Microsoft Releases 55 Security Fixes For Patch Tuesday

Share post:

Microsoft has released 55 security fixes for software for the month of November, including patches that fix zero-day vulnerabilities that are actively exploited in the wild.

The tech giant’s latest set of patches, typically released on the second Tuesday of each month in the so-called Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution bugs (RCE), information leaks, and privilege elevation security vulnerabilities, including patches for issues related to spoofing and tampering.

The November security update affects Microsoft Azure, the Chromium-based Edge browser, Microsoft Office and related products such as Excel, Word, and SharePoint – Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

In addition, the most important vulnerabilities that have been fixed in this update are:

  • CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). In active exploit, this vulnerability affects Microsoft Exchange Server and may lead to RCE due to improper validation of cmdlet arguments. However, attackers must be authenticated.
  • CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). This vulnerability has been found in Microsoft Excel and can be exploited to circumvent security controls. Microsoft says the Preview Pane is not an attack vector. A patch for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021 is still not available.
  • CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be locally exploited and trigger RCE.

According to the Zero Day Initiative (ZDI), this is a relatively small number of vulnerabilities that were fixed in November.

In addition, Visual Studio 2022 and .NET 6 were made available to the general public from November 8. Visual Studio 2022 now includes a refresher of some of its key features as well as debug enhancements for developers.

.NET 6, on the other hand, contains performance improvements and is the first version to support both Windows Arm64 and Apple Arm64 Silicon.

For more information, read the original story in ZDNet.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways