Microsoft Security Updates December 2017 release

0
1366

This overview offers information on security updates and non-security updates that Microsoft released for Windows, Office and other company products in December 2017.

The guide is divided into different parts: it starts with an executive summary that highlights the most important bits. This is followed by the operating system distribution which highlights how different versions of Windows are affected this month.

The list of security updates, known issues, security advisories and non-security updates comes next. The last part of the overview links directly to cumulative update downloads for Windows 7, 8.1 and 10 systems, and to resources that you will find useful to look up further information.

Check out the November 2017 Patch Day for information on last month’s patches.

Microsoft Security Updates December 2017

You may download the following Excel spreadsheet listing all security updates for all products released in December 2017 by Microsoft. Download it with a click on the following link: windows-security-updates-december-2017.zip

Executive Summary

  • Microsoft released security updates for all versions of Windows the company supports (client and server).
  • No critical updates for Windows, but for IE and Edge.
  • Other Microsoft products with security updates are: Microsoft Office, Microsoft Exchange Server, Microsoft Edge and Internet Explorer.

Operating System Distribution

  • Windows 7: 2 vulnerabilities of which 2 are rated important
  • Windows 8.1: 2 vulnerabilities of which 2 are rated important
  • Windows 10 version 1607: 3 vulnerabilities of which 3 are rated important
  • Windows 10 version 1703: 3 vulnerabilities of which 3 are rated important
  • Windows 10 version 1709: 3 vulnerabilities of which 3 are rated important

Windows Server products

  • Windows Server 2008: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2008 R2: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2012 and 2012 R2: 2 vulnerabilities of which 2 are rated important
  • Windows Server 2016: 3 vulnerabilities of which 3 are rated important

Other Microsoft Products

  • Internet Explorer 11: 13 vulnerabilities,  9 critical, 4 important
  • Microsoft Edge: 13 vulnerabilities, 12 critical, 1 important

Security Updates

KB4054518 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054521 — Windows 7 SP1 and Windows Server 2008 R2 SP1 Security Only Update

  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054519 — Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054522 — Windows 8.1 and Windows Server 2012 R2 Security only update

  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054517 — Cumulative update for Windows 10 Version 1709 to build 16299.125

  • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
  • Addresses issue where Windows Defender Device Guard and Application Control block some applications from running, even in Audit-Only Enforcement Mode.
  • Addresses issue to reset PLC bit on U0/U3 transitions.
  • Addresses issue with personalized Bluetooth devices that don’t support bonding.
  • here the touch keyboard doesn’t support the standard layout for 88 languages.
  • Addresses issue where the touch keyboard for a third-party Input Method Editor (IME) has no IME ON/OFF key.
  • Addresses additional issues with updated time zone information.
  • Addresses issue where, when using System Center Virtual Machine
  • Manager (VMM), the user can’t copy or clone virtual machines (VM). The error message is “0x80070057- Invalid parameter”. This issue affects the VMM UI and PowerShell scripts used for VM cloning and copying.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053580 — Cumulative update for Windows 10 Version 1703 to build 15063.786

  • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.
  • Adresses issue where applications may stop responding for customers who have internet or web proxies enabled using PAC script configurations. This is a result of a reentrancy deadlock in WinHTTP.dll.
  • Addresses additional issues with updated time zone information.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053579 — Cumulative update for Windows 10 Version 1607 to build 14393.1944

  • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
  • Addresses additional issues with updated time zone information.
  • Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error “CDPUserSvc_XXXX has stopped working” appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is “cdp.dll”.
  • Security updates to the Microsoft Scripting Engine and Microsoft Edge.

Read also:  Windows 10 Version 1703 KB4016240 Update released

KB4053578 — Cumulative update for Windows 10 Version 1511 to build 10586.1295

  • Addresses additional issues with updated time zone information.
  • Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048952.
  • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4052978 — Cumulative security update for Internet Explorer: December 12, 2017

KB4047170 — Security Update for Windows Server 2008 — fixes an information disclosure vulnerability in Windows Media Player.

KB4052303 — Security Update for Windows Server 2008 and Windows XP Embedded — fixes Windows RRAS Service remote code execution vulnerability.

KB4053473 — Security Update for Windows Server 2008 — fixes information disclosure vulnerability in the its:// protocol handler

KB4053577 — Security Update for Adobe Flash Player

KB4054520 — Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4054523 — Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

Known Issues

None

Security advisories and updates

CVE-2017-11940 — Microsoft Malware Protection Engine Remote Code Execution Vulnerability

Non-security related updates

KB4055994 — Dynamic Update for Windows Version 1709 — Compatibility update for upgrading to and recovering Windows 10 Version 1709

KB4056457 — Dynamic Update for Windows Version 1709 — Reliability update for upgrading to Windows 10 Version 1709

KB4051956 — Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded — Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga

KB890830 — Windows Malicious Software Removal Tool – December 2017

KB4049068 — Time zone changes in Windows for Fiji

Microsoft Office Updates

Microsoft released non-security updates for Microsoft Office on December 6, 2017. You can check out our overview here.

KB4011095 — Office 2016 — This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB4011277 — Office 2013 — Same as KB4011095.

How to download and install the December 2017 security updates

windows updates december 2017 security

The security updates are released as individual or cumulative updates by Microsoft. All security updates that apply to a specific version of Windows are offered through Windows Updates on most home systems.

Windows is set up by default to download and install important updates such as security updates automatically.

You can run a manual check for updates to speed up the process:

  1. Tap on the Windows-key to bring up Start.
  2. Type Windows Update and select the item from the list of search results.
  3. Click on check for updates if Windows does not do so automatically when the Windows Update page opens.
  4. Updates are either installed automatically or on user request then.

Here are direct download links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10 (all supported versions).

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4054518 — 2017-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4054521 — 2017-12 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

  • KB4054519 — 2017-12 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems

  •  KB4054522 — 2017-12 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10  (version 151)

  • KB4053578 — Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

  • KB4053579– 2017-12  Cumulative Update for Windows 10 Version 1607 and Windows Server 2016

Windows 10 (version 1703)

  • KB4053580 — 2017-12 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4054517 — 2017-12 Cumulative Update for Windows 10 Version 1709

Additional resources

  • December 2017 Security Updates release notes
  • List of software updates for Microsoft products
  • List of security advisories
  • Security Updates Guide
  • Microsoft Update Catalog site
  • Our in-depth Windows update guide
  • Windows 10 Update History
  • Windows 8.1 Update History
  • Windows 7 Update History