This overview offers information on security updates and non-security updates that Microsoft released for Windows, Office and other company products in December 2017.
The guide is divided into different parts: it starts with an executive summary that highlights the most important bits. This is followed by the operating system distribution which highlights how different versions of Windows are affected this month.
The list of security updates, known issues, security advisories and non-security updates comes next. The last part of the overview links directly to cumulative update downloads for Windows 7, 8.1 and 10 systems, and to resources that you will find useful to look up further information.
Check out the November 2017 Patch Day for information on last month's patches.
You may download the following Excel spreadsheet listing all security updates for all products released in December 2017 by Microsoft. Download it with a click on the following link: windows-security-updates-december-2017.zip
Windows Server products
Other Microsoft Products
KB4054518 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup
KB4054521 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Security Only Update
KB4054519 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup
KB4054522 -- Windows 8.1 and Windows Server 2012 R2 Security only update
KB4054517 -- Cumulative update for Windows 10 Version 1709 to build 16299.125
KB4053580 -- Cumulative update for Windows 10 Version 1703 to build 15063.786
KB4053579 -- Cumulative update for Windows 10 Version 1607 to build 14393.1944
KB4053578 -- Cumulative update for Windows 10 Version 1511 to build 10586.1295
KB4052978 -- Cumulative security update for Internet Explorer: December 12, 2017
KB4047170 -- Security Update for Windows Server 2008 -- fixes an information disclosure vulnerability in Windows Media Player.
KB4052303 -- Security Update for Windows Server 2008 and Windows XP Embedded -- fixes Windows RRAS Service remote code execution vulnerability.
KB4053473 -- Security Update for Windows Server 2008 -- fixes information disclosure vulnerability in the its:// protocol handler
KB4053577 -- Security Update for Adobe Flash Player
KB4054520 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4054523 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
Known Issues
None
CVE-2017-11940 -- Microsoft Malware Protection Engine Remote Code Execution Vulnerability
KB4055994 -- Dynamic Update for Windows Version 1709 -- Compatibility update for upgrading to and recovering Windows 10 Version 1709
KB4056457 -- Dynamic Update for Windows Version 1709 -- Reliability update for upgrading to Windows 10 Version 1709
KB4051956 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded -- Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga
KB890830 -- Windows Malicious Software Removal Tool - December 2017
KB4049068 -- Time zone changes in Windows for Fiji
Microsoft released non-security updates for Microsoft Office on December 6, 2017. You can check out our overview here.
KB4011095 -- Office 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
KB4011575 -- Word 2016 -- Resolves issue described in 4011575. Includes a list of improvements on top of that:
KB4011277 -- Office 2013 -- Same as 4011575.
KB4011590 -- Word 2013 -- Same as 4011575
KB4011612 -- Office 2010 -- Same as 4011575
KB4011614 -- Word 2010 -- Same as 4011575
KB4011608 -- Word 2007 -- Same as 4011575
KB4011576 -- SharePoint Server 2016 -- Fixes an elevation of privileges vulnerability in SharePoint server.
KB4011578 -- SharePoint Enterprise Sever 2016 -- Features translation improvements, and improvements to the SharePoint Health Analyzer algorithm.
KB4011587 -- Office Web Apps Server 2013
KB4011598 -- Project Server 2013 -- Various improvements to tasks, timesheets, and other issues.
KB4011589 -- Cumulative update for Project Server 2013
KB4011601 -- SharePoint Enterprise Server 2013 -- Health Analyzer improvements.
KB4011582 -- SharePoint Enterprise Server 2013 -- Lots of fixes and improvements.
KB4011596 -- SharePoint Foundation 2013 -- Lots of fixes and improvements.
KB4011588 -- Cumulative update for SharePoint Foundation 2013 -- Same as KB4011589.
KB4011593 -- Cumulative update for SharePoint Server 2013 -- Same as KB4011589.
The security updates are released as individual or cumulative updates by Microsoft. All security updates that apply to a specific version of Windows are offered through Windows Updates on most home systems.
Windows is set up by default to download and install important updates such as security updates automatically.
You can run a manual check for updates to speed up the process:
Here are direct download links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10 (all supported versions).
Windows 7 SP1 and Windows Server 2008 R2 SP
Windows 8.1 and Windows Server 2012 R2
KB4054519 -- 2017-12 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
KB4054522 -- 2017-12 Security Only Quality Update for Windows 8.1 for x86-based Systems
Windows 10 (version 151)
Windows 10 and Windows Server 2016 (version 1607)
Windows 10 (version 1703)
Windows 10 (version 1709)
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
While updating, I noticed that Windows Defender definition updates are now showing as “Windows Defender Antivirus” in my Windows 8.1 PC update history. I guess Windows Defender in Windows 8.1 and Windows 10 uses the same engine/definitions.
My main Windows 10 1709 computer reports that the installation failed for KB4054517, but winver shows OS Build 16299.125, so I guess it’s alright anyway… the error code is: 0x80070643
My W10 system lists failed install for KB4054517 but event logs show it as successful, winver shows 16299.125, when I check to uninstall, it shows it has been installed, yet lists it as failed. Debating removing it and manually installing it again.
My 12/17 updates completed ok but the malicious software removal tool for 11/17 is still listed along with the 12/17 msrt. Is this something new?
If you don’t run the tool or hide it, I think it still shows up. I hope that’s the case.
any idea why the security updates spreadsheet shows the severity as important but the descriptions on Microsoft shows critical?
2017-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4054520)
Locale: All
Deployment: Important/Automatic Updates, WSUS, and Catalog
Classification: Security Updates
Security severity rating: Critical
Supersedes: KB4050945 on Windows Embedded 8 Standard and Windows Server 2012
Target platforms: Windows Embedded 8 Standard and Windows Server 2012
Approximate file sizes:
2017-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard/Windows Server 2012 x64 update: ~ 190812KB
2017-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard for x86-based Systems update: ~ 119746KB
Description:
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
http://support.microsoft.com/help/4054520
That’s a good question. I cannot say unfortunately. Maybe it is a copy/paste error, would not be the first.
Why does every monthly rollup have to scramble my start menu tiles? :(
WIN7x64 – kb4054521 > critical error 1603 at the installation, then NO NETWORK, NO INTERNET CONNEXION ANYMORE. Forced to reinstall a backup.
@ Bored
Why KB4054521 and not KB4054518 (version x64) ?
No problem with the last here.
Because I use WSUS with Security Only Quality Update for Windows x64 checked. I tried with the KB4054521 downloaded using the link from the Microsoft server, same error, same punition.
anyone found a way how to update professional version 1511 (November) with security patches, which are available only for Enterprise version?
can’t update to 1607 or 1703, have to stay with 1511 due to compatibility
thanks
Those who install the Security Only Quality Updates for Windows 7 & 8.1 instead of the Security Monthly Quality Rollups must also install the [separate] monthly Internet Explorer 11 Cumulative Security Update.
A comprehensive up-to-date list with download links for both sets of updates (x32 & x64 systems) can be found at:
https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ .