Microsoft Patches 55 Vulnerabilities, Including 6 Zero-Days and 4 Critical Issues
Microsoft has addressed a significant number of security vulnerabilities in its November Patch Tuesday release. Among them are several critical issues, including remote code execution flaws and security feature bypasses, affecting various Microsoft products, including Microsoft 365.
The tech giant patched a total of 55 vulnerabilities. Notably, four out of six zero-day flaws discovered by Google's Project Zero team were included in this batch. One such vulnerability, CVE-2021-42316, is a Remote Code Execution (RCE) issue in Microsoft Dynamics 365 (on-premises), although details remain scarce.
Other critical vulnerabilities include CVE-2021-38666, an RCE flaw in the Remote Desktop Client exploitable via compromised or malicious Desktop Servers, and CVE-2021-26443, an RCE issue in the Microsoft Virtual Machine Bus (VMBus) exploitable via specially crafted communication. Additionally, CVE-2021-42292, an Excel Security Feature Bypass vulnerability affecting Windows and macOS, and CVE-2021-42321, an actively exploited Exchange Server RCE flaw, were patched.
Among the patched vulnerabilities, six were rated critical and six were previously reported as zero-days. Another notable fix is CVE-2021-42279, a Chakra Scripting Engine Memory Corruption vulnerability exploitable via remote attacks. Furthermore, CVE-2021-3711, an OpenSSL Buffer Overflow vulnerability in Microsoft Visual Studio, and CVE-2021-42298, a Defender Remote Code Execution vulnerability exploitable via malicious files, were also addressed.
In summary, Microsoft's November Patch Tuesday addressed 55 vulnerabilities, including several critical and previously unknown issues affecting Microsoft 365. Users and administrators are advised to apply these updates promptly to protect against potential security threats.
