of which’s Patch Tuesday—time to update your Windows devices.
Microsoft has released a large batch of security updates as part of its November Patch Tuesday in order to fix a total of 53 fresh security vulnerabilities in various Windows products, 19 of which rated as critical, 31 important as well as 3 moderate.
The vulnerabilities impact the Windows OS, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, .NET Core, as well as more.
At least four of these vulnerabilities of which the tech giant has today fixed have public exploits, allowing attackers to exploit them easily. although fortunately, none of the four are being used inside wild, according to Gill Langston at security firm Qualys.
The four vulnerabilities with public exploits identified by Microsoft as CVE-2017-8700 (an information disclosure flaw in ASP.NET Core), CVE-2017-11827 (Microsoft browsers remote code execution), CVE-2017-11848 (Internet Explorer information disclosure) as well as CVE-2017-11883 (denial of service affecting ASP.NET Core).
Potentially Exploitable Security Vulnerabilities
What’s interesting about of which month’s patch Tuesday is actually of which none of the Windows OS patches are rated as Critical. However, Device Guard Security Feature Bypass Vulnerability (CVE-2017-11830) as well as Privilege Elevation flaw (CVE-2017-11847) are something you should focus on.
Also, according to an analysis of Patch Tuesday fixes by Zero-Day Initiative, CVE-2017-11830 as well as another flaw identified as CVE-2017-11877 can be exploited to spread malware.
“CVE-2017-11830 patches a Device Guard security feature bypass vulnerability of which could allow malware authors to falsely authenticated files,” Zero-Day Initiative said.
“CVE-2017-11877 fixes an Excel security feature bypass vulnerability of which fails to enforce macro settings, which are often used by malware developers.”
The tech giant also fixed six remote code execution vulnerabilities exist “inside way the scripting engine handles objects in memory in Microsoft browsers.”
Microsoft identified these vulnerabilities as CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, as well as CVE-2017-11873, which could corrupt memory in such a way of which attackers could execute malicious code inside context of the current user.
“In a web-based attack scenario, an attacker could host a specially crafted website of which is actually designed to exploit the vulnerability through Microsoft Edge as well as then convince a user to view the website,” Microsoft said. “These websites could contain specially crafted content of which could exploit the vulnerability.”
17-Year-Old MS Office Flaw Lets Hackers Install Malware
Also, you should be extra careful when opening files in MS Office.
All versions of Microsoft Office released inside past 17 years found vulnerable to remote code execution flaw (CVE-2017-11882) of which works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update.
However, due to improper memory operations, the component fails to properly handle objects inside memory, corrupting of which in such a way of which the attacker could execute malicious code inside context of the logged-in user.
Exploitation of of which vulnerability requires opening a specially crafted malicious file with an affected variation of Microsoft Office or Microsoft WordPad software, which could allow attackers to remotely install malware on targeted computers.
Adobe Patch Tuesday: Patches 62 Vulnerabilities
Besides fixing vulnerabilities in its various products, Microsoft has also released updates for Adobe Flash Player.
These updates correspond with Adobe Update APSB17-33, which patches 62 CVEs for Acrobat as well as Reader alone. So, Flash Player users are advised to ensure of which they update Adobe across their environment to stay protected.
of which should also be noted of which last Patch Tuesday, Microsoft quietly released the patch for the dangerous KRACK vulnerability (CVE-2017-13080) inside WPA2 wireless protocol.
Therefore, users are also recommended to make sure of which they have patched their systems with the last month’s security patches.
Alternatively, users are strongly advised to apply November security patches as soon as possible in order to keep hackers as well as cybercriminals away through taking control of their computers.
For installing security updates, just head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.