Microsoft Releases 55 Security Fixes For Patch Tuesday

Share post:

Microsoft has released 55 security fixes for software for the month of November, including patches that fix zero-day vulnerabilities that are actively exploited in the wild.

The tech giant’s latest set of patches, typically released on the second Tuesday of each month in the so-called Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution bugs (RCE), information leaks, and privilege elevation security vulnerabilities, including patches for issues related to spoofing and tampering.

The November security update affects Microsoft Azure, the Chromium-based Edge browser, Microsoft Office and related products such as Excel, Word, and SharePoint – Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

In addition, the most important vulnerabilities that have been fixed in this update are:

  • CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). In active exploit, this vulnerability affects Microsoft Exchange Server and may lead to RCE due to improper validation of cmdlet arguments. However, attackers must be authenticated.
  • CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). This vulnerability has been found in Microsoft Excel and can be exploited to circumvent security controls. Microsoft says the Preview Pane is not an attack vector. A patch for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021 is still not available.
  • CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be locally exploited and trigger RCE.

According to the Zero Day Initiative (ZDI), this is a relatively small number of vulnerabilities that were fixed in November.

In addition, Visual Studio 2022 and .NET 6 were made available to the general public from November 8. Visual Studio 2022 now includes a refresher of some of its key features as well as debug enhancements for developers.

.NET 6, on the other hand, contains performance improvements and is the first version to support both Windows Arm64 and Apple Arm64 Silicon.

For more information, read the original story in ZDNet.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways