Microsoft's November 2019 Patch Tuesday Fixes IE Zero-day, 74 Flaws

Patch Tuesday

Today is Microsoft's November 2019 Patch Tuesday, which translates into Windows admins scrambling to patch all the systems under their care. They're having a really busy day, so don't take it personal if they seem a little grumpy!

With the release of the November 2019 security updates, Microsoft has released 2 advisories and updates for 74 vulnerabilities. Of these vulnerabilities, 13 are classified as Critical.

All users should install these security updates as soon as possible in order to protect Windows from known security risks.

For information about the non-security Windows updates, you can read about today's Windows 10 November 2019 Cumulative Updates.

Internet Explorer zero-day remote code execution vulnerability fixed

The November 2019 Patch Tuesday fixes a critical remote code execution vulnerability in Internet Explorer that was being actively exploited in the wild.

This vulnerability titled "CVE-2019-1429 - Scripting Engine Memory Corruption Vulnerability" and could allow an attacker to conduct a web-based attack via specially crafted web pages that exploits the vulnerability.

"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

This vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group, Ivan Fratric of Google Project Zero, Resecurity Inc. @resecurity_com, and an anonymous researcher working with iDefense Labs

In addition to the zero-day vulnerability, Microsoft also fixed a publicly disclosed vulnerability in Microsoft Office for Mac titled "CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass" that allows attackers to bypass security restrictions.

Discovered by and published by Outflank [1, 2], if the Microsoft Excel for Mac option "Disable all macros without notification" is enabled, XLM macros in SYLK files are executed without prompting the user.

"If Office for the Mac has been configured to use the "Disable all macros without notification" feature, XLM macros in SYLK files are executed without prompting the user. We have confirmed this behavior with fully-patched Office 2016 and Office 2019 for Mac systems," as explained by Will Dormann of the CERT/CC.

Two advisories released

In addition to the security updates, Microsoft also released two advisories that explain a new vulnerability found in Trusted Platform Modules (TPM) and a new Servicing Stack Update for Windows 10.

ADV190024 - Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
ADV990001 - Latest Servicing Stack Updates

The November 2019 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved, and advisories in the November 2019 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag	CVE ID	CVE Title	Severity
Azure Stack	CVE-2019-1234	Azure Stack Spoofing Vulnerability	Important
Chipsets	ADV190024	Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)	Unknown
Graphic Fonts	CVE-2019-1456	OpenType Font Parsing Remote Code Execution Vulnerability	Important
Microsoft Edge	CVE-2019-1413	Microsoft Edge Security Feature Bypass Vulnerability	Low
Microsoft Exchange Server	CVE-2019-1373	Microsoft Exchange Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2019-1441	Win32k Graphics Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2019-1408	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1439	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1438	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1407	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1394	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1393	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1396	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1395	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1437	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1432	DirectWrite Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1411	DirectWrite Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1440	Win32k Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1419	OpenType Font Parsing Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2019-1433	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1436	Win32k Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1412	OpenType Font Driver Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1434	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1435	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-1406	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-1445	Microsoft Office Online Spoofing Vulnerability	Important
Microsoft Office	CVE-2019-1449	Microsoft Office ClickToRun Security Feature Bypass Vulnerability	Important
Microsoft Office	CVE-2019-1446	Microsoft Excel Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2019-1447	Microsoft Office Online Spoofing Vulnerability	Important
Microsoft Office	CVE-2019-1402	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2019-1448	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-1457	Microsoft Office Excel Security Feature Bypass	Important
Microsoft Office SharePoint	CVE-2019-1443	Microsoft SharePoint Information Disclosure Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1442	Microsoft Office Security Feature Bypass Vulnerability	Important
Microsoft RPC	CVE-2019-1409	Windows Remote Procedure Call Information Disclosure Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-1426	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1429	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1427	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1428	Scripting Engine Memory Corruption Vulnerability	Moderate
Microsoft Scripting Engine	CVE-2019-1390	VBScript Remote Code Execution Vulnerability	Moderate
Microsoft Windows	CVE-2019-1383	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1418	Windows Modules Installer Service Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2018-12207	Windows Denial of Service Vulnerability	Important
Microsoft Windows	CVE-2019-1420	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1417	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1415	Windows Installer Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1374	Windows Error Reporting Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-1422	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1423	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1424	NetLogon Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2019-1382	Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1385	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1380	Microsoft splwow64 Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1388	Windows Certificate Dialog Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1391	Windows Denial of Service Vulnerability	Important
Microsoft Windows	CVE-2019-1384	Microsoft Windows Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2019-1405	Windows UPnP Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1381	Microsoft Windows Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-1379	Windows Data Sharing Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2019-1324	Windows TCP/IP Information Disclosure Vulnerability	Important
Open Source Software	CVE-2019-1370	Open Enclave SDK Information Disclosure Vulnerability	Important
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
Visual Studio	CVE-2019-1425	Visual Studio Elevation of Privilege Vulnerability	Important
Windows Hyper-V	CVE-2019-1398	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-1310	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Hyper-V	CVE-2019-0719	Hyper-V Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-1399	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Hyper-V	CVE-2019-1397	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-0712	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Hyper-V	CVE-2019-0721	Hyper-V Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-1389	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-1309	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Kernel	CVE-2019-1392	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2019-11135	Windows Kernel Information Disclosure Vulnerability	Important
Windows Media Player	CVE-2019-1430	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Critical
Windows Subsystem for Linux	CVE-2019-1416	Windows Subsystem for Linux Elevation of Privilege Vulnerability	Important