Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution.
The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers on practically every build of Windows, Internet Explorer and Edge.
The
Internet Explorer bulletin is marked critical for any users running versions of
IE 7 to IE 11 and fixes 25 different vulnerabilities, mostly memory corruption bugs that can lead to code execution, in the browser. Assuming an attacker could get a user to view a specially crafted website, they could exploit the vulnerabilities and gain the same rights as the user.
In addition to the memory corruption bugs, three other issues, including an information disclosure vulnerability, an ASLR bypass, and a different type of memory corruption bug–this one in the scripting engines JScript and VBScript–were also fixed.
