Patch Tuesday Archive
Patch Tuesday November 2018
Total CVEs
67
Critical
14
Important
48
Exploited
1
Publicly Disclosed
4
All CVEs this month 67
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability | Important | 6.3 |
Microsoft PowerShell | - | - | - |
| CVE-2018-8407 | Windows Remote Procedure Call Information Disclosure Vulnerability | Important | 3.3 |
Windows Remote Procedure Call | - | - | - |
| CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability | Important | 3.3 |
Microsoft PowerShell | - | - | - |
| CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability | Important | 4.5 |
Microsoft JScript | - | - | - |
| CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability | Important | 2.5 |
Windows Audio Service | - | - | - |
| CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | Important | 7 |
Windows Drivers | - | - | - |
| CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | Critical | 8.1 |
Microsoft Windows | - | - | - |
| CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| ADV180025 | November 2018 Adobe Flash Security Update | Important | - | Adobe Flash Player | - | - | - |
| CVE-2018-8529 | Team Foundation Server Remote Code Execution Vulnerability | Important | - | Visual Studio | - | - | - |
| CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability | Low | - | Skype for Business and Microsoft Lync | - | - | - |
| CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical | 7.4 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8563 | DirectX Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability | Important | 4.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8565 | Win32k Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability | Important | 4.6 |
Windows BitLocker | - | Yes | - |
| CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability | Important | - | Azure | - | - | - |
| CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Kernel | Yes | - | - |
| CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability | Important | 6.4 |
Microsoft Windows | - | - | - |
| CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | - | Microsoft Dynamics | - | - | - |
| CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | - | Microsoft Dynamics | - | - | - |
| CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | - | Microsoft Dynamics | - | - | - |
| CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | - | Microsoft Dynamics | - | - | - |
| CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical | - | Microsoft Dynamics | - | - | - |
| ADV180030 | November 20, 2018 Flash Updates | Critical | - | Adobe Flash Player | - | - | - |
| CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability | Important | 3.3 |
Windows Kernel | - | - | - |
| CVE-2018-8416 | .NET Core Tampering Vulnerability | Moderate | - | .NET Core | - | - | - |
| CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability | Important | 7.5 |
Microsoft Windows Search Component | - | - | - |
| CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability | Important | 6.5 |
Windows Active Directory | - | - | - |
| CVE-2018-8549 | Windows Security Feature Bypass Vulnerability | Important | 5.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - | - |
| CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8552 | Scripting Engine Memory Corruption Vulnerability | Low | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 5.4 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability | Important | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | Yes | - |
| ADV180028 | Guidance for configuring BitLocker to enforce software encryption | Unknown | - | Microsoft Windows | - | Yes | - |
| CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability | Important | - | Team Foundation Server | - | - | - |
| ADV180029 | Inadvertently Disclosed Digital Certificates Could Allow Spoofing | Moderate | - | Windows Certificates | - | Yes | - |
| ADV990001 | Latest Servicing Stack Updates | Critical | - | Servicing Stack Updates | - | - | - |
Threat Categories 9
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 28 | 13 |
| Elevation of Privilege | 13 | - |
| Information Disclosure | 9 | - |
| Spoofing | 9 | - |
| Security Feature Bypass | 3 | - |
| Tampering | 2 | - |
| Defense in Depth | 1 | 1 |
| Denial of Service | 1 | - |
| Unknown | 1 | - |
Affected Products 26
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Office | 11 | - |
| Microsoft Scripting Engine | 10 | - |
| Microsoft Graphics Component | 7 | - |
| Microsoft Windows | 6 | - |
| Microsoft Dynamics | 5 | - |
| Microsoft Edge (HTML-based) | 3 | - |
| Microsoft Office SharePoint | 3 | - |
| Adobe Flash Player | 2 | - |
| Microsoft PowerShell | 2 | - |
| Windows Kernel | 2 | 1 |
| .NET Core | 1 | - |
| Azure | 1 | - |
| Internet Explorer | 1 | - |
| Microsoft Exchange Server | 1 | - |
| Microsoft JScript | 1 | - |
| Microsoft Windows Search Component | 1 | - |
| Servicing Stack Updates | 1 | - |
| Skype for Business and Microsoft Lync | 1 | - |
| Team Foundation Server | 1 | - |
| Visual Studio | 1 | - |
| Windows Active Directory | 1 | - |
| Windows Audio Service | 1 | - |
| Windows BitLocker | 1 | - |
| Windows Certificates | 1 | - |
| Windows Drivers | 1 | - |
| Windows Remote Procedure Call | 1 | - |