Microsoft Security Updates

Microsoft released new security updates for November patch Tuesday with fixes for 63 vulnerabilities that affected various Microsoft products.

Following Microsoft products are patched in this November security release along with some of the critical security vulnerabilities.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Team Foundation Server
  • Microsoft Dynamics 365 (on-premises) version 8
  • PowerShell Core
  • Microsoft.PowerShell.Archive 1.2.2.0

Among 63 Microsoft flaws, 12 vulnerabilities categorized under “Critical”, 49  vulnerabilities rated as “Important”.

Critical security vulnerabilities that when exploited could lead to code execution and allow a remote attacker to execute commands on a vulnerable computers

Apart from this, Microsoft Fixed a Zero-day flow that exposed under a Twitter Name SandboxEscaper along with active exploit that referred as a Delete bug and it allows non-admins to delete any file by abusing a new Windows service not checking permissions again.

According to Microsoft, Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

Microsoft Security Updates- November

Microsoft Graphics Component

Microsoft Graphics Component CVE-2018-8565 Win32k Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8485 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8562 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-8561 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8554 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8563 DirectX Information Disclosure Vulnerability

 

Microsoft Dynamics

Microsoft Dynamics CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

 

Microsoft Edge

Microsoft Edge CVE-2018-8564 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8567 Microsoft Edge Elevation of Privilege Vulnerability

 

Microsoft Office

Microsoft Office CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability

 

Microsoft Scripting Engine

Microsoft Scripting Engine CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8552 Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability

 

Microsoft Windows

Microsoft Windows CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
Microsoft Windows ADV180028 Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8584 Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8550 Windows COM Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8549 Windows Security Feature Bypass Vulnerability

 

Microsoft PowerShell

Microsoft PowerShell CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShell CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability

 

Microsoft Office SharePoint

Microsoft Office SharePoint CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2018-8572 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8568 Microsoft SharePoint Elevation of Privilege Vulnerability

 

Other Products

.NET Core CVE-2018-8416 .NET Core Tampering Vulnerability
Active Directory CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
Adobe Flash Player ADV180025 November 2018 Adobe Flash Security Update
Azure CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
BitLocker CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability
Microsoft Drivers CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability

 

Microsoft Exchange Server CVE-2018-8581 Microsoft Exchange Server Elevation of Privilege Vulnerability

 

Microsoft Windows Search Component CVE-2018-8450 Windows Search Remote Code Execution Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business and Microsoft Lync CVE-2018-8546 Microsoft Skype for Business Denial of Service Vulnerability
Team Foundation Server CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio Service CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability
Windows Kernel CVE-2018-8589 Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability

 

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities