It's that time of the month again for Microsoft updates. November's Patch Tuesday brings with it patches for 53 CVEs as well as rollup security patches for Adobe Flash and Microsoft Office. 19 of those 53 are rated "Critical", 31 are rated "Important" and the final 3 are rated as "Moderate".
The vast majority of the "Critical" rated CVEs patch vulnerabilities in the Microsoft Scripting Engine again this month. The others patch vulnerabilities in Internet Explorer and Edge, so, as always, be careful of browsing to strange web sites or opening Office documents; Especially those links and documents that arrive in an unsolicted message or email.
Among the more severe vulnerabilities on the "Important" list include arbitrary code execution in Office components and several privilege escalation vulnerabilities that could potentially allow an attacker to execute malware at a SYSTEM or Administrative level.
Critical
November 2017 Flash Security Updates
ADV170019
Remote Code Execution
Internet Explorer Memory Corruption Vulnerability
CVE-2017-11855, CVE-2017-11856
Remote Code Execution
Microsoft Edge Memory Corruption Vulnerability
CVE-2017-11845
Remote Code Execution
Scripting Engine Memory Corruption Vulnerability
CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, CVE-2017-11873
Remote Code Execution
Important
.NET CORE Denial Of Service Vulnerability
CVE-2017-11770
Denial of Service
ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2017-11879
Elevation of Privilege
ASP.NET Core Denial Of Service Vulnerability
CVE-2017-11883
Denial of Service
Device Guard Security Feature Bypass Vulnerability
CVE-2017-11830
Security Feature Bypass
Microsoft Browser Memory Corruption Vulnerability
CVE-2017-11827
Remote Code Execution
Microsoft Edge Information Disclosure Vulnerability
CVE-2017-11803, CVE-2017-11833, CVE-2017-11844
Information Disclosure
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2017-11863, CVE-2017-11872, CVE-2017-11874
Security Feature Bypass
Microsoft Excel Memory Corruption Vulnerability
CVE-2017-11878
Remote Code Execution
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2017-11877
Security Feature Bypass
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2017-11850
Information Disclosure
Microsoft Office Memory Corruption Vulnerability
CVE-2017-11882, CVE-2017-11884
Remote Code Execution
Microsoft Word Memory Corruption Vulnerability
CVE-2017-11854
Remote Code Execution
Scripting Engine Information Disclosure Vulnerability
CVE-2017-11791, CVE-2017-11834
Information Disclosure
Windows EOT Font Engine Information Disclosure Vulnerability
CVE-2017-11832, CVE-2017-11835
Information Disclosure
Windows GDI Information Disclosure Vulnerability
CVE-2017-11852
Information Disclosure
Windows Information Disclosure Vulnerability
CVE-2017-11831, CVE-2017-11880
Information Disclosure
Windows Kernel Elevation of Privilege Vulnerability
CVE-2017-11847
Elevation of Privilege
Windows Kernel Information Disclosure Vulnerability
CVE-2017-11842, CVE-2017-11849, CVE-2017-11851, CVE-2017-11853
Information Disclosure
Windows Media Player Information Disclosure Vulnerability
CVE-2017-11768
Information Disclosure
Windows Search Denial of Service Vulnerability
CVE-2017-11788
Denial of Service
Moderate
ASP.NET Core Information Disclosure Vulnerability
CVE-2017-8700
Information Disclosure
Internet Explorer Information Disclosure Vulnerability
CVE-2017-11848
Information Disclosure
Microsoft Project Server Elevation of Privilege Vulnerability
CVE-2017-11876
Elevation of Privilege
No Risk Rating
Microsoft Office Defense in Depth Update
ADV170020
