Compared to previous Microsoft Patch Tuesday's, November's is a pretty big one clocking in at 14 bulletins and nearly 40 individual CVEs. This is about twice the number of bulletins we typically seen month to month. This includes 4 Critical, 8 Important and 2 Moderate rated bulletins. Among the Critical bulletins, Internet Explorer raises its head again this month with 17 individual CVEs patched in its bulletin. The majority of these are memory corruption vulnerabilities that allow for arbitrary remote code execution.
Another Critical bulletin patches CVE-2014-6352, which fell through the cracks last month. You might remember that last month one of the vulnerabilities patched was in OLE and was seen being exploited in the wild in a campaign called Sandworm. Unfortunately that bulletin didn't completely patch the vulnerability, exploits were still seen succeeding in the wild and Microsoft was forced to release an additional advisory with a Fix-It for the problem. Now that additional exploitation avenue is closed with this month's release. Two other Critical vulnerabilities exist in Microsoft XML Core Services and in the Secure Channel, or SChannel, security component.
The majority of the rest of the bulletins include multiple security bypass and escalation of privilege vulnerabilities. For instance, a security bypass vulnerability in Remote Desktop allows users to avoid audit logging of their actions. A vulnerability in the TCP/IP stack in Windows Server would allow an attacker to execute code in the context of another running process which may have more system privileges.
All in all every supported version of Microsoft Windows is affected by this release in addition to many core software components like MSXML core and the Windows Kernel Mode Driver. Admins should get ready to roll up their sleeves and keep a hot pot of coffee handy.