⚡ TL;DR - Go Straight to the November 2019 Patch Tuesday Audit Report.
Microsoft has resolved a total of 74 vulnerabilities in its November 2019 Patch Tuesday, including a Zero-Day Internet Explorer vulnerability (CVE-2019-1429) and an Excel vulnerability (CVE-2019-1457) that has been publicly disclosed.
Critical IE Zero-Day Vulnerability Patched
Following the critical Chrome Zero-Day Flaw earlier this month, Microsoft has resolved a Critical "Scripting Engine Memory Corruption Vulnerability" (CVE-2019-1429) in Internet Explorer that could allow for an attacker to execute code remotely.
Successful exploitation of this critical vulnerability could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In addition to the IE Zero-Day vulnerability, Microsoft has resolved a publicly disclosed vulnerability (CVE-2019-1457) in Office Excel 2016 for Mac that could bypass security features. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run.
Microsoft also patched several vulnerabilities in the Windows Hyper-V, an add-on to the Windows Server OS that allows users to create and run virtual machines from within Windows.
Reminder for Windows 7 End of Life
Microsoft thought it would be a good time to remind all Windows 7 & Windows Server 2008/2008 R2 users that Microsoft will stop providing security updates after January 14th, 2020. This End of Life means no more bug-fixes, security patches or new functionality, making any user - personal or enterprise - significantly more susceptible to attacks. If your organization is still running on Windows 7, now's the time to prepare for its fast-approaching EOL date.
Run the Microsoft November Patch Tuesday Audit Report
Similar to previous months, we've created an audit report which checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.