Microsoft November Patch Tuesday: Fix 64 Security Issues
Microsoft released the November Patch Tuesday, fixing 64 security issues ranging from simple spoofing attacks to remote code execution. Products include .NET Core, Active Directory, Adobe Flash Player, Azure, BitLocker, Internet Explorer, Microsoft Drivers. , Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JScript, Microsoft Office, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft RPC, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Servicing Stack Updates, Skype for Business And Microsoft Lync, Team Foundation Server, Windows Audio Service, and Windows Kernel.
| Product | CVE number | CVE title |
| .NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
| Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
| Adobe Flash Player | ADV180025 | November 2018 Adobe Flash Security Update |
| Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
| BitLocker | CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU Miniport driver privilege elevation vulnerability |
| Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross-Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross-Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross-Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross-Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8567 | Microsoft Edge privilege elevation vulnerability |
| Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server Privilege Escalation Vulnerability |
| Microsoft Graphics Component | CVE-2018-8485 | DirectX privilege elevation vulnerability |
| Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8554 | DirectX privilege elevation vulnerability |
| Microsoft Graphics Component | CVE-2018-8561 | DirectX privilege elevation vulnerability |
| Microsoft Graphics Component | CVE-2018-8562 | Win32k Privilege Escalation Vulnerability |
| Microsoft Graphics Component | CVE-2018-8563 | DirectX Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8565 | Win32k Information Disclosure Vulnerability |
| Microsoft JScript | CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint privilege elevation vulnerability |
| Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint privilege elevation vulnerability |
| Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability |
| Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
| Microsoft RPC | CVE-2018-8407 | MSRPC Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8549 | Windows Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2018-8550 | Windows COM privilege elevation vulnerability |
| Microsoft Windows | CVE-2018-8584 | Windows ALPC Privilege Escalation Vulnerability |
| Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
| Microsoft Windows Search Component | CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
| Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Audio Service | CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8589 | Windows Win32k Privilege Escalation Vulnerability |
| Windows Kernel | CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability |
