November's Patch Tuesday is upon us and, this month, Microsoft addressed 74 vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429) has been seen under active exploitation. By prioritizing the released Microsoft Windows and Internet Explorer patches, the door to 58 of the 74 vulnerabilities will be closed off. Also, for the second month in a row, this Patch Tuesday sees an absent security update from Adobe for Adobe Flash Player which had previously been a monthly staple. This does align with the article surrounding Microsoft’s approach in ending Adobe Flash’s support on December 31, 2020.
The mentioned exploited remote code execution vulnerability in Internet Explorer (CVE-2019-1429) has the potential to corrupt objects in memory allowing for code execution under the context of the current user. Be wary of suspicious websites that may be embedding ActiveX controls even if marked "safe for initialization". But the common theme here is to practice safe browsing and good security hygiene (which includes patching whenever possible).
Only one vulnerability was previously disclosed this month. CVE-2019-1457 describes a security feature bypass vulnerability on Microsoft Excel 2016 and 2019 for Mac where the macro setting is not enforced. Luckily, this does not get triggered via a Preview Pane nor does it directly allow for arbitrary code execution.
In response to advisories set out by Intel on November 12, 2019, Microsoft provided additional mitigations for a Denial of Service vulnerability ( patch tuesday november
