Wednesday, September 18, 2024
HomeComputer SecurityMicrosoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with...

Microsoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with Active Windows Zero day

Published on

Microsoft released new security updates for November patch Tuesday with fixes for 63 vulnerabilities that affected various Microsoft products.

Following Microsoft products are patched in this November security release along with some of the critical security vulnerabilities.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Team Foundation Server
  • Microsoft Dynamics 365 (on-premises) version 8
  • PowerShell Core
  • Microsoft.PowerShell.Archive 1.2.2.0

Among 63 Microsoft flaws, 12 vulnerabilities categorized under “Critical”, 49  vulnerabilities rated as “Important”.

- Advertisement - EHA

Critical security vulnerabilities that when exploited could lead to code execution and allow a remote attacker to execute commands on a vulnerable computers

Apart from this, Microsoft Fixed a Zero-day flow that exposed under a Twitter Name SandboxEscaper along with active exploit that referred as a Delete bug and it allows non-admins to delete any file by abusing a new Windows service not checking permissions again.

According to Microsoft, Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

Microsoft Security Updates- November

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8565Win32k Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8485DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8562Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8553Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2018-8561DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8554DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8563DirectX Information Disclosure Vulnerability

Microsoft Dynamics

Microsoft DynamicsCVE-2018-8605Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8607Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8606Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8609Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2018-8608Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

Microsoft Edge

Microsoft EdgeCVE-2018-8564Microsoft Edge Spoofing Vulnerability
Microsoft EdgeCVE-2018-8545Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8567Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Office

Microsoft OfficeCVE-2018-8579Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8577Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8575Microsoft Project Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8576Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8522Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8524Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8539Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8558Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8573Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8574Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8582Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8557Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8552Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8551Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8556Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8555Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8541Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8542Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8588Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8544Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2018-8543Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8592Windows Elevation Of Privilege Vulnerability
Microsoft WindowsADV180028Guidance for configuring BitLocker to enforce software encryption
Microsoft WindowsCVE-2018-8476Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8584Windows ALPC Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8550Windows COM Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8549Windows Security Feature Bypass Vulnerability

Microsoft PowerShell

Microsoft PowerShellCVE-2018-8256Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShellCVE-2018-8415Microsoft PowerShell Tampering Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8578Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2018-8572Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8568Microsoft SharePoint Elevation of Privilege Vulnerability

Other Products

.NET CoreCVE-2018-8416.NET Core Tampering Vulnerability
Active DirectoryCVE-2018-8547Active Directory Federation Services XSS Vulnerability
Adobe Flash PlayerADV180025November 2018 Adobe Flash Security Update
AzureCVE-2018-8600Azure App Service Cross-site Scripting Vulnerability
BitLockerCVE-2018-8566BitLocker Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8570Internet Explorer Memory Corruption Vulnerability
Microsoft DriversCVE-2018-8471Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2018-8581Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Windows Search ComponentCVE-2018-8450Windows Search Remote Code Execution Vulnerability
Servicing Stack UpdatesADV990001Latest Servicing Stack Updates
Skype for Business and Microsoft LyncCVE-2018-8546Microsoft Skype for Business Denial of Service Vulnerability
Team Foundation ServerCVE-2018-8602Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio ServiceCVE-2018-8454Windows Audio Service Information Disclosure Vulnerability
Windows KernelCVE-2018-8589Windows Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8408Windows Kernel Information Disclosure Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its...

CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its...