Microsoft Security Updates November 2017 release
Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day.
This guide provides end users and system administrators with information on all security and non-security updates, and security advisories that Microsoft released since the October 2017 Patch Day.
It offers an Excel spreadsheet that lists all security updates released for Microsoft products, information on operating system distribution, download information, and other information related to the updates.
Click on the following link to download an Excel spreadsheet listing all security updates (with details) released in November 2017 by Microsoft: (Download Removed)
Microsoft Security Updates November 2017
Executive Summary
- Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
- No critical updates for Windows, but for IE 11 and Microsoft Edge.
- Lots of known issues.
Operating System Distribution
- Windows 7: 12 vulnerabilities of which 12 are rated important
- Windows 8.1: 11 vulnerabilities of which 11 are rated important
- Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
- Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
- Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important
Windows Server products:
- Windows Server 2008: 11 vulnerabilities of which 11 are rated important
- Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
- Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
- Windows Server 2016: 12 vulnerabilities of which 12 are rated important
Other Microsoft Products
- Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
- Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important
Security Updates
KB4048961 -- Windows 8.1 and Server 2012 R2 Security-only Rollup.
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Security updates to Microsoft Windows Search Component, Windows Media Player, Microsoft Graphics Component, Windows kernel-mode drivers, and the Windows kernel.
KB4048957 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup
- Same as KB4048961
KB4048960 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Security-only Rollup
- Same as KB4048961
KB4048958 -- Windows 8.1 and Server 2012 R2 Monthly Rollup.
- Addressed issue where the virtual smart card doesn't assess the Trusted Platform Module (TPM) vulnerability correctly.
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
- Addressed issue that caused SharePoint Online sites to stop working in Internet Explorer.
- And security updates that are part of KB4048961.
KB4048955 -- Windows 10 Version 1709 --
- Addressed issue that causes the Mixed Reality Portal to stop responding on launch.
- Addressed issue that causes a black screen to appear when you switch between windowed and full-screen modes when playing some Microsoft DirectX games.
- Addressed a compatibility issue that occurs when you play back a Game DVR PC recording using Android or iOS devices.
- Addressed issue where the functional keys stop working on Microsoft Designer Keyboards.
- Addressed issue to ensure that certain USB devices and head-mounted displays (HMD) are enumerated properly after the system wakes up from Connected Standby.
- Addressed issue where the virtual smart card doesn't assess the Trusted Platform Module (TPM) vulnerability correctly.
- Addressed issue where Get-StorageJob returns nothing when there are storage jobs running on the machine.
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Addressed issue where application tiles are missing from the Start menu. Additionally, applications that the Store app show as installed don't appear on the application list of the Start menu. Computers that have Internet connectivity and upgrade on or after November 14, 2017 will receive this preventative solution and avoid this issue. Machines that lack network connectivity or have already encountered this issue should follow the steps in the Microsoft
- Answers thread “Missing apps after installing Windows 10 Fall Creators Updateâ€. Microsoft will release and document an additional solution in a future release.
- Addressed issue where Microsoft Edge cannot create a WARP support process and appears to stop responding for up to 3 seconds during a wait timeout. During the timeout period, users cannot navigate or interact with the requested page.
- Security updates to Microsoft Scripting Engine, Microsoft Edge, Microsoft Graphics Component, Windows kernel, Internet Explorer, and Windows Media Player.
KB4048954 -- Windows 10 Version 1703 -- November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Addressed issue where the RDP Connection from a Windows 10 1703 client to Windows Server 2008 R2 fails with the error: "An internal error occurred". This problem occurs when the server is configured in RemoteFX mode. You may also see a black or incorrectly painted screen.
- Addressed issue where, after an OS upgrade, setting an offline schedule in the Sync Center applet of Control Panel fails. The error message that appears is: "Sync Center Error. An error occurred displaying sync schedules. Error: 0x80070005. Access Denied."
- Addressed issue where RemoteApp and Desktop Connection settings fail to apply when you set them using Group Policy or a script.
- Addressed issue where the virtual smart card doesn't assess the Trusted Platform Module (TPM) vulnerability correctly.
- Addressed issue where opening Microsoft Office files from a file server that has Windows Information Protection enabled fails with the error: “Sorry we couldn't open document xxxxâ€.
- Addressed issue where, when using the FDVDenyWriteAccess policy, Windows will continue to prevent a drive from being made writable even after BitLocker encryption completes.
- Addressed issue where Surface Hub devices cannot connect to Azure Active Directory to log on when they are behind a proxy server.
- Addressed issue where attempting to clean temporary files on the Windows Phone results in the error code “E_FAILâ€.
- Addressed issue where the functional keys stop working on Microsoft Designer Keyboards.
- Addressed issue where modern applications built using JavaScript may fail to initialize.
- Addressed issue where GetWindowLong may fail when called on a window whose thread isn't processing Windows messages.
- Addressed issue where, after installing KB4038788 and rebooting, a black screen appears with only a cursor, and you must reboot in order to log in successfully.
- Addressed issue in Internet Explorer where an intranet site was being treated as an internet site.
- Addressed a memory leak in Microsoft Edge caused by the startup of an internal process.
- Addressed issue with the launch of HTML dialogs in Windows PE systems.
- Addressed issue with scrolling that sometimes causes Microsoft Edge to stop responding.
- Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
- Addressed issue where the PDF download progress bar stops when opening a PDF file from a cloud-backed web services site.
- Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, the Microsoft Windows Search Component, and Windows Media Player.
KB4048953 -- Windows 10 Version 1607 and Windows Server 2016 November 14, 2017—KB4048953 (OS Build 14393.1884)
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Addressed issue where attempting to clean temporary files on the Windows Phone results in the error code “E_FAILâ€.
- Addressed issue with the launch of HTML dialogs in Windows PE systems.
- Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings.
- Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Device Guard, Windows kernel-mode drivers, Microsoft Graphics Component, the Microsoft Windows Search Component, and Windows Media Player.
KB4048952 -- Windows 10 Version 1511 November 14, 2017—KB4048952 (OS Build 10586.1232)
- Addressed issue with the rendering of a graphics element in Internet Explorer.
- Addressed issue where access to the Trusted Platform Module (TPM) for administrative operations wasn't restricted to administrative users.
- Plus items 1, 4 and 5 of KB4048953.
KB4048956 -- Windows 10 Version 1507 November 14, 2017—KB4048956 (OS Build 10240.17673)
- Addressed issue where roaming user profile–enabled accounts intermittently synchronize the appdata\local and \locallow folders with the profile server. Side effects include increased profile size, which can result in logon failures when there is full disk usage. Other symptoms include increased network bandwidth and logon or logoff delays on domain-joined computers.
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
- Addressed issue where access to the Trusted Platform Module (TPM) for administrative operations isn't restricted to administrative users.
- Addressed issue where the virtual smart card doesn't assess the Trusted Platform Module (TPM) vulnerability correctly.
- Addressed issue where, during BitLocker decryption or encryption of a drive, files protected with the Encrypting File System (EFS) may become corrupted.
- Addressed issue that caused SharePoint Online sites to stop working in Internet Explorer.
Addressed a crash in Internet Explorer that was seen in machines that used large font-size settings. - Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, Microsoft Windows Search Component, and Windows Media Player.
KB4046184 -- Security update for the information disclosure vulnerability in Windows Server 2008
KB4047206 -- Cumulative Security Update for Internet Explorer
KB4047211 -- Security update for the Windows Search denial of service vulnerability in Windows Server 2008
KB4048951 -- 2017-11 Security Update for Adobe Flash Player for Windows Server 2016, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012
KB4048959 -- 2017-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4048960 -- 2017-11 Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4048962 -- 2017-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4048968 -- 2017-11 Security Update for Windows Server 2008 and Windows XP Embedded
KB4048970 -- Security update for vulnerabilities in Windows Server 2008
KB4049164 -- Security update for the information disclosure vulnerability in Windows Server 2008
KB4050795 -- "Unexpected error from external database driver" error when you create or open Microsoft Excel .xls files
KB4049179 -- 2017-10 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012
Known Issues
After installing KB4041693 or KB4041691, error dialogs may be shown that indicate exceptions during the closing of applications.
- Solution: Microsoft is working on a fix.
After installing KB4048957, KB4048961, KB4048958, KB4048960, KB4048953 updates, Internet Explorer 11 users who use SQL Server Reporting Services may not be able to scroll through drop down menus using the scroll bar.
- Solution: Press F12, select Emulation, change the Document mode to 10.
UWP apps that use JavaScript and asm.js may stop working after installing KB4048953.
- Solution: Uninstall the application in question, and re-install it
Installing KB4048954 may change Czech and Arabic languages to English for Edge and other apps.
- Solution: Microsoft is still working on a solution
Security advisories and updates
Microsoft Security Advisory 4053440 -- Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields
ADV170020 -- Microsoft Office Defense in Depth Update
ADV170019 -- November 2017 Flash Security Updates
ADV170018 -- October Flash Security Update
Non-security related updates
KB4049016 -- 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4049017 -- 2017-11 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4049018 -- 2017-11 Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012
KB4049019 -- 2017-11 Quality Rollup for .NET Framework 2.0 on Windows Server 2008
KB4019276 -- Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2
KB4049011 -- Servicing stack update for Windows 10 Version 1703: November 14, 201
KB4049065 -- Servicing stack update for Windows 10 Version 1607 and Windows Server 2016: November 14, 2017
KB4051314 -- Compatibility update for upgrading to Windows 10 Version 1709: November 14, 2017
KB890830 -- Windows Malicious Software Removal Tool - November 2017
KB4049370 -- November 2, 2017—KB4049370 (OS Build 15063.675) for Windows 10 Version 1703
- Addressed issue where after installing KB4038788, some Microsoft Surface Laptops boot to a black screen. Additionally, you must press the power button for a long time to recover.
KB4052231 -- November 2, 2017—KB4052231 (OS Build 14393.1797) for Windows 10 Version 1607 and Windows Server 2016.
- Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is, “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
KB4052232 -- November 2, 2017—KB4052232 (OS Build 10586.1177) for Windows 10 Version 1511
- same as KB4052231
KB2952664 -- Compatibility update for keeping Windows up-to-date in Windows 7
KB2976978 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8
KB4051613 -- Update for Adobe Flash Player for Windows Server 2016, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012
KB4019276 -- Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2
KB4035176 -- October 17, 2017—KB4035176 Improvements and Fixes to Universal C Runtime in Windows
KB4041685 -- 2017-10 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4041686 -- 2017-10 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2
KB4043961 -- October 17, 2017—KB4043961 (OS Build 16299.19) for Windows 10 Version 1709
- Addressed issue where, after removing apps, they're reinstalled on every restart, logoff, and login.
- Addressed issue where localization of the error output from a JET database is broken. Only English error strings are reported.
- Security updates to Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Windows Search Component, Windows TPM, Windows NTLM, Device Guard, Microsoft Scripting Engine, Windows Wireless Networking, Microsoft Windows DNS, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server .
KB4041688 -- October 17, 2017—KB4041688 (OS Build 14393.1794) for Windows 10 Version 1607 and Windows Server 2016
- Addressed rare issue where fonts may be corrupted after the Out of Box Experience is completed. This issue occurs on images that have multiple language packs installed.
- Addressed issue where downloading updates using express installation files may fail after installing OS Updates 14393.1670 through 14393.1770.
- Addressed issue that causes an error when trying to access shares on a file server.
- Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
- Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
- Addressed issue where restricting the RPC port of the Next Generation Credentials (Windows Hello) service causes the system to stop responding when logging on.
- Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This causes users to see the PIN prompt multiple times in a short time period. Normally, the PIN prompt only displays once.
- Improved M.2 NVMe SSD throughput when the queue size increases.
- Addressed issue where running Event Tracing for Windows with Volsnap may result in error 0x50.
- Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy copies folders successfully.
- Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.
- Addressed issue where a disk losing communication with its S2D cluster may lead to a stale fault domain descriptor for the enclosure.
- Addressed issue where, if an update to a pool config header occurs when it’s performing a read function, a stop error may occur in a Windows Server 2016 Storage Spaces Directory (S2D) deployment.
- Addressed issue to allow UEFI-based customers to pre-stage UEFI-based Gen 2 VMs to run Windows Setup automatically.
- Addressed issue that intermittently misdirects AD Authority requests to the wrong Identity Provider because of incorrect caching behavior. This can affect authentication features like Multi-Factor Authentication.
- Added the ability for AAD Connect Health to report AD FS server health with correct fidelity (using verbose auditing) on mixed WS2012R2 and WS2016 AD FS farms.
- Addressed issue where the PowerShell cmdlet that raises the farm behavior level fails with a timeout during the upgrade from the 2012 R2 AD FS farm to AD FS 2016. The failure occurs because there are many relying party trusts.
- Addressed issue where adding user rights to an RMS template causes the Active Directory RMS management console (mmc.exe) to stop working with an unexpected exception.
- Addressed issue where AD FS causes authentication failures by modifying the WCT parameter value while federating the requests to another Security Token Server (STS).
- Updated the SPN and UPN uniqueness feature to work within the forest root tree and across other trees in the forest. The updated NTDSAI.DLL won't allow a subtree to add an SPN or a UPN as a duplicate across the entire forest.
- Addressed issue where the language bar stays open after closing a RemoteApp application, which prevents sessions from being disconnected.
Addressed issue where the working directory of RemoteApps on Server 2016 is set to %windir%\System32 regardless of the application's directory.
Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose. - Addressed issue where the ServerSecurityDescriptor registry value doesn't migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
- Addressed issue where policies are not pushed for servers that have an updated Instance ID. This occurs when synchronizing the removal of the old server resources with the notifications about NICs (port profile changes) from the host.
- Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don't propagate to child objects. No errors are logged.
- Added support for LTO8 tape drives into ltotape.sys for Windows Server 2016.
KB4041692 -- 2017-10 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4042076 -- 2017-10 Preview of Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4042077 -- 2017-10 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012
KB4042078 -- 2017-10 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4042201 -- 2017-10 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008
KB4048606 -- Compatibility update for upgrading to Windows 10 Version 1709: October 17, 2017
Microsoft Office Updates
KB4011220 -- Office 2016: Security update for Microsoft Excel 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file
- When you save a local OneDrive for Business file in Microsoft Excel 2016, you receive the following error message:
- The File may have been changed by another user.
- When you use Excel embedded in a previewer application (such as Windows Explorer preview pane), the worksheet in the preview window becomes unresponsive after you switch the focus away and then back.
When you edit cells in Excel 2016 on a high DPI display device, Excel freezes. - You experience the following issues in Excel 2016:
- Cross-workbook formulas that are used as a source for a PivotTable cause Excel to crash.
- PivotTables that are connected to OLAP cubes and they contain multiple currencies but display only one of the currency symbols.
- When you open certain files that are created in earlier version of Excel, Excel crashes.
- When you delete a PivotTable and then undo the operation in Excel crashes.
- When you refresh a PivotTable in Excel 2016, more memory is consumed until all available memory is consumed.
- You can't import SharePoint lists to obtain values for the calculated columns in the SharePoint list.
- The Connection Properties dialog box can't be closed in certain workbooks.
- Correct the translation of the TRIM function in the Dutch version of Excel 2016.
- Some trusted local macros can't run if the BlockContentExecutionFromInternet security setting is enabled.
KB4011262 -- Office 2016: Security update for Office 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
KB4011242 -- Office 2016: Security update for Word 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
- When you close a document that is created by a template (.DOTM) in Word 2016, Word 2016 may crash.
- The footnote number in an Arabic document is displayed in Basic Latin instead of as an Arabic number.
- When you open certain .doc files in Word 2016, Word may crash.
- Improve performance in transforming text and styles programmability.
KB4011233 -- Office 2013: Security update for Excel 2013 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file
- Assume that you have Office Web Apps Server 2013 installed. In the on-premises version of Microsoft Word Online and Microsoft PowerPoint Online, decimal values are truncated in a chart axis or data label.
- When you use Microsoft Excel embedded in a previewer application (such as Windows Explorer preview pane), the worksheet in the preview window becomes unresponsive after you switch the focus away and then back.
- Calculated column value is not imported from an external data source.
- When you try to edit the properties of a data connection in Excel 2013, you receive the following error message:
- This connection name is already in use. Try a different name.
- Correct the translation of the TRIM function in the Dutch version of Excel 2013.
- When you undo some operations that involve multiple selected regions in Excel 2013, formulas may not be restored.
KB3162047 -- Office 2013: Security update for Office 2013 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
KB4011250 -- Office 2013: Security update for Word 2013 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
- Assume that you have Office Web Apps Server 2013 installed. In the on-premises version of Microsoft Word Online and Microsoft PowerPoint Online, decimal values are truncated in a chart axis or data label.
- Improve performance in transforming text and styles programmability.
Office 2010:
- KB4011197 -- Excel 2010 Security update
- KB2553204 -- Office 2010 Security update
- KB4011268 -- Office 2010 Security update
- KB4011270 -- Word 2010 Security Update
Office 2007:
- KB4011276 -- Office 2007 security update
- KB4011199 -- Excel 2007 security update
- KB4011206 -- Excel Viewer 2007 security update
- KB4011265 -- Microsoft Office Compatibility Pack Service Pack 3 security update
- KB4011205 -- Microsoft Office Compatibility Pack Service Pack 3 security update
- KB4011266 -- Microsoft Word 2007 security update
- KB4011264 -- Microsoft Word Viewer 2007 security update
How to download and install the November 2017 security updates
Microsoft publishes security updates via its Windows Updates service and other services (many of them available to Enterprise customers only).
Windows systems are configured to download and install important updates by default. The operating system checks regularly, but not in real-time, for updates.
You can run a manual check for updates at any time doing the following:
- Use the Windows-key to bring up the Start Menu.
- Type Windows Update.
- Select the item from the list of results.
- Locate and activate "check for updates" on the page if a check is not run automatically when the Windows Update interface opens.
- Updates that are found are either downloaded and installed automatically, or on user request.
Below are direct links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10.
Direct update downloads
Windows 7 SP1 and Windows Server 2008 R2 SP
- KB4048957-- 2017-11 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
- KB4048960 -- 2017-11 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems
Windows 8.1 and Windows Server 2012 R2
-
KB4048958 -- 2017-11 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
- KB4048961Â -- 2017-11 Security Only Quality Update for Windows 8.1 for x86-based Systems
Windows 10Â (version 1507)
- KB4048956 -- Cumulative update for Windows 10 Version 1507
Windows 10Â (version 151)
- KB4048952 -- Cumulative update for Windows 10 Version 1511
Windows 10 and Windows Server 2016 (version 1607)
- KB4048953 -- 2017-11Â Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
Windows 10 (version 1703)
- KB4048954 -- 2017-11 Cumulative Update for Windows 10 Version 1703
Windows 10 (version 1709)
- KB4048955 -- 2017-11 Cumulative Update for Windows 10 Version 1709
Additional resources
Both my Nvidia Geforce 660 on one Dell computer; and my AMD Radeon R9 380 series on another Alienware computer now crash a few minutes into playing any game after the latest Windows update. When I uninstall, the games play fine. So, that tells me it’s the update….. any thoughts or solutions. I know I need the update to keep my system secure….
Gawd knows all the stuff they’re messing with behind the scenes with these “quality update” security patches. I have a hard time trusting MS anymore with anything they turn out, let alone say or do. In your case, it hardly seems like a coincidence considering it is happening on two different machines you have at your disposal. I say trust your instincts — and the evidence!
Similar to what we’ve discussed above, you could set a restore point and/or create a system image, then install this latest update, then check again if the same issues are being experienced. If they are, perhaps a video card driver update (or driver reinstall) will help cure things. If it’s only a few games but not all, perhaps they too could be reinstalled (YMMV there though … ouch). Unfortunately it may not be that simple though, as who knows what exactly may be being nicked system-wide after this latest update embeds itself. It certainly appears the sanctity of your games is now at their mercy however. I lost my Media Player and all its associated file links from this same so called “security patch”. Whodda guessed? (rolls eyes in anguish)
Look at it this way. You could always fall back on the system restore point you set earlier if nothing you try works, or if push comes to shove – and bigger guns are called for – the drive image you created. Or google for more answers, like all lost souls do.
Like above replies i too have the confronting goofs&glitches regarding this weeks MS windows 7 ultimate 64bit updates. Suddenly my ‘Cyberghost 6″ “Installation corrupted and seems to miss some files. Please reinstall”. All that means is that i lost my CG yearly subscription. (utopie: MS, are you willing to cover the $60,- subscription for me please? ;^) )
My current updating routine for my Windows 7 x64 system is to:
* Keep an eye out for reports of major bugs on gHacks, AskWoody, and my tech headlines service.
* Wait until Belarc Advisor updates its database to incorporate the latest security updates (which usually happens a day or two after Patch Tuesday).
* Run Belarc Advisor and see what security updates are flagged as missing.
* Run a standard Malwarebytes scan.
* Run a boot-time disk check/repair on my system drive.
* Clone my system drive to a second drive that I can swap in for it, in case of a major update-induced catastrophe.
* Run both stages of WSUS Offline Update, with the security updates only, automatic reboot and recall, and view log options ticked.
* Check the WSUS log for each stage for errors and warnings.
* Run Belarc Advisor again to see if anything is still missing and investigate why (e.g., because of false positives or buggy-patch blacklisting by WSUS).
* Run WPD to make sure none of Microsoft’s “security-only” patches re-opened any privacy holes.
This month, everything went fine, Belarc and WPD gave me a clean bill of health, and I haven’t noticed any system problems. (There were no errors in the WSUS logs, only warnings that the Windows Update Service couldn’t be stopped or restarted, which I assume is normal, given that I had disabled the service.) I don’t use Microsoft Office, so I can’t speak to any potential problems there.
Here’s another glitch for you. Windows 7 SP1 Security-only Rollup KB4048960 ended up hosing my Windows Media Player. Specifically, WMP 12. Once the patch installed, any existing shortcut on the desktop or in the start menu I had to WMP was automatically deleted. When I then clicked on the program exe itself [located at C:\Program Files (x86)\Windows Media Player\] it relaunched the program like it is brand spanking new. All my customized settings, and all my library file links I had associated with WMP, were long gone. WTF!
All I can say is — thank God for System Restore!
So as it is, if I update my system with this latest Windows security patch, I lose my customized Media Player settings and my WMP library. Conversely, If I forgo the KB4048960 update to prevent this very thing, my system basically goes “unprotected”. So what now Microsoft??
If anyone ends up finding a workaround to this latest patch snafu, please post it!
[Windows 7 Ultimate x64]
Everyone I know uses VLC Media Player instead of Windows Media Player, but what happened to you sounds pretty annoying. Not as annoying as the weird glitches that Microsoft updates and have inflicted on my dad’s Windows 10 computer in the past month, but still pretty annoying. He’s thinking about paying through the nose and switching to Apple, and for the first time I’m not inclined to talk him out of it.
It looks like we have quite a bit in common. I’m an old enough pc user myself to be considered a computing dinosaur, which equates to persona non grata in the eyes of Microsoft. By way of reference, my mother died just last year, one month shy of age 94. That should give you some idea about where I am on the longevity escalator. Couldn’t agree with you more about learning new tricks these days. That thrill is long gone; too many promises were given but left unfulfilled in the computing world, and with MS in particular. Ever since they metrofied their flagship apps with nameless, faceless blocks and ribbons, they’ve been increasingly turning me sour.
Then you have their enduring smugness that they know what’s best on all things computive (sic), and that we pawns should be content to go along for whatever ride they choose for us, no questions asked. Shades of Apple, only without the gloss and quality control. Moreover, we should be content to serve their purposes, and not the other way around, while they profit madly into the bargain. At some point, Wintel’s “have it your way” credo morphed into “HAVE IT OUR WAY CHUMPS. Oh, and if you don’t like it, get a Linux or Mac!” And so, many are doing just that, or considering it for the first time. The Redmond Road, it turns out, was paved with spurious intentions. THEIRS.
Like you, my wife and I have been debating what to do once Windows 7 reaches the end of the road. We’ve both become disenchanted with MS, and shake our heads at what’s become of Windows, with its newfangled enforced indenture. Hollow assurances aside, I can see the day when it will evolve into a one-shoe-fits-all subscription service. Though they assure us that won’t happen, I’ve seen too many promises broken, and exits-stage-left, from this company over the years to be convinced that inevitability remains out of bounds. But even if that somehow didn’t materialize, dealing with Windows nowadays has become more of an annoyance, indeed chore, than anything else, replete with far too many unpleasant surprises. Like I said, any thrill there was – once upon a time – is gone.
@Jb:
I’m an old dog who’s reaching the point where learning new computer tricks is no longer as fun as it used to be for its own sake. I just want my computer to be a reasonably stable, reliable, and trustworthy tool that lets me get my work done and that I don’t have to watch like a hawk. But Microsoft’s post-Windows-7 moves have been enough to convince me to switch to Linux by the time Windows 7 reaches end of life. (I’ve been playing with Linux Mint Cinnamon in a virtual machine for a year and a half or so to soften the shock of the ultimate transition.) My dad’s an even older and less computer-literate dog whose department at work supports only Windows and OSX, so Linux isn’t an option for him. (In case the fact that he’s still working makes my claim to being an old dog seem questionable, I should point out that he’s a 90-year-old basic-medical-science researcher who only half-jokes that his remaining goal in life is “to die funded.” He loves his work.) As I said, he’s seriously considering switching to Apple … as most of his colleagues have already done. Shame about his Lenovo X1 Yoga with the OLED screen, though. It’s not user-serviceable, so I wouldn’t have chosen it (you can’t easily swap drives or replace the battery if/when they die), but it’s a pretty nifty little machine.
Hard to believe your your old man is having to jump through those kinds of hoops at startup, and then thereafter. But then again, we are talking Metro, the first OS they had to give away for free just to garner a respectable uptake. By way of consequence though, he’s now an indentured member of their guinea pig colony. Shades of 1984, only in full-blown Metrorwellian glory. :)
It’s kind of sad to think we’re all gonna end up there eventually though, that is, if one can’t find a way off the Redmond Road. Resistors and lemmings alike… :(
Windows 7 may be far from perfect, but it can’t touch the mess that W10 represents IMO. It blows my mind that this is how far things have come with MS circa 2017. I got into the Wintel world mainly to avoid the walled gardens of Apple. Now Microsoft has jumped that shark, er, wall with both feet thrust forward. I guess you could say Steve Jobs wins, from the grave.
Wish I had some ideas to offer you and your pop, but the issues he’s facing actually sound worse than what I’m experiencing. I at least have system restore to fall back upon. He has only his .45 left (I wouldn’t even bother with a .22).
I like your idea of exporting/importing the WMP database files. This is actually along the lines of what I was considering earlier, but have yet to enact (out of procrastination — or fear?). So I guess the time has come to give that a shot and see if it might suffice. If not, I’ll get down on my knees while rubbing a trusty cottontail and pray that my system restore doesn’t fail me this one last time. Just to be sure, and upon deeper thought, It might not hurt to cut a system image too — as you can never be too sure when it comes to Windows. Not that I have to part that pearl of wisdom to you… ha.
Wish me luck.
I didn’t mean to diminish your pain, which now actually sounds worse than what my dad is going through. He can’t scan directly from his printer’s console to the Windows 10 computer. (No problem with that on Windows 7 computers.) His RealTimeSync tasks, which are scheduled to start at log-on, “start” but don’t actually run until he manually loads and then exits FreeFileSync. (No such automation-impeding nonsense on Windows 7 computers.) He now has to boot his Windows 10 computer and log on to his Windows account before docking and connecting to his external keyboard and monitor, whereas before he had to do the opposite. (That took a while to figure out, and in the meantime we were confronted with what seemed to be an undockable laptop.) The screen resolution and scaling no longer adjust automatically when he moves between the 30″ external monitor and the 14″ built-in monitor. (That’s a daily recurring hassle.) And that’s just the stuff I can remember off the top of my head.
If I were you, I’d back up my entire Windows Media Player AppData folder (probably C:\Users\YourUserName\AppData\Local\Microsoft\Media Player) before attempting to install the suspect update again; install the update; start WMP to see if you have the same problem as before; if so, exit WMP for 30 seconds, copy and paste the contents of your WMP AppData backup folder into the WMP AppData folder proper; and then try again.
If that doesn’t work, you can have a look at this link:
Windows 7 Windows Media Player 12 won’t update the library when I …– Microsoft Community
https://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/windows-7-windows-media-player-12-wont-update-the/e68d4e33-897c-421d-8d4b-dbf53c9ee4a5?auth=1
I’m concerned, however, that wiping out all of the *.wmdb files might effectively wipe at least some of your customization work. Again, I have no experience messing around with WMP, so I don’t know what’s stored where.
It’s more than annoying. A ton of work went into building that WMP library, which included all kinds of customized tweaks and tunings (hammering really), something that’s basically required if you want to make something of it. It’s not the easiest app to deal with I can assure you, but doable with enough patience — and persistence. Then, thanks to a not-yet-ready-for-primetime security patch, it can all be wiped out in the blink of an eye. Thank you MS.
I can only imagine what your dad is going through with Win10, that metrofied monster of an OS that I’ve avoided like the plague. The problem is once you adopt it, Microsoft insists on sitting you in their one-course-for-all caboose to go along for whatever ride they choose. To hell with “customer choice” in any imaginable stripe or configuration. In Redmond’s eyes, such arcane concepts went out with the dinosaurs (aka their early user base).
Microsoft + annoying. The two concepts blend almost seamlessly these days. Alas.
I hope this post helps someone since i spent the entire day trying to fix it.
Computers on my network running windows 7 64 bit stop printing to EPSON FX890 printers. After finding the events in the event viewer it gave the following error on print “Win32 error code returned by the print processor: 2147500037”
Some Googling revealed absolutely nothing.
Re-installed the printers, drivers, ports to no avail. Normal laser printers worked fine. Finally check if there any updates installed recently and there were a few for the 15th Nov 2017. Uninstalled all the system updates for that day as well as the .net updates and restarted. Low and behold they are now printing again.
If anyone can shed some light on this it would be amazing. Just hoping this helps someone else not to spend the whole day searching for an issue.
Cheers
Good Lord. I have a friend who runs Windows 7 SP1 x64 and who has an Epson XP-950 printer. Is KB4048960 the update he has to avoid installing, or uninstall after updating?
Hmmm. I’m not finding any reports of problems with the Epson XP-950 (a relatively recent big-format inkjet) so far, but John’s report of trouble with his 22-year-old, LPT-connected Epson Stylus Color inkjet is mildly worrisome. At this point, I think I’m going to advise my friend to go ahead with the update. (Like me he clones his system drive before updating, and unlike me he has mobile drive racks, so it’s a five-minute recovery, tops, for him if something goes wrong.)
Only that the issue exists, and that rolling back fixes it:
http://borncity.com/win/2017/11/16/issues-with-microsofts-november-2017-updates/
https://www.tenforums.com/drivers-hardware/98125-dot-matrix-printer-stopped-working-after-update.html
Beside Martin’s link, I’ve published another article with possible workarounds – can’t test it, perhaps it works:
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Thanks Martin!
At least I can move forward now with the fixes.
@ Jody Thornton, the links you posted to Microsoft Catalog for .NET Framework patches are all for last year and beyond i.e. 2015, 2014 etc. There are no releases listed for 2017.
Thank you very much, awesome article as usual !
KB4048954 — Windows 10 Version 1703 — November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)
“You may also see a black or incorrectly painted screen.”
THERE’S A SHOCKER! And yup, once again, the dreaded BSOD. It seems like every update lately has this problem. And I’m sick of it. And I’m not the only one. Have to reboot in safe mode, uninstall the update, then run the Hide Updates Troubleshooter from Microsoft to keep it from installing. My PC will be forever vulnerable at this rate.
Windows 10 Home, Version 1703, Build 15063.726
Great work again, clearing up some of the confusion created (deliberately?) by Microsoft.
One addition: under “Direct update downloads” for Win 8.1, for the KB4048961 2017-11 “Security Only Update”, only the version for x86 systems is listed above. But there is a different “Security Only Update” package for x64 systems, which Microsoft (trying to add more confusion) has given the same KB number.
If you search for it in the Microsoft Update Catalog, you will find **three** different KB4048961 “Security Only Update” packages. For Windows 8.1 there is a 15.8 Mb version for x86 systems, and a 23.3 Mb version for x64 systems. Plus a third version for Server 2012 systems. Link to all three versions:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4048961
Yeppers, since I have to manually download Server 2012 updates to apply to Windows 8 (not 8.1), I have to go through the confusion every month. There was the same .NET rollup for the last three months for v4.52.
It SUCKS.!!!!
Everytime I do a “restart”, it keeps giving me the SAME error “Status:Awaiting restart” (KB4048955)
Are you running Windows 10 1709 (Fall Creators Update) Steve?
If not, uninstall it since the patch you mentioned only applies to that release according to https://blogs.msdn.microsoft.com/dotnet/2017/11/14/net-framework-november-2017-security-and-quality-rollup/
@ Martin, it would appear from the same blog that there isn’t a .NET Framework Security Only update this month.
There was an update rollup for .NET that I installed on Windows 8 (natively a Server 2012 RTM update), but it was available for other versions of Windows.
For Server 2012 and Windows 8.1
http://www.catalog.update.microsoft.com/Search.aspx?q=security+only+2012
For Server 2008 and Windows 7
http://www.catalog.update.microsoft.com/Search.aspx?q=.net+server+windows+7
Link to all Internet Explorer 11 security update downloads on Microsoft Catalog: https://www.catalog.update.microsoft.com/search.aspx?q=kb4047206
Thanks!
Hi Martin, you mentioned KB4041693 and KB4041691 in the “Known Issues” section, but neither of them appears anywhere else on the page; or at least CTRL+F on FF ESR 52.5.0 doesn’t find them. Which updates do they belong to?
These were from October: https://www.ghacks.net/2017/10/10/microsoft-security-updates-october-2017-release/
OK, thanks for that.
On a slightly different note, is there no security only update available for .NET Framework? You’ve only listed the “Security and Quality” version.
One of the reasons I’m asking is because KB4040981 includes a change to a fix which was included in the May Monthly Security and Quality Rollup the latter of which I didn’t install. See “Networking” in the table on: https://support.microsoft.com/en-us/help/4040981/security-and-quality-rollup-for-net-framework-3-5-for-windows-8-1-wind
Consequently I’m a bit concerned that installing KB4040981 could lead to a problem since the original fix wasn’t installed.
Don’t see .Net Security updates here: https://portal.msrc.microsoft.com/en-us/security-guidance
I didn’t install kb2952664 “Compatibility update for keeping Windows up-to-date in Windows 7”, because it doesn’t seem like a security update. I am not sure what it does.
Ask Woody has an article on KB 2952664 and 2976978
Recently https://www.computerworld.com/article/3236357/microsoft-windows/non-security-office-patches-appear-with-the-reprise-of-kb-2952664-and-2976978.html
And one from last year https://www.computerworld.com/article/3127809/microsoft-windows/detested-get-windows-10-snooping-patch-kb-2952664-reappears.html
Do these updates to provide telemetry?
Yes. Maybe even more than just Telemetry – spyware.?
From about 2014, there has been about 20+ different versions of KB2952664(Win 7) offered by M$, ie nearly every month. And once installed, it is not easy to uninstall. Why so many versions of this Win 7/8.1 update throughout the Win 10 years.? Something fishy is going on.
It’s more than simply “fishy.” Microsoft is fishing for your personal data. Once they create a sufficient profile of you and your ongoing interests, they will target you for monetary gain by way of advertisements and solicitations. Oh, and what a handy crypt of info to turn over to any Federal security entity should they come a-callin’ with a demand for release, or per a compliant court order. Or maybe just to sift through by way of specialized, high-power algorithms – en masse.
As it is, the Big 3 computer companies – Microsoft, Apple and Google – are slowly morphing into conduits of the NSA and the Feds in general. But not at the expense of profiting handsomely from raiding and manipulating our system caches for their own greedy purpo$e$ in the meantime.
Windows Firewall stopped working at windows 10 1709 after these updates, any one has this issue?
I had an issue where some UDP traffic was blocked that was needed for FailoverCluster heartbeat. I had to disable the Domain FW for the cluster to work again. Have not tried with de FW up again. In and Out rules for cluster are in place and enabled. This occured on only one of the 4 2008 R2 cluster nodes.
Thanks again Martin Brinkmann, For this mount Microsoft update news
A lot of reading again this month and not only with the update from Microsoft.
Also, firms like Adobe (Shockwave and flash), Google Chrome (Yesterday) and Mozilla Firefox 57 (Quantum) are today launching there latest, so a big day today.
But next to that hopefully, not only NoScript is launching there WebExtension quite soon but also it would be nice if Tabmixplus is not far from that date or even earlier.
Any ideas what KB4051033 is? See it listed on the page for Win 10 1607 but it’s above the current patch of KB4048953.
“Windows 7 SP1 – KB4048960 – 2017-11 Security Only Quality Update”…
> Solution: “Microsoft is working on a fix” to make it really “Only” (don’t feed the troll).
Wow, no wonder I never look at these articles. Definitely cured for a while.
Hope you don’t mean my writing ;)
Not at all what I was implying, sorry. LoL