Microsoft has released 55 security fixes for software including patches that resolve zero-day vulnerabilities actively exploited in the wild.
The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution (RCE) bugs, information leaks, and elevation of privilege security flaws, as well as issues that could lead to spoofing and tampering.
Products impacted by November’s security update include Microsoft Azure, the Chromium-based Edge browser, Microsoft Office — as well as associated products such as Excel, Word, and SharePoint — Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.
Some of the most interesting vulnerabilities resolved in this update, all deemed as important, are:
CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). Under active exploit, this vulnerability impacts Microsoft Exchange Server and due to improper validation of cmdlet arguments, can lead to RCE. However, attackers must be authenticated.CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). Also detected as exploited in the wild, this vulnerability was found in Microsoft Excel and can be used to circumvent security controls. Microsoft says that the Preview Pane is not an attack vector. No patch is currently available for