Microsoft just announced its Patch Tuesday updates for November, and this month’s list of patches comes with fixes for 64 vulnerabilities, 12 of which are rated critical. It also has patches for the ALPC elevation of privilege vulnerability, along with a couple of other issues which were publicly disclosed.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows
-
Microsoft Office and Microsoft Office Services and Web Apps
-
Chakra Core
-
.NET Core
-
Skype for Business
-
Azure App Service on Azure Stack
-
Team Foundation Server
-
Microsoft Dynamics 365 (on-premises) version 8
-
PowerShell Core
-
Microsoft.PowerShell.Archive 1.2.2.0
Publicly-exploited vulnerabilities
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, which could lead to remote code execution. This Patch Tuesday update removes the Win32k elevation of privilege vulnerability (CVE:2018-8589).
Adobe Flash Player updates
Adobe released one important vulnerability fix for November, ADV180025. This security update addresses CVE-2018-15978. Patching this vulnerability can save you from information disclosure.
Non-security updates
This Patch Tuesday, Microsoft also released non-security updates for Office 2010, Office 2013, and Office 2016. View the entire list of non-security updates for the month of November.
Patching made simple
Patches are supposed to provide better security and improved user experience. But at times these patches can cause more trouble than the vulnerability they’re intended to fix. You can avoid compatibility issues by testing patches for stability before deployment.
ManageEngine offers two solutions for patching: Desktop Central and Patch Manager Plus. They both have a Test and Approve feature that enables you to deploy patches to a test group before automatically deploying them to client systems, ensuring that the stability of your systems is never compromised by patches. Try either Desktop Central or Patch Manager Plus out for yourself by downloading a free, 30-day trial.