It's that time of the month again for Microsoft, when the company releases stabilization updates for its services. For November 2019 Patch Tuesday, the company rolled out the usual array of bug fixes. Among the biggest fixes issued this month is a patch for an Internet Explorer vulnerability.
Specifically, this IE flaw is located in the scripting engine of the browsers. Microsoft has the vulnerability has already been exploited in the wild. Named CVE-2019-1429, Microsoft describes the big as a remote execution flaw caused by “the way that the scripting engine handles objects in memory in Internet Explorer.”
As this is a scripting bug, it extends beyond Internet Explorer and also into Office apps to help them display web content. Hackers are able to create nefarious Office documents with malicious code embedded in them.
Google Project Zero, Resecurity, and iDefense Labs have all reported an active exploit of the vulnerability. Microsoft was told about the attacks, but no information on the specific details has been given.
Elsewhere on November Patch Tuesday, Microsoft has fixed a total of 74 bugs that are in nine of its products or services.
Full November Patch Tuesday Fixes
Service | CVE ID | CVE Title |
---|---|---|
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Chipsets | ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) |
Azure Stack | CVE-2019-1234 | Azure Stack Spoofing Vulnerability |
Graphic Fonts | CVE-2019-1456 | OpenType Font Parsing Remote Code Execution Vulnerability |
Microsoft Edge | CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability |
Microsoft Exchange Server | CVE-2019-1373 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2019-1408 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1439 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1438 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1407 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1394 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1393 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1396 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1395 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1437 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1432 | DirectWrite Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1411 | DirectWrite Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1440 | Win32k Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2019-1433 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1436 | Win32k Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1412 | OpenType Font Driver Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1434 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1435 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft JET Database Engine | CVE-2019-1406 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1445 | Microsoft Office Online Spoofing Vulnerability |
Microsoft Office | CVE-2019-1449 | Microsoft Office ClickToRun Security Feature Bypass Vulnerability |
Microsoft Office | CVE-2019-1446 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1447 | Microsoft Office Online Spoofing Vulnerability |
Microsoft Office | CVE-2019-1402 | Microsoft Office Information Disclosure Vulnerability |
Microsoft Office | CVE-2019-1448 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass |
Microsoft Office SharePoint | CVE-2019-1443 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2019-1442 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft RPC | CVE-2019-1409 | Windows Remote Procedure Call Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1429 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1390 | VBScript Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-1383 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1418 | Windows Modules Installer Service Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-12207 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-1420 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1417 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1415 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1374 | Windows Error Reporting Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-1422 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1423 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1424 | NetLogon Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2019-1382 | Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1385 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1380 | Microsoft splwow64 Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1388 | Windows Certificate Dialog Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1391 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-1384 | Microsoft Windows Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2019-1405 | Windows UPnP Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1381 | Microsoft Windows Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-1379 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1324 | Windows TCP/IP Information Disclosure Vulnerability |
Open Source Software | CVE-2019-1370 | Open Enclave SDK Information Disclosure Vulnerability |
Visual Studio | CVE-2019-1425 | Visual Studio Elevation of Privilege Vulnerability |
Windows Hyper-V | CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1310 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2019-0719 | Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1399 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-0712 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2019-1309 | Windows Hyper-V Denial of Service Vulnerability |
Windows Kernel | CVE-2019-1392 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-11135 | Windows Kernel Information Disclosure Vulnerability |
Windows Media Player | CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
Windows Subsystem for Linux | CVE-2019-1416 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |