Last updated at Thu, 27 Jul 2017 00:43:59 GMT

November continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as well as Windows (client and server).

While Microsoft continues actively working on resolving these issues, as witnessed in the overwhelming number of critical RCE bulletins, there is an ongoing battle in which they are unable to permanently address these vulnerabilities, which predominantly affect the consumer applications listed above. Unfortunately, this leads to one of the single largest attack vectors, consumers. These types of vulnerabilities are difficult to distinguish as they typically lure users to visit/open an e-mail, webpage or multimedia, which makes use of specially crafted content. In the worst case, upon viewing this content, a bad actor has the ability to execute malicious code and take complete control of an affected system with the same privileges of the user known as remote code execution.

This month Microsoft resolves 77 vulnerabilities across 14 bulletins. For consumers MS16-129, MS16-130, MS16-131, MS16-141 and MS16-142 are the bulletins to watch out for, addressing 30 vulnerabilities. For server users MS16-130, MS16-132, MS16-135 and MS16-141 are the bulletins to watch out for, addressing 21 vulnerabilities. Unfortunately, at this time two vulnerabilities addressed by MS16-132 (CVE-2016-7256), and MS16-135 (CVE-2016-7255) are known to have been be exploited in the wild. Additionally four vulnerabilities addressed by MS16-129 (CVE-2016-7199, CVE-2016-7209), MS16-135 (CVE-2016-7255) and MS16-142 (CVE-2016-7199) are known to have been publicly disclosed.

Users should be wary of untrusted sources as maliciously crafted content could allow an attacker to remotely execute code in-order to gain the same rights as their user account. The best protection against these threats is to patch systems as quickly as possible. Administrators, be sure to review this month's bulletins and in accordance with your specific configuration, prioritize your deployment of this months' updates. At a minimum, ensure to patch systems affected by critical bulletins (MS16-129, MS16-130, MS16-131, MS16-132, MS16-141 and MS16-142).