Microsoft will release eight bulletins for Patch Tuesday in November. Four of them will result in Remote Code Execution and three of those are rated as critical. In addition, there is one elevation of privilege, two information disclosures and a denial of service all rated as Important. All the bulletins impact Microsoft Windows itself or a component of Microsoft Office and one also impacting Internet Explorer.
In addition to the eight bulletins, Microsoft has warned of a zero-day attack being actively exploited in the wild and directed against users of Microsoft Office. Microsoft has already released a ‘Fix-It’ tool to help remediate this vulnerability but we will probably have to wait until next month for a full patch. The issues centers around how some components of Microsoft Office render TIFF files and can result in remote code execution.