This overview offers information on security updates and non-security updates that Microsoft released for Windows, Office and other company products in December 2017.
The guide is divided into different parts: it starts with an executive summary that highlights the most important bits. This is followed by the operating system distribution which highlights how different versions of Windows are affected this month.
The list of security updates, known issues, security advisories and non-security updates comes next. The last part of the overview links directly to cumulative update downloads for Windows 7, 8.1 and 10 systems, and to resources that you will find useful to look up further information.
Check out the November 2017 Patch Day for information on last month's patches.
You may download the following Excel spreadsheet listing all security updates for all products released in December 2017 by Microsoft. Download it with a click on the following link: windows-security-updates-december-2017.zip
Windows Server products
Other Microsoft Products
KB4054518 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup
KB4054521 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Security Only Update
KB4054519 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup
KB4054522 -- Windows 8.1 and Windows Server 2012 R2 Security only update
KB4054517 -- Cumulative update for Windows 10 Version 1709 to build 16299.125
KB4053580 -- Cumulative update for Windows 10 Version 1703 to build 15063.786
KB4053579 -- Cumulative update for Windows 10 Version 1607 to build 14393.1944
KB4053578 -- Cumulative update for Windows 10 Version 1511 to build 10586.1295
KB4052978 -- Cumulative security update for Internet Explorer: December 12, 2017
KB4047170 -- Security Update for Windows Server 2008 -- fixes an information disclosure vulnerability in Windows Media Player.
KB4052303 -- Security Update for Windows Server 2008 and Windows XP Embedded -- fixes Windows RRAS Service remote code execution vulnerability.
KB4053473 -- Security Update for Windows Server 2008 -- fixes information disclosure vulnerability in the its:// protocol handler
KB4053577 -- Security Update for Adobe Flash Player
KB4054520 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4054523 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
CVE-2017-11940 -- Microsoft Malware Protection Engine Remote Code Execution Vulnerability
KB4055994 -- Dynamic Update for Windows Version 1709 -- Compatibility update for upgrading to and recovering Windows 10 Version 1709
KB4056457 -- Dynamic Update for Windows Version 1709 -- Reliability update for upgrading to Windows 10 Version 1709
KB4051956 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded -- Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga
KB890830 -- Windows Malicious Software Removal Tool - December 2017
KB4049068 -- Time zone changes in Windows for Fiji
Microsoft released non-security updates for Microsoft Office on December 6, 2017. You can check out our overview here.
KB4011095 -- Office 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
KB4011575 -- Word 2016 -- Resolves issue described in 4011575. Includes a list of improvements on top of that:
KB4011277 -- Office 2013 -- Same as 4011575.
KB4011590 -- Word 2013 -- Same as 4011575
KB4011612 -- Office 2010 -- Same as 4011575
KB4011614 -- Word 2010 -- Same as 4011575
KB4011608 -- Word 2007 -- Same as 4011575
KB4011576 -- SharePoint Server 2016 -- Fixes an elevation of privileges vulnerability in SharePoint server.
KB4011578 -- SharePoint Enterprise Sever 2016 -- Features translation improvements, and improvements to the SharePoint Health Analyzer algorithm.
KB4011587 -- Office Web Apps Server 2013
KB4011598 -- Project Server 2013 -- Various improvements to tasks, timesheets, and other issues.
KB4011589 -- Cumulative update for Project Server 2013
KB4011601 -- SharePoint Enterprise Server 2013 -- Health Analyzer improvements.
KB4011582 -- SharePoint Enterprise Server 2013 -- Lots of fixes and improvements.
KB4011596 -- SharePoint Foundation 2013 -- Lots of fixes and improvements.
KB4011588 -- Cumulative update for SharePoint Foundation 2013 -- Same as KB4011589.
KB4011593 -- Cumulative update for SharePoint Server 2013 -- Same as KB4011589.
The security updates are released as individual or cumulative updates by Microsoft. All security updates that apply to a specific version of Windows are offered through Windows Updates on most home systems.
Windows is set up by default to download and install important updates such as security updates automatically.
You can run a manual check for updates to speed up the process:
Here are direct download links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10 (all supported versions).
Windows 7 SP1 and Windows Server 2008 R2 SP
Windows 8.1 and Windows Server 2012 R2
KB4054519 -- 2017-12 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
KB4054522 -- 2017-12 Security Only Quality Update for Windows 8.1 for x86-based Systems
Windows 10 (version 151)
Windows 10 and Windows Server 2016 (version 1607)
Windows 10 (version 1703)
Windows 10 (version 1709)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.