Microsoft Security Updates October 2017 release

Microsoft released security updates for the company's Windows operating system, and other company products on the October 2017 Patch Tuesday.

Our monthly series provides you with information on Microsoft's Patch Day. It features an overview of all security and non-security updates that Microsoft released since the last Patch day in September 2017.

The monthly guide lists how different versions of Windows -- client and server -- and Microsoft's browsers Edge and Internet Explorer are affected. It features links to resources, direct download links for cumulative Windows updates, new and updated security advisories, and information on how to download the updates to Windows machines.

Microsoft Security Updates October 2017

You can download the following Excel spreadsheet if you want a list of all security updates for all Microsoft products that the company released since the September 2017 Patch Tuesday.

Click on the following link to download the basic Excel spreadsheet to your device: Security-Updates-Microsoft-Windows-October-2017.zip

Click on this link to download the full (with all details) Excel spreadsheet instead: october-2017-full-updates-security-windows.zip

Executive Summary

• Windows 10 version 1511, the November Update, won't receive security updates anymore. Click here to open Microsoft's blog post on the topic.
• Microsoft released security patches for all versions of Windows.
• Security updates were also released for Internet Explorer, Microsoft Edge, Skype for Business and Lync, and Microsoft Office.

Operating System Distribution

• Windows 7: 20 vulnerabilities of which 5 are rated critical, 15 important
• Windows 8.1: 23 vulnerabilities of which 6 are rated critical, 17 important
• Windows 10 version 1607: 29 vulnerabilities, 6 critical, 23 important
• Windows 10 version 1703: 29 vulnerabilities of which 6 are rated critical, 23 important

Windows Server products:

• Windows Server 2008 R2: 18 vulnerabilities, of which 3 are rated critical, 15 important
• Windows Server 2012 and 2012 R2: 23 vulnerabilities, of which 6 are rated critical, and 17 important
• Windows Server 2016: 29 vulnerabilities of which 6 are rated critical, 23 important

Other Microsoft Products

• Internet Explorer 11: 5 vulnerabilities, 4 critical, 1 important
• Microsoft Edge: 16 vulnerabilities, 14 critical, 2 important

Security Updates

KB4041676 -- Windows 10 Version 1703

• Addressed issue where some UWP and Centennial apps show a gray icon and display the error message "This app can't open" on launch.
• Addressed reliability issue that causes the AppReadiness service to stop working.
• Addressed issue where applications that use the Silverlight map stack stop working.
• Addressed issue where VSync prevents devices from entering Panel Self Refresh mode, which can lead to reduced battery life.
• Addressed issue where user customizations (like pinned tiles) made to an enforced partial Start layout are lost when upgrading to Windows 10 1703.
• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
• Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
• Addressed issue with the token broker where it was leaking a token that caused sessions to remain allocated after logoff.
• Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This caused users to see the PIN prompt multiple times in a short time period; normally, the PIN prompt only displays once.
• Addressed issue where using the Cipher.exe /u tool to update Data Recovery Agent (DRA) encryption keys fails unless user certification encryption already exists on the machine.
• Addressed issue where using AppLocker to block a Modern app fails. This issue occurs only with Modern apps that come pre-installed with Windows.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with the rendering of a graphics element in Internet Explorer.
• Addressed issue that prevents an element from receiving focus in Internet Explorer.
• Addressed issue with the docking and undocking of Internet Explorer windows.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue where a Vendor API deleted data unexpectedly.
• Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy will copy folders successfully.
• Addressed issue where MDM USB restrictions did not disable the USB port as expected.
• Addressed issue where creating an iSCSI session on a new OS installation may result in the "Initiator instance does not exist" error when attempting to connect to a target.ressed issue where connecting to RDS applications published using Azure App Proxy fails. The error message is, “Your computer can’t connect to the Remote Desktop Gateway server. Contact your network administrator for assistance”. The error can occur when the RDP cookie size limit is exceeded. This update increased the size of the RDP cookie limit.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Addressed issue that affects the download of some games from the Microsoft Store during the pre-order phase. Download fails with the error code 0x80070005, and the device attempts to restart the download from the beginning.
• Addressed issue where the ServerSecurityDescriptor registry value does not migrate when you upgrade to Windows 10 1703. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Windows Subsystem for Linux, Microsoft JET Database Engine, and the Windows SMB Server.

KB4041691 -- Windows 10 Version 1607 and Windows Server 2016

• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with rendering a graphics element in Internet Explorer.
• Addressed issue with docking and undocking Internet Explorer windows.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue where a vendor API deleted data unexpectedly.
• Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don't propagate to child objects. No errors are logged.
• Addressed access violation in LSASS that occurs during startup of domain controller role conditions. A race condition causes the violation when account management calls occur while the database is refreshing internal metadata. A password reset or change is one of the management calls that may trigger this problem.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Addressed issue where the ServerSecurityDescriptor registry value does not migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server.

KB4041689 -- Windows 10 Version 1511 -- End of Support after this update.

KB4042895 -- Windows 10 RTM

KB4041693 -- Windows 8.1 and Windows Server 2012 Monthly Rollup (see also security-only update KB4041687)

• Addressed issue with docking and undocking Internet Explorer windows.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue where Internet Explorer stops responding to a navigation request.
• Addressed issue that occurs in the WebView Control of Internet Explorer in certain scenarios.
• Addressed issue with URL encoding in Internet Explorer.
• Addressed issue that prevents an element from receiving focus in Internet Explorer.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue with the rendering of a graphics element in Internet Explorer.
• Addressed issue in Internet Explorer caused by a redirection link.
• Addressed issue where messages that should be in a non-English language display in English in Internet Explorer.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server.

KB4041681 -- Windows 7 and Windows Server 2008 R2 Monthly Rollup (see also security-only update KB4041678)

• Addressed issue with docking and undocking Internet Explorer windows.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with URL encoding in Internet Explorer.
• Addressed issue that prevents an element from receiving focus in Internet Explorer.
• Addressed issue with the rendering of a graphics element in Internet Explorer.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Windows Wireless Networking, Microsoft JET Database Engine, and the Windows SMB Server.

KB4040685 -- Cumulative Security Update for Internet Explorer -- The fixes are included in the Security Monthly Quality Rollup.

KB4041671 -- Security Update for Windows Server 2008 -- Patches information disclosure vulnerability that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.

KB4041679 -- 2017-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012.

KB4041681 -- 2017-10 Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4041683 -- 2017-10 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB4041690 -- 2017-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4041944 -- Security Update for Windows Server 2008

KB4041995 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042007 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042050 -- Security Update for Windows Server 2008

KB4042067 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042120 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042121 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042122 -- Security Update for Windows Server 2008 and Windows XP Embedded

KB4042123 -- Security Update for Windows Server 2008

KB4042723 -- Security Update for Windows Server 2008 and Windows XP Embedded

Known Issues

• After installing KB4041691, downloading updates using express installation files may fail.Workaround:
  • Download updates from the Microsoft Update Catalog
  • Run the following commands from an administrative command prompt:
    • sc config bits start= disabled
    • net stop bits
  • Install the update.
  • Run the following commands from an administrative command prompt:
    • sc config bits start= delayed-auto
    • net start bits
• After installing KB4041681, package users may see an error dialog that indicates that an application exception has occurred when closing some applications. This can affect applications that use mshtml.dll to load web content. The failure only occurs when a process is already shutting down and will not impact application functionality.
• Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications.
• Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated (KB4041676).
• After you install KB4040685, Internet Explorer 11 package users may receive an error message that states that an application exception has occurred when some applications are closed. This can affect applications that use mshtml.dll to load web content. This problem occurs only when a process is already shutting down. It does not affect application functionality.

Security advisories and updates

ADV170012 | Vulnerability in TPM could allow Security Feature Bypass - A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/or firmware updates, you will need to re-enroll in any security services you are running to remediate those services.

ADV170013 | September 2017 Flash Security Update

ADV170014 | Optional Windows NTLM SSO authentication changes -- Microsoft is releasing an optional security enhancement to NT LAN Manager (NTLM), limiting which network resources various clients in the Windows 10 or the Windows Server 2016 operating systems can use NTLM Single Sign On(SSO) as an authentication method. When you deploy the new security enhancement with a Network Isolation Policy defining your organization's resources, attackers can no longer redirect a user to a malicious resource outside your organization to obtain the NTLM authentication messages.

ADV170015 | Microsoft Office Defense in Depth Update

ADV170016 -- Windows Server 2008 Defense in Depth

ADV170017 | Office Defense in Depth Update

Non-security related updates

KB4043766 -- 2017-10 Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4043767 -- 2017-10 Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4043768 -- 2017-10 Quality Rollup for .NET Framework 2.0 on Windows Server 2008

KB4043769 -- 2017-10 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB890830 -- Windows Malicious Software Removal Tool - October 201

KB4038801 -- Update for Windows 10 Version 1607 and Windows Server 2016

• Fixed a Lock Workstation setting for smart cards.
• Fixed an issue in the Credentials Manager when saving empty passwords (system could stop working when using those credentials).
• Fixed WMI query issue where access tokens were improperly closed.
• Cloned file issue on ReFS systems.
• Fixed error STOP 0x44 in Npfs!NpFsdDirectoryControl.
• Fixed error 0x1_SysCallNum_71_nt!KiSystemServiceExitPico.
• Fixed computer losing access to its domain when MSA (Managed Service Account) renews the password automatically.
• Fixed RemoteApp issues when minimizing and restoring to full screen mode.
• Patched delay issues when accessing Office documents from remote network drives.
• Fixed user logon delay issues.
• Addressed issue where the Get-AuthenticodeSignature cmdlet does not list TimeStamperCertificate even though the file is time stamped.
• Fixed errors "Multiple Bugcheck BAD_POOL_CALLER (c2) 0000000000000007; Attempt to free pool which was already freed" and "0xCC PAGE_FAULT_IN_FREED_SPECIAL_POOL".
• Fixed Remote Desktop idle timeout warning not being displayed.
• Fixed "he user name or password is incorrect. 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE)" in CA management console when revoking certificates associated with disabled user accounts.
• Fixed a multi-factor authentication issue on devices that use custom culture definitions.
• Addressed issue where the cluster node stops working when using async replication on very high-speed disks.
• Fixed kernel memory leak issue caused by ksecdd.sys.
• Fixed excessive memory usage issues in LSASS.
• Fixed deadlock during RDP and console logons at "Applying user profile settings".
• Fixed "get-tpm : An internal error was detected. (Exception from HRESULT: 0x80290107). At line:1 char:1" during TMP-related operations using PowerShell.
• Support for OIDC logout using federated LDPs added.
• Addressed Windows Hello CEP and CES-based certificates issue with gMSA accounts.
• RPC reliability improved.
• Fixed smart card log on issue on Remote Desktop Server.
• Fixed issue where Hibernate Once/Resume Many" cannot be enabled on Windows Server 2016 IoT with Unified Write Filter.
• Fixed error 8409: "A database error has occurred".
• Addressed issue where Windows Server 2016 domain controllers (DC) may log audit events with ID 4625 and 4776.
• Fixed "There is not enough space available on the disk to complete this operation" and "Not enough available capacity" when trying to extend a Clustered Shared Volume beyond 2 Terabyte using Disk Manager.
• Addressed issue where the Windows Internal Database (WID) on Windows Server 2016 AD FS servers fails to synchronize some settings because of a foreign key constraint
• Addressed issue where Windows Server Essentials Storage Service stops working if a tiered virtual disk is created on a storage pool that has HDD and SSD
• Addressed access violation in LSASS that occurs during the startup of the domain controller role conditions
• BitLocker.psm1 won't log passwords if logging is enabled.

KB4040724 -- Update for Windows 10 Version 1703

• Fixed performance issues or lag in Microsoft Edge after installing KB4038788.
• Reliability improvements and fixes for cellular connectivity.

KB4036479 -- Update for Windows 8.1 and Windows Server 2012 R2 -- Eliminate restarts in virtual machine initial configuration in Windows Server 2012 R2

Microsoft Office Updates

Microsoft Office 2016

• Access 2016 October 3, 2017, update for Access 2016 (KB4011142)
• Excel 2016 October 3, 2017, update for Excel 2016 (KB4011166)
• Office 2016 Description of the security update for Office 2016: October 10, 2017 (KB4011185)
• Office 2016 Description of the security update for Office 2016: October 10, 2017 (KB2920723)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011167)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011139)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011135)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011036)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011144)
• Office 2016 October 3, 2017, update for Office 2016 (KB4011158)
• Outlook 2016 Description of the security update for Outlook 2016: October 10, 2017 (KB4011162)
• PowerPoint 2016 October 3, 2017, update for PowerPoint 2016 (KB4011164)
• Project 2016 October 3, 2017, update for Project 2016 (KB4011141)
• Skype for Business 2016 Description of the security update for Skype for Business 2016: October 10, 2017 (KB4011159)
• Visio 2016 October 3, 2017, update for Visio 2016 (KB4011136)
• Word 2016 October 3, 2017, update for Word 2016 (KB4011140)
• Word 2016 Description of the security update for Word 2016: October 10, 2017 (KB4011222)

Microsoft Office 2013

• Access 2013 October 3, 2017, update for Access 2013 (KB3172543)
• Excel 2013 October 3, 2017, update for Excel 2013 (KB4011181)
• Office 2013 Description of the security update for Office 2013: October 10, 2017 (KB3172524)
• Office 2013 Description of the security update for Office 2013: October 10, 2017 (KB3172531)
• Office 2013 October 3, 2017, update for Office 2013 (KB4011148)
• Office 2013 October 3, 2017, update for Office 2013 (KB4011169)
• Outlook 2013 Description of the security update for Outlook 2013: October 10, 2017 (KB4011178)
• Project 2013 October 3, 2017, update for Project 2013 (KB4011156)
• Skype for Business 2015 (Lync 2013) Description of the security update for Skype for Business 2015 (Lync 2013): October 10, 2017 (KB4011179)
• Visio 2013 October 3, 2017, update for Visio 2013 (KB4011149)
• Word 2013 Description of the security update for Word 2013: October 10, 2017 (KB4011232)
• Word 2013 October 3, 2017, update for Word 2013 (KB4011150)

Office 2010

• Office 2010 Description of the security update for Office 2010: October 10, 2017 (KB2553338)
• Office 2010 Description of the security update for Office 2010: October 10, 2017 (KB2837599)
• Office 2010 Description of the security update for Office 2010: October 10, 2017 (KB3213627)
• Outlook 2010 Description of the security update for Outlook 2010: October 10, 2017 (KB4011196)
• Word 2010 Description of the security update for Word 2010: October 10, 2017 (KB3213630)

Office 2007

• Office Compatibility Pack Description of the security update for Office Compatibility Pack: October 10, 2017 (KB3213647)
• Word 2007 Description of the security update for Word 2007: October 10, 2017 (KB3213648)
• Word Viewer Description of the security update for Word Viewer: October 10, 2017 (KB4011236)

SharePoint Server 2016

• Office Online Server Description of the security update for Office Online Server: October 10, 2017 (KB3213659)
• SharePoint Server 2016 Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017 (KB4011217)
• SharePoint Server 2016 October 10, 2017, update for SharePoint Server 2016 (KB4011161)

SharePoint Server 2013, Project Server 2013, and SharePoint Foundation 2013

• Office Web Apps Server 2013 Description of the security update for Office Web Apps Server 2013: October 10, 2017 (KB4011231)
• Project Server 2013 October 10, 2017, update for Project Server 2013 (KB4011182)
• Project Server 2013 October 10, 2017, cumulative update for Project Server 2013 (KB4011175)
• SharePoint Enterprise Server 2013 October 10, 2017, cumulative update for SharePoint Enterprise Server 2013 (KB4011177)
• SharePoint Enterprise Server 2013 Description of the security update for SharePoint Enterprise Server 2013: October 10, 2017 (KB4011170)
• SharePoint Foundation 2013 Description of the security update for SharePoint Foundation 2013: October 10, 2017 (KB4011180)
• SharePoint Foundation 2013 October 10, 2017, update for SharePoint Foundation 2013 (KB4011183)
• SharePoint Foundation 2013 October 10, 2017, cumulative update for SharePoint Foundation 2013 (KB4011173)
• Word Automation Services for SharePoint Server 2013 Description of the security update for Word Automation Services for SharePoint Server 2013: October 10, 2017 (KB4011068)

SharePoint Server 2010

• Project Server 2010 October 10, 2017, cumulative update for Project Server 2010 (KB4011192)
• SharePoint Server 2010 October 10, 2017, cumulative update for SharePoint Server 2010 (KB4011195)
• SharePoint Server 2010 Office Web Apps Description of the security update for SharePoint Server 2010 Office Web Apps: October 10, 2017 (KB4011194)
• Word Automation Services for SharePoint Server 2010 Description of the security update for Word Automation Services for SharePoint Server 2010: October 10, 2017 (KB3213623)

How to download and install the October 2017 security updates

The October 2017 security updates are made available via Windows Updates. All client versions of Windows are configured to check for and download important updates automatically.

This is not a real-time check though, and you may run a manual check for updates to get the updates earlier.

As always, create a backup before you update so that you can restore the system to a pre-update state if things go wrong.

1. Tap on the Windows-key, type windows update, and select the result from the list of items Windows displays.
2. Select "check for updates" if Windows Update does not check for updates automatically on the page.
3. Select the updates you want to download if updates that are found are not downloaded automatically.

You may download the cumulative updates for Windows 10, Windows 8.1 and Windows 7 from Microsoft's Update Catalog website as well. Direct download links are listed below.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

• KB4041681-- 2017-10 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
• KB4041678 -- 2017-10 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

• KB4041693 -- 2017-10 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
• KB4041687 -- 2017-10 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10 and Windows Server 2016 (version 1607)

• KB4041691-- 2017-10  Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
  

Windows 10 and Windows Server 2016 (version 1703)

• KB4041676 -- 2017-10 Cumulative Update for Windows 10 Version 1703

Additional resources

• October 2017 Security Updates release notes
• List of software updates for Microsoft products
• List of security advisories
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Advertisement