November Patch Tuesday: Election Style
First on your list of priorities this month should be your browser updates. MS16-129 is a critical, cumulative update for Edge. It addresses 17 unique CVEs, the most troublesome being the possibility of a remote code execution if a user views a malicious webpage while using Edge. Internet Explorer users also have a critical, cumulative update in MS16-142 which could also result in a remote code execution when successfully exploited.
MS16-141 is a critical update for Adobe Flash Player when installed on Windows 8.1, Server 2012, RT, Windows 10 and Server 2016. The update addresses 9 separate CVEs by updating the affected Flash libraries contained with IE 10 and 11 and Edge and are described in detail in APSB16-37.
Not rated critical but under active exploit on older versions of Windows is MS16-135, an update for Kernel-Mode Driver. The vulnerability could allow elevation of privilege, so you may want to give this some attention.
MS16-130 is a critical update for almost all versions of Windows, both desktop and server applications. Information seems light on this one however we do know exploitation could result in remote code execution. Another update, MS16-132 for Graphics Components also impacts all current versions of Windows. It addresses one information disclosure vulnerability that exists when the Windows font library incorrectly handles fonts.
Rounding out the critical updates this month is MS16-131, is a critical update for Video Control however a user must open either a file or program from a webpage or email message for this exploit to be successful.
The bulk of the important class bulletins impact a wide range of applications which allow elevation of privilege and definitely deserves your attention this month as well.