Total CVEs

67

Critical

14

Important

48

Exploited

1

Publicly Disclosed

4

All CVEs this month 67

CVE Title Severity CVSS Product Exploited Disclosed Diffed
CVE-2018-8572 Microsoft SharePoint Elevation of Privilege Vulnerability Important - Microsoft Office SharePoint - - -
CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8581 Microsoft Exchange Server Elevation of Privilege Vulnerability Important - Microsoft Exchange Server - - -
CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability Important 6.3 Microsoft PowerShell - - -
CVE-2018-8407 Windows Remote Procedure Call Information Disclosure Vulnerability Important 3.3 Windows Remote Procedure Call - - -
CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability Important 3.3 Microsoft PowerShell - - -
CVE-2018-8417 Microsoft JScript Security Feature Bypass Vulnerability Important 4.5 Microsoft JScript - - -
CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability Important 2.5 Windows Audio Service - - -
CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability Important 7 Windows Drivers - - -
CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Critical 8.1 Microsoft Windows - - -
CVE-2018-8485 DirectX Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - - -
ADV180025 November 2018 Adobe Flash Security Update Important - Adobe Flash Player - - -
CVE-2018-8529 Team Foundation Server Remote Code Execution Vulnerability Important - Visual Studio - - -
CVE-2018-8546 Microsoft Skype for Business Denial of Service Vulnerability Low - Skype for Business and Microsoft Lync - - -
CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability Critical 7.4 Microsoft Graphics Component - - -
CVE-2018-8554 DirectX Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - - -
CVE-2018-8561 DirectX Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - - -
CVE-2018-8562 Win32k Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - - -
CVE-2018-8563 DirectX Information Disclosure Vulnerability Important 4.7 Microsoft Graphics Component - - -
CVE-2018-8564 Microsoft Edge Spoofing Vulnerability Important 4.3 Microsoft Edge (HTML-based) - - -
CVE-2018-8565 Win32k Information Disclosure Vulnerability Important 4.7 Microsoft Graphics Component - - -
CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability Important 4.6 Windows BitLocker - Yes -
CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability Important - Microsoft Office - - -
CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability Important - Azure - - -
CVE-2018-8589 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Kernel Yes - -
CVE-2018-8592 Windows Elevation Of Privilege Vulnerability Important 6.4 Microsoft Windows - - -
CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Important - Microsoft Dynamics - - -
CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Important - Microsoft Dynamics - - -
CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Important - Microsoft Dynamics - - -
CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Important - Microsoft Dynamics - - -
CVE-2018-8609 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical - Microsoft Dynamics - - -
ADV180030 November 20, 2018 Flash Updates Critical - Adobe Flash Player - - -
CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability Important 3.3 Windows Kernel - - -
CVE-2018-8416 .NET Core Tampering Vulnerability Moderate - .NET Core - - -
CVE-2018-8450 Windows Search Remote Code Execution Vulnerability Important 7.5 Microsoft Windows Search Component - - -
CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability Critical 7.5 Microsoft Scripting Engine - - -
CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability Important 4.3 Microsoft Edge (HTML-based) - - -
CVE-2018-8547 Active Directory Federation Services XSS Vulnerability Important 6.5 Windows Active Directory - - -
CVE-2018-8549 Windows Security Feature Bypass Vulnerability Important 5.5 Microsoft Windows - - -
CVE-2018-8550 Windows COM Elevation of Privilege Vulnerability Important 7 Microsoft Windows - - -
CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8552 Scripting Engine Memory Corruption Vulnerability Low 7.5 Microsoft Scripting Engine - - -
CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - - -
CVE-2018-8567 Microsoft Edge Elevation of Privilege Vulnerability Important 5.4 Microsoft Edge (HTML-based) - - -
CVE-2018-8568 Microsoft SharePoint Elevation of Privilege Vulnerability Important - Microsoft Office SharePoint - - -
CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability Important 7.5 Internet Explorer - - -
CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability Important - Microsoft Office - - -
CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability Important - Microsoft Office SharePoint - - -
CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability Important - Microsoft Office - - -
CVE-2018-8584 Windows ALPC Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes -
ADV180028 Guidance for configuring BitLocker to enforce software encryption Unknown - Microsoft Windows - Yes -
CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - - -
ADV180029 Inadvertently Disclosed Digital Certificates Could Allow Spoofing Moderate - Windows Certificates - Yes -
ADV990001 Latest Servicing Stack Updates Critical - Servicing Stack Updates - - -

Threat Categories 9

Threat Category CVEs Critical
Remote Code Execution 28 13
Elevation of Privilege 13 -
Information Disclosure 9 -
Spoofing 9 -
Security Feature Bypass 3 -
Tampering 2 -
Defense in Depth 1 1
Denial of Service 1 -
Unknown 1 -

Affected Products 26

Product CVEs Exploited
Microsoft Office 11 -
Microsoft Scripting Engine 10 -
Microsoft Graphics Component 7 -
Microsoft Windows 6 -
Microsoft Dynamics 5 -
Microsoft Edge (HTML-based) 3 -
Microsoft Office SharePoint 3 -
Adobe Flash Player 2 -
Microsoft PowerShell 2 -
Windows Kernel 2 1
.NET Core 1 -
Azure 1 -
Internet Explorer 1 -
Microsoft Exchange Server 1 -
Microsoft JScript 1 -
Microsoft Windows Search Component 1 -
Servicing Stack Updates 1 -
Skype for Business and Microsoft Lync 1 -
Team Foundation Server 1 -
Visual Studio 1 -
Windows Active Directory 1 -
Windows Audio Service 1 -
Windows BitLocker 1 -
Windows Certificates 1 -
Windows Drivers 1 -
Windows Remote Procedure Call 1 -