HomeWinBuzzer NewsNovember Patch Tuesday Fixes Internet Explorer Zero-Day

November Patch Tuesday Fixes Internet Explorer Zero-Day

Microsoft’s November Patch Tuesday has made 74 fixes, including one for an Internet Explorer zero-day that has already been exploited.

-

It's that time of the month again for , when the company releases stabilization updates for its services. For November 2019 Patch Tuesday, the company rolled out the usual array of bug fixes. Among the biggest fixes issued this month is a patch for an Internet Explorer vulnerability.

Specifically, this IE flaw is located in the scripting engine of the browsers. Microsoft has the vulnerability has already been exploited in the wild. Named CVE-2019-1429, Microsoft describes the big as a remote execution flaw caused by “the way that the scripting engine handles objects in memory in Internet Explorer.”

As this is a scripting bug, it extends beyond Internet Explorer and also into Office apps to help them display web content. Hackers are able to create nefarious Office documents with malicious code embedded in them.

Project Zero, Resecurity, and iDefense Labs have all reported an active exploit of the vulnerability. Microsoft was told about the attacks, but no information on the specific details has been given.

Elsewhere on November Patch Tuesday, Microsoft has fixed a total of 74 bugs that are in nine of its products or services.

Full November Patch Tuesday Fixes

Service CVE ID CVE Title
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Chipsets ADV190024 Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
Azure Stack CVE-2019-1234 Azure Stack Spoofing Vulnerability
Graphic Fonts CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability
Microsoft Edge CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Exchange Server CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1408 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1439 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1394 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1393 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1396 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1395 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1432 DirectWrite Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1411 DirectWrite Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1440 Win32k Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1436 Win32k Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1434 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft JET Database Engine CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1445 Microsoft Spoofing Vulnerability
Microsoft Office CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability
Microsoft Office CVE-2019-1446 Information Disclosure Vulnerability
Microsoft Office CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability
Microsoft Office CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1457 Microsoft Office Excel Security Feature Bypass
Microsoft Office SharePoint CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability
Microsoft RPC CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1390 VBScript Remote Code Execution Vulnerability
CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability
Microsoft Windows CVE-2018-12207 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-1420 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1374 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2019-1422 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1423 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability
Microsoft Windows CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1391 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability
Microsoft Windows CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability
Open Source Software CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability
Visual Studio CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0719 Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability
Windows Kernel CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability
Windows Media Player CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows Subsystem for Linux CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability
SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News