Microsoft released new security updates for November patch Tuesday with fixes for 63 vulnerabilities that affected various Microsoft products.

Following Microsoft products are patched in this November security release along with some of the critical security vulnerabilities.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Team Foundation Server
  • Microsoft Dynamics 365 (on-premises) version 8
  • PowerShell Core
  • Microsoft.PowerShell.Archive 1.2.2.0

Among 63 Microsoft flaws, 12 vulnerabilities categorized under “Critical”, 49  vulnerabilities rated as “Important”.

Critical security vulnerabilities that when exploited could lead to code execution and allow a remote attacker to execute commands on a vulnerable computers

Apart from this, Microsoft Fixed a Zero-day flow that exposed under a Twitter Name SandboxEscaper along with active exploit that referred as a Delete bug and it allows non-admins to delete any file by abusing a new Windows service not checking permissions again.

According to Microsoft, Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

Microsoft Security Updates- November

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8565Win32k Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8485DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8562Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8553Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2018-8561DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8554DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8563DirectX Information Disclosure Vulnerability

Microsoft Dynamics

Microsoft DynamicsCVE-2018-8605Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8607Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8606Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8609Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2018-8608Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

Microsoft Edge

Microsoft EdgeCVE-2018-8564Microsoft Edge Spoofing Vulnerability
Microsoft EdgeCVE-2018-8545Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8567Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Office

Microsoft OfficeCVE-2018-8579Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8577Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8575Microsoft Project Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8576Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8522Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8524Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8539Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8558Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8573Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8574Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8582Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8557Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8552Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8551Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8556Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8555Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8541Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8542Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8588Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8544Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2018-8543Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8592Windows Elevation Of Privilege Vulnerability
Microsoft WindowsADV180028Guidance for configuring BitLocker to enforce software encryption
Microsoft WindowsCVE-2018-8476Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8584Windows ALPC Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8550Windows COM Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8549Windows Security Feature Bypass Vulnerability

Microsoft PowerShell

Microsoft PowerShellCVE-2018-8256Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShellCVE-2018-8415Microsoft PowerShell Tampering Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8578Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2018-8572Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8568Microsoft SharePoint Elevation of Privilege Vulnerability

Other Products

.NET CoreCVE-2018-8416.NET Core Tampering Vulnerability
Active DirectoryCVE-2018-8547Active Directory Federation Services XSS Vulnerability
Adobe Flash PlayerADV180025November 2018 Adobe Flash Security Update
AzureCVE-2018-8600Azure App Service Cross-site Scripting Vulnerability
BitLockerCVE-2018-8566BitLocker Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8570Internet Explorer Memory Corruption Vulnerability
Microsoft DriversCVE-2018-8471Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2018-8581Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Windows Search ComponentCVE-2018-8450Windows Search Remote Code Execution Vulnerability
Servicing Stack UpdatesADV990001Latest Servicing Stack Updates
Skype for Business and Microsoft LyncCVE-2018-8546Microsoft Skype for Business Denial of Service Vulnerability
Team Foundation ServerCVE-2018-8602Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio ServiceCVE-2018-8454Windows Audio Service Information Disclosure Vulnerability
Windows KernelCVE-2018-8589Windows Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8408Windows Kernel Information Disclosure Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

LEAVE A REPLY

Please enter your comment!
Please enter your name here