INFRA
INFRA
INFRA
Microsoft addresses 53 security vulnerabilities in November ‘Patch Tuesday’ release
Microsoft Corp. today released 53 software patches in its November 2017 Patch Tuesday, the most critical dealing with issues in its Edge and Internet Explorer web browsers.
The patches covered the full range of Microsoft products, including Windows OS, Microsoft Office Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core and the Chackra Core browser engine, but in contrast to previous releases, there were no patches for zero-day or heretofore unknown issues.
Greg Wiseman, senior security researcher at Rapid7 Inc., told SiliconANGLE that web browser issues account for two-thirds of this month’s patched vulnerabilities, with 24 common vulnerabilities and exposures reports patched in Microsoft’s Edge browser and 12 with Internet Explorer.
In addition, the release addressed five Adobe Flash Player vulnerabilities, all of which are classified as Critical Remote Code Execution bugs. “In fact it’s quite a big month for Adobe, which has issued advisories across nine separate products, with 62 vulnerability fixes just for Acrobat and Reader,” Wiseman said. “Most of these address critical RCE vulnerabilities. Given the prevalence of PDF documents, administrators should take a close look at whether Adobe software in their environment is up-to-date.”
Chris Goettl, product manager at Ivanti Inc., said that of the patches released, enterprises should pay particular attention to two that deal with vulnerabilities that allow a hacker to create an exploit or at least give them a jumpstart on where to begin.
One vulnerability, known as CVE-2017-11827, could be used in a phishing email or an exploiting website to convince a user to open a malicious attachment or content, he said. “Once exploited, the attacker would gain equal rights to the current user. If the user is a full administrator the attacker would gain control of the affected system.”
The second issue, CVE-2017-11848, is an information disclosure vulnerability in Internet Explorer that “could allow an attacker to track the navigation of the user leaving a maliciously crafted page,” he said.
Further details on the release are available from Microsoft.
Photo: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
