Microsoft Releases 55 Security Fixes For Patch Tuesday

Share post:

Microsoft has released 55 security fixes for software for the month of November, including patches that fix zero-day vulnerabilities that are actively exploited in the wild.

The tech giant’s latest set of patches, typically released on the second Tuesday of each month in the so-called Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution bugs (RCE), information leaks, and privilege elevation security vulnerabilities, including patches for issues related to spoofing and tampering.

The November security update affects Microsoft Azure, the Chromium-based Edge browser, Microsoft Office and related products such as Excel, Word, and SharePoint – Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

In addition, the most important vulnerabilities that have been fixed in this update are:

  • CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). In active exploit, this vulnerability affects Microsoft Exchange Server and may lead to RCE due to improper validation of cmdlet arguments. However, attackers must be authenticated.
  • CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). This vulnerability has been found in Microsoft Excel and can be exploited to circumvent security controls. Microsoft says the Preview Pane is not an attack vector. A patch for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021 is still not available.
  • CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be locally exploited and trigger RCE.

According to the Zero Day Initiative (ZDI), this is a relatively small number of vulnerabilities that were fixed in November.

In addition, Visual Studio 2022 and .NET 6 were made available to the general public from November 8. Visual Studio 2022 now includes a refresher of some of its key features as well as debug enhancements for developers.

.NET 6, on the other hand, contains performance improvements and is the first version to support both Windows Arm64 and Apple Arm64 Silicon.

For more information, read the original story in ZDNet.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways