{"id":2142,"date":"2012-11-19T00:00:00","date_gmt":"2012-11-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/november-microsoft-security-update\/"},"modified":"2012-11-19T00:00:00","modified_gmt":"2012-11-19T00:00:00","slug":"november-microsoft-security-update","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/","title":{"rendered":"November Microsoft Security Update"},"content":{"rendered":"<p>This Tuesday Microsoft released their <a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/bulletin\/ms12-nov\">November updates<\/a>, with a few critical patches to take a look at. The biggest updates involved three vulnerabilities within Internet Explorer, as well as the first updates for all Windows releases, including Windows 8.<\/p>\n<p>The Internet Explorer patch resolves several remote code execution vulnerabilities, whereby just visiting a specially created webpage could potentially gain the same rights as the user. This was possible based on the way the browser was previously handling objects in memory. As a workaround, setting the browser\u2019s security zone settings to high will block ActiveX Controls and Active scripting.<\/p>\n<p>The critical vulnerability in the Windows shell allows for another remote code execution. This would occur if a user browsed to a specially crafted briefcase in Explorer, allowing the attacker to run arbitrary code as the user. In the event that the user has administrative rights, they could gain control of the entire system and from there could begin to change data or account permissions. Within the .NET framework, the remote code execution vulnerabilities resolved needed a user to use a malicious proxy auto configuration file. The attacker would then inject code into the application while it was running. Check the specific <a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/bulletin\/ms12-074\">bulletin<\/a> to get the list of software affected by the vulnerabilities, and what the update is rated based on that software.<\/p>\n<p>The last critical vulnerabilities are within the Windows kernel-mode drivers, based on the way they handle objects in memory. If a user opens a specially crafted document or visits a malicious webpage that has TrueType font files embedded, they allow the potential for a remote code execution exploit. All supported releases of Microsoft Windows will have the severity rating of critical for this update.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This Tuesday Microsoft released their November updates, with a few critical patches to take a look at. The biggest updates involved three vulnerabilities within Internet Explorer, as well as the first updates for all Windows releases, including Windows 8. The Internet Explorer patch resolves several remote code execution vulnerabilities, whereby just visiting a specially created webpage could potentially gain the same rights as the user. This was possible based on the way the browser was previously handling objects in memory. As a workaround, setting the browser\u2019s security zone settings to high will block ActiveX Controls and Active scripting. The critical vulnerability in the Windows shell allows for another remote code execution. This would occur if a user browsed to a specially crafted briefcase in Explorer, allowing the attacker to run arbitrary code as the user. In the event that the user has administrative rights, they could gain control of the entire system and from there could begin to change data or account permissions. Within the .NET framework, the remote code execution vulnerabilities resolved needed a user to use a malicious proxy auto configuration file. The attacker would then inject code into the application while it was running. Check the specific&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[59],"tags":[],"other_category":[],"class_list":["post-2142","post","type-post","status-publish","format-standard","hentry","category-information-technology-tips"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>November Microsoft Security Update | OTAVA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"November Microsoft Security Update\" \/>\n<meta property=\"og:description\" content=\"This Tuesday Microsoft released their November updates, with a few critical patches to take a look at. The biggest updates involved three vulnerabilities within Internet Explorer, as well as the first updates for all Windows releases, including Windows 8. The Internet Explorer patch resolves several remote code execution vulnerabilities, whereby just visiting a specially created webpage could potentially gain the same rights as the user. This was possible based on the way the browser was previously handling objects in memory. As a workaround, setting the browser\u2019s security zone settings to high will block ActiveX Controls and Active scripting. The critical vulnerability in the Windows shell allows for another remote code execution. This would occur if a user browsed to a specially crafted briefcase in Explorer, allowing the attacker to run arbitrary code as the user. In the event that the user has administrative rights, they could gain control of the entire system and from there could begin to change data or account permissions. Within the .NET framework, the remote code execution vulnerabilities resolved needed a user to use a malicious proxy auto configuration file. The attacker would then inject code into the application while it was running. Check the specific...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-19T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"November Microsoft Security Update\",\"datePublished\":\"2012-11-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\"},\"wordCount\":289,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"articleSection\":[\"Information Technology Tips\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\",\"url\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\",\"name\":\"November Microsoft Security Update | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-11-19T00:00:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"November Microsoft Security Update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"November Microsoft Security Update | OTAVA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/","og_locale":"en_US","og_type":"article","og_title":"November Microsoft Security Update","og_description":"This Tuesday Microsoft released their November updates, with a few critical patches to take a look at. The biggest updates involved three vulnerabilities within Internet Explorer, as well as the first updates for all Windows releases, including Windows 8. The Internet Explorer patch resolves several remote code execution vulnerabilities, whereby just visiting a specially created webpage could potentially gain the same rights as the user. This was possible based on the way the browser was previously handling objects in memory. As a workaround, setting the browser\u2019s security zone settings to high will block ActiveX Controls and Active scripting. The critical vulnerability in the Windows shell allows for another remote code execution. This would occur if a user browsed to a specially crafted briefcase in Explorer, allowing the attacker to run arbitrary code as the user. In the event that the user has administrative rights, they could gain control of the entire system and from there could begin to change data or account permissions. Within the .NET framework, the remote code execution vulnerabilities resolved needed a user to use a malicious proxy auto configuration file. The attacker would then inject code into the application while it was running. Check the specific...","og_url":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/","og_site_name":"OTAVA","article_published_time":"2012-11-19T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"November Microsoft Security Update","datePublished":"2012-11-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/"},"wordCount":289,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"articleSection":["Information Technology Tips"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/","url":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/","name":"November Microsoft Security Update | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-11-19T00:00:00+00:00","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/november-microsoft-security-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"November Microsoft Security Update"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2142"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2142\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2142"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}