Microsoft Security Updates December 2017 release

This overview offers information on security updates and non-security updates that Microsoft released for Windows, Office and other company products in December 2017.

The guide is divided into different parts: it starts with an executive summary that highlights the most important bits. This is followed by the operating system distribution which highlights how different versions of Windows are affected this month.

The list of security updates, known issues, security advisories and non-security updates comes next. The last part of the overview links directly to cumulative update downloads for Windows 7, 8.1 and 10 systems, and to resources that you will find useful to look up further information.

Check out the November 2017 Patch Day for information on last month's patches.

Microsoft Security Updates December 2017

You may download the following Excel spreadsheet listing all security updates for all products released in December 2017 by Microsoft. Download it with a click on the following link: windows-security-updates-december-2017.zip

Executive Summary

• Microsoft released security updates for all versions of Windows the company supports (client and server).
• No critical updates for Windows, but for IE and Edge.
• Other Microsoft products with security updates are: Microsoft Office, Microsoft Exchange Server, Microsoft Edge and Internet Explorer.

Operating System Distribution

• Windows 7: 2 vulnerabilities of which 2 are rated important
• Windows 8.1: 2 vulnerabilities of which 2 are rated important
• Windows 10 version 1607: 3 vulnerabilities of which 3 are rated important
• Windows 10 version 1703: 3 vulnerabilities of which 3 are rated important
• Windows 10 version 1709: 3 vulnerabilities of which 3 are rated important

Windows Server products

• Windows Server 2008: 2 vulnerabilities of which 2 are rated important
• Windows Server 2008 R2: 2 vulnerabilities of which 2 are rated important
• Windows Server 2012 and 2012 R2: 2 vulnerabilities of which 2 are rated important
• Windows Server 2016: 3 vulnerabilities of which 3 are rated important

Other Microsoft Products

• Internet Explorer 11: 13 vulnerabilities,  9 critical, 4 important
• Microsoft Edge: 13 vulnerabilities, 12 critical, 1 important

Security Updates

KB4054518 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
• Addresses additional issues with updated time zone information.
• Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054521 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Security Only Update

• Addresses additional issues with updated time zone information.
• Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054519 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
• Addresses additional issues with updated time zone information.
• Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054522 -- Windows 8.1 and Windows Server 2012 R2 Security only update

• Addresses additional issues with updated time zone information.
• Security updates to the Microsoft Scripting Engine and Windows Server.

KB4054517 -- Cumulative update for Windows 10 Version 1709 to build 16299.125

• Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
• Addresses issue where Windows Defender Device Guard and Application Control block some applications from running, even in Audit-Only Enforcement Mode.
• Addresses issue to reset PLC bit on U0/U3 transitions.
• Addresses issue with personalized Bluetooth devices that don't support bonding.
• here the touch keyboard doesn’t support the standard layout for 88 languages.
• Addresses issue where the touch keyboard for a third-party Input Method Editor (IME) has no IME ON/OFF key.
• Addresses additional issues with updated time zone information.
• Addresses issue where, when using System Center Virtual Machine
• Manager (VMM), the user can't copy or clone virtual machines (VM). The error message is "0x80070057- Invalid parameter". This issue affects the VMM UI and PowerShell scripts used for VM cloning and copying.
• Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053580 -- Cumulative update for Windows 10 Version 1703 to build 15063.786

• Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
• Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.
• Adresses issue where applications may stop responding for customers who have internet or web proxies enabled using PAC script configurations. This is a result of a reentrancy deadlock in WinHTTP.dll.
• Addresses additional issues with updated time zone information.
• Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4053579 -- Cumulative update for Windows 10 Version 1607 to build 14393.1944

• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
• Addresses additional issues with updated time zone information.
• Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error "CDPUserSvc_XXXX has stopped working" appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is "cdp.dll".
• Security updates to the Microsoft Scripting Engine and Microsoft Edge.

KB4053578 -- Cumulative update for Windows 10 Version 1511 to build 10586.1295

• Addresses additional issues with updated time zone information.
• Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048952.
• Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.

KB4052978 -- Cumulative security update for Internet Explorer: December 12, 2017

KB4047170 -- Security Update for Windows Server 2008 -- fixes an information disclosure vulnerability in Windows Media Player.

KB4052303 -- Security Update for Windows Server 2008 and Windows XP Embedded -- fixes Windows RRAS Service remote code execution vulnerability.

KB4053473 -- Security Update for Windows Server 2008 -- fixes information disclosure vulnerability in the its:// protocol handler

KB4053577 -- Security Update for Adobe Flash Player

KB4054520 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4054523 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

Known Issues

None

Security advisories and updates

CVE-2017-11940 -- Microsoft Malware Protection Engine Remote Code Execution Vulnerability

Non-security related updates

KB4055994 -- Dynamic Update for Windows Version 1709 -- Compatibility update for upgrading to and recovering Windows 10 Version 1709

KB4056457 -- Dynamic Update for Windows Version 1709 -- Reliability update for upgrading to Windows 10 Version 1709

KB4051956 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded -- Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga

KB890830 -- Windows Malicious Software Removal Tool - December 2017

KB4049068 -- Time zone changes in Windows for Fiji

Microsoft Office Updates

Microsoft released non-security updates for Microsoft Office on December 6, 2017. You can check out our overview here.

KB4011095 -- Office 2016 -- This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB4011575 -- Word 2016 -- Resolves issue described in 4011575. Includes a list of improvements on top of that:

• This update improves the performance for style properties in VBA in Word 2016.
• When you save a document in Track Changes mode, some text is lost from the document.
• The line spacing is displayed incorrectly when you use OpenType (*.otf) fonts in Word 2016.
• You cannot set the paragraph ID for the first paragraph in a text box through Word VBA.
• The text in a cell overlaps after you adjust the width of the column in a table.
• When you try to activate an OLE object in Word 2016, the object is unexpectedly activated in a newly opened application.
• When you create and edit a document that's based on a template that’s located in the Temporary Internet Files folder and then print the document, the trust bar reappears unexpectedly. When you click Enable Editing again, Word crashes.
• Horizontal lines disappear in Word 2016 when you change the zoom level.
• When you save a right-to-left Word document as a PDF or XPS file, the line numbers are on the left side of the text instead of the right side.
• Word 2016 crashes when you open a binary document (*.doc) that contains a Horizontal Line shape.
• The Arabic decimal separator is displayed as a comma character instead of a period character when you use a Hindi numeral in Office 2016 applications.
• Word 2016 crashes after you use the navigation pane when the Word application is embedded as an OLE object in another application.
• Word 2016 crashes when you try to change the grammar options for a legacy grammar checker in Office 2016.

KB4011277 -- Office 2013 -- Same as 4011575.

KB4011590 -- Word 2013 -- Same as 4011575

KB4011612 -- Office 2010 -- Same as 4011575

KB4011614 -- Word 2010 -- Same as 4011575

KB4011608 -- Word 2007 -- Same as 4011575

KB4011576 -- SharePoint Server 2016 -- Fixes an elevation of privileges vulnerability in SharePoint server.

KB4011578 -- SharePoint Enterprise Sever 2016 -- Features translation improvements, and improvements to the SharePoint Health Analyzer algorithm.

KB4011587 -- Office Web Apps Server 2013

• Assume that you have inserted the SaveDate field through Quick Parts in a Word document. In this situation, when you view the document in Word Online Viewer, the SaveDate field reports the current server time instead of the last time that the document was saved.
• When you view documents and then click the hyperlinks that contain certain characters (such as Hebrew and Arabic language) in the Word Online Viewer, the hyperlinks don’t work.

KB4011598 -- Project Server 2013 -- Various improvements to tasks, timesheets, and other issues.

KB4011589 -- Cumulative update for Project Server 2013

• The Microsoft Office 2013 hotfixes are now multilingual. This cumulative update package contains updates for all languages.
• This cumulative update package includes all the server component packages. Additionally, this cumulative update package updates only those components that are installed on the system.

KB4011601 -- SharePoint Enterprise Server 2013  -- Health Analyzer improvements.

KB4011582 -- SharePoint Enterprise Server 2013  -- Lots of fixes and improvements.

KB4011596 -- SharePoint Foundation 2013  -- Lots of fixes and improvements.

KB4011588 -- Cumulative update for SharePoint Foundation 2013 -- Same as KB4011589.

KB4011593 -- Cumulative update for SharePoint Server 2013 -- Same as KB4011589.

How to download and install the December 2017 security updates

The security updates are released as individual or cumulative updates by Microsoft. All security updates that apply to a specific version of Windows are offered through Windows Updates on most home systems.

Windows is set up by default to download and install important updates such as security updates automatically.

You can run a manual check for updates to speed up the process:

1. Tap on the Windows-key to bring up Start.
2. Type Windows Update and select the item from the list of search results.
3. Click on check for updates if Windows does not do so automatically when the Windows Update page opens.
4. Updates are either installed automatically or on user request then.

Here are direct download links to cumulative updates for 32-bit and 64-bit versions of Windows 7, Windows 8.1 and Windows 10 (all supported versions).

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

• KB4054518 -- 2017-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
• KB4054521 -- 2017-12 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

• KB4054519 -- 2017-12 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems

•  KB4054522 -- 2017-12 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10  (version 151)

• KB4053578 -- Cumulative update for Windows 10 Version 1511

Windows 10 and Windows Server 2016 (version 1607)

• KB4053579-- 2017-12  Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
  

Windows 10 (version 1703)

• KB4053580 -- 2017-12 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

• KB4054517 -- 2017-12 Cumulative Update for Windows 10 Version 1709

Additional resources

• December 2017 Security Updates release notes
• List of software updates for Microsoft products
• List of security advisories
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

---