: October 17, 2017

Microsoft Office Updates

How to download and install the November 2017 security updates

windows security updates november 2017

Microsoft publishes security updates via its Windows Updates service and other services (many of them available to Enterprise customers only).

Windows systems are configured to download and install important updates by default. The operating system checks regularly, but not in real-time, for updates.

You can run a manual check for updates at any time doing the following:

  • Use the Windows-key to bring up the Start Menu.
  • Type Windows Update.
  • Select the item from the list of results.
  • Locate and activate “check for updates” on the page if a check is not run automatically when the Windows Update interface opens.
  • Updates that are found are either downloaded and installed automatically, or on user request.

Below are direct links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4048957— 2017-11 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4048960 — 2017-11 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

Windows 10  (version 1507)

  • KB4048956 — Cumulative update for Windows 10 Version 1507

Windows 10  (version 151)

  • KB4048952 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

  • KB40489532017-11  Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4048954 — 2017-11 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4048955 — 2017-11 Cumulative Update for Windows 10 Version 1709

Additional resources

Summary

Article Name

Microsoft Security Updates November 2017 release

Description

Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Powered by WPeMatico

eBay