OnlyFm252
Patch Tuesday Archive

Patch Tuesday November 2019

Total CVEs

77

Critical

12

Important

62

Exploited

1

Publicly Disclosed

2

All CVEs this month 77

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2019-0719 Hyper-V Remote Code Execution Vulnerability Critical 8 Windows Hyper-V - -
CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability Critical 8 Windows Hyper-V - -
CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability Critical - Microsoft Exchange Server - -
CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 Windows Hyper-V - -
CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 Windows Hyper-V - -
CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 Windows Hyper-V - -
CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability Critical 7.8 Microsoft Graphics Component - -
CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.3 Windows Media Player - -
CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability Critical 6.7 Microsoft Graphics Component - -
CVE-2018-12207 Windows Denial of Service Vulnerability Important 4.7 Microsoft Windows - -
CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability Important 5.8 Windows Hyper-V - -
CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability Important 4.7 Windows Kernel - -
CVE-2019-1234 Azure Stack Spoofing Vulnerability Important - Azure Stack - -
CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability Important 5.8 Windows Hyper-V - -
CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability Important 5.8 Windows Hyper-V - -
CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability Important 5.3 Microsoft Windows - -
CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability Important 7 Open Source Software - -
CVE-2019-1374 Windows Error Reporting Elevation of Privilege Vulnerability Important 5.5 Microsoft Windows - -
CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability Important 6.6 Microsoft Windows - -
CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability Important 8.5 Microsoft Windows - -
CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1391 Windows Denial of Service Vulnerability Important 5.5 Microsoft Windows - -
CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability Important 7 Windows Kernel - -
CVE-2019-1393 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1394 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1395 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1396 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability Important 5.4 Windows Hyper-V - -
CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability Important - Microsoft Office - -
CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 Microsoft JET Database Engine - -
CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1408 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability Important 5.5 Microsoft RPC - -
CVE-2019-1411 DirectWrite Information Disclosure Vulnerability Important 4.4 Microsoft Graphics Component - -
CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability Important 5 Microsoft Graphics Component - -
CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability Important 4.3 Microsoft Edge - -
CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 Windows Subsystem for Linux - -
CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability Important 3.5 Microsoft Windows - -
CVE-2019-1420 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1422 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1423 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability Important 8.1 Microsoft Windows - -
CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability Important - Visual Studio - -
CVE-2019-1432 DirectWrite Information Disclosure Vulnerability Important 4.4 Microsoft Graphics Component - -
CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - -
CVE-2019-1434 Win32k Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - -
CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - -
CVE-2019-1436 Win32k Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - -
CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component - -
CVE-2019-1439 Windows GDI Information Disclosure Vulnerability Important 4.7 Microsoft Graphics Component - -
CVE-2019-1440 Win32k Information Disclosure Vulnerability Important 5 Microsoft Graphics Component - -
CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-1445 Microsoft Office Online Spoofing Vulnerability Important - Microsoft Office - -
CVE-2019-1446 Microsoft Excel Information Disclosure Vulnerability Important - Microsoft Office - -
CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability Important - Microsoft Office - -
CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability Important - Microsoft Office - -
CVE-2019-1454 Windows User Profile Service Elevation of Privilege Vulnerability Important - Microsoft Windows - -
CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability Important 7.8 Graphic Fonts - -
CVE-2019-1457 Microsoft Office Excel Security Feature Bypass Important - Microsoft Office - Yes
CVE-2019-1460 Outlook for Android Spoofing Vulnerability Important - Android App - -
CVE-2019-1390 VBScript Remote Code Execution Vulnerability Moderate 7.5 Microsoft Scripting Engine - -
CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability Moderate 7.5 Microsoft Scripting Engine Yes -
ADV190024 Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) Unknown - Chipsets - Yes

    Threat Categories 7

    Threat Category CVEs Critical
    Elevation of Privilege 28 -
    Remote Code Execution 17 12
    Information Disclosure 15 -
    Denial of Service 6 -
    Security Feature Bypass 6 -
    Spoofing 4 -
    Unknown 1 -

    Affected Products 19

    Product CVEs Exploited
    Microsoft Windows 21 -
    Microsoft Graphics Component 19 -
    Windows Hyper-V 9 -
    Microsoft Office 7 -
    Microsoft Scripting Engine 5 1
    Windows Kernel 2 -
    Microsoft Office SharePoint 2 -
    Microsoft Exchange Server 1 -
    Windows Media Player 1 -
    Azure Stack 1 -
    Open Source Software 1 -
    Microsoft JET Database Engine 1 -
    Microsoft RPC 1 -
    Microsoft Edge 1 -
    Windows Subsystem for Linux 1 -
    Visual Studio 1 -
    Graphic Fonts 1 -
    Android App 1 -
    Chipsets 1 -