Microsoft has released its latest patch, November Patch Tuesday, for addressing 53 different vulnerabilities.
Out of the total count, 25 of these fixes are directed at remote code executions and 14 are for the Windows operating system.
The 53 fixes are spread all over, including Edge, Office, Windows OS and Internet Explorer.
The major portion of the patch has been directed for browsers as well as for Adobe and Microsoft Office.
This is part of the company’s routine monthly update for its products.
However, the good news is that there are no zero-day vulnerabilities that have appeared this month, though there are some moderate security patches available in this update.
Four specific vulnerabilities had been mentioned in detail before the release of the patch. However, luckily, none of these four mentioned vulnerabilities suffered from attacks. They include:
- 2017 11827, Memory Corruption in Microsoft Browser, 1 and 2
- CVE 2017 11848, for IE Info Disclosure
- CVE 2017 11883, ASP.NET (Core Denial Service)
- CVE 2017 8700, ASP.NET, Core Info Disclosure
Security Fixes to Critical Vulnerabilities
The patch comes with two special fixes related to security. One of them is for Flash updates, whereas the other delivers security products connected with Microsoft Office.
This is part of the Depth Update Defense series.
CVE 2017 11830 is also another security fix coming with this patch. The vulnerability is concerned with attackers being able to bypass the Device Guard in the Windows system.
Another fix is the CVE 2017 11887, which tackles a vulnerability that risks the possibility that attackers can bypass macro execution security protection in Excel.
The latter will become very popular among distributors of malware in the next few weeks.
Microsoft said that before these fixes, attackers could have gained access to the same user rights if they were able to exploit the previous vulnerabilities.
In case a web-based attack had taken place, hackers would have been able to host a special site for exploiting the vulnerabilities using Microsoft Edge.
They would then be able to convince users to visit the site.
These sites would possibly contain content that was capable of exploiting vulnerabilities.
It is particularly interesting that in the November Patch Tuesday releases this month, not even one patch has been termed as “Critical.”
Yet, it is important to focus on the last two security fixes mentioned above, as these two vulnerabilities enable malware programs to access authenticated files.
Microsoft also added some more fixes to the November Patch Tuesday release. It offered fixes for six remote code execution problems.
This has to do with the manner in which scripting engines use memory objects in the browsers.
Adobe Flash Player
In addition to these above fixes, Microsoft has also offered updates for the Adobe Flash Player.
These are corresponding with the APSB17 series of updates for Adobe.
The patches are for Acrobat and for Reader. Thus, it is warned that people who use Flash Player must make sure that they have updated their Adobe software on all their devices, in order to get complete protection.
KRACK Vulnerabilities Addressed
It is also to be noted with the latest November Patch Tuesday fix, Microsoft has also released patches for KRACK vulnerabilities in its WPA2 protocol.
It is advised that users should ensure that their systems have been properly patched with all these latest security updates.
It is strongly recommended to all users that they apply the recent November Patch Tuesday update immediately. This is important to keep cyber attackers from compromising their systems.
It’s crucial to prioritize any vulnerabilities if they have been termed as important.
It is possible that there are POC codes in the vulnerabilities, so it is advised to all users that they give adequate attention to the November Patch Tuesday updates.
How to Install
If you wish to install these latest November Patch Tuesday fixes, you just have to access the“Settings” portal on your device.
Then, move to “Update and Security” and go to “Windows Update.” Next, move on to “Check for Updates.”
It is also possible to install the latest security patches manually.