Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, Windows Hyper-V, Windows Defender, and Visual Studio.

All in all, it’s a pretty light month, according to the Zero Day Initiative’s (ZDI’s) Dustin Childs. “Historically speaking, 55 patches in November is a relatively low number,” he commentd. “Even going back to 2018 when there were only 691 CVEs fixed all year, there were more November CVEs.”

Still, as always, this Patch Tuesday delivers high-priority fixes, the most urgent of which being the duo that are under attack.

High-Priority, Actively Exploited Pair of Bugs

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability.

This is a critical remote code execution (RCE) weakness in Exchange Server caused by issues with the validation of command-let (cmdlet) arguments – i.e., lightweight commands used in the PowerShell environment. They’re invoked by

Read More: https://threatpost.com/microsoft-nov-patch-tuesday-fixes-six-zero-days-55-bugs/176143/