Microsoft released new security updates for November patch Tuesday with fixes for 63 vulnerabilities that affected various Microsoft products.
Following Microsoft products are patched in this November security release along with some of the critical security vulnerabilities.
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- .NET Core
- Skype for Business
- Azure App Service on Azure Stack
- Team Foundation Server
- Microsoft Dynamics 365 (on-premises) version 8
- PowerShell Core
- Microsoft.PowerShell.Archive 1.2.2.0
Among 63 Microsoft flaws, 12 vulnerabilities categorized under “Critical”, 49 vulnerabilities rated as “Important”.
Critical security vulnerabilities that when exploited could lead to code execution and allow a remote attacker to execute commands on a vulnerable computers
Apart from this, Microsoft Fixed a Zero-day flow that exposed under a Twitter Name SandboxEscaper along with active exploit that referred as a Delete bug and it allows non-admins to delete any file by abusing a new Windows service not checking permissions again.
According to Microsoft, Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.
Microsoft Security Updates- November
Microsoft Graphics Component
| Microsoft Graphics Component | CVE-2018-8565 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8563 | DirectX Information Disclosure Vulnerability |
Microsoft Dynamics
| Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
Microsoft Edge
| Microsoft Edge | CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability |
Microsoft Office
| Microsoft Office | CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Scripting Engine
| Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows
| Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
| Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
| Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8549 | Windows Security Feature Bypass Vulnerability |
Microsoft PowerShell
| Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability |
| Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
Microsoft Office SharePoint
| Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Other Products
| .NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
| Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
| Adobe Flash Player | ADV180025 | November 2018 Adobe Flash Security Update |
| Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
| BitLocker | CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Windows Search Component | CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
| Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Audio Service | CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability |
Also Read:
Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities
Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released
Google Released Security Updates for More than 40 Android Security vulnerabilities
