November 2019 Patch Tuesday

Welcome back to this month’s Patch Tuesday. Microsoft has fixed 74 vulnerabilities across 9 products, with 13 critical vulnerabilities and one zero-day vulnerability. The zero-day vulnerability is for IE’s scripting engine, allowing for attackers to remotely execute code with privileges equal to the security context of the browser.

Microsoft Exchange

Exchange was patched for a remote code execution vulnerability. A user executing PowerShell cmdlets against the Exchange server would be able to execute code remotely on the server. The code would run with the same security context as Exchange.

Microsoft Browsers

Both of Microsoft’s browsers received updates this month. Internet Explorer had a scripting engine vulnerability that allowed for attackers to lure victims to maliciously crafted sites via methods like phishing, and then due to memory mismanagement, would execute code with the security context of the browser. This serves as yet another reminder to abide by the principle of least privilege and and browse as a non-administrator.

Hyper-V Hypervisor

Multiple guest escapes were patched on Hyper-V. A guest system could execute code on the host, which would be particularly dangerous in cloud settings where virtual machine escapes could lead to loss of important and damaging internal information.

Excel for Mac

One vulnerability in Excel for Mac was disclosed prior to patching this month. The patch allowed for macros to be executed even when they were explicitly disabled. Microsoft has provided a patch to prevent this specific instance of this behavior.