Microsoft addresses 53 security vulnerabilities in November ‘Patch Tuesday’ release
Microsoft Corp. today released 53 software patches in its November 2017 Patch Tuesday, the most critical dealing with issues in its Edge and Internet Explorer web browsers.
The patches covered the full range of Microsoft products, including Windows OS, Microsoft Office Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core and the Chackra Core browser engine, but in contrast to previous releases, there were no patches for zero-day or heretofore unknown issues.
Greg Wiseman, senior security researcher at Rapid7 Inc., told SiliconANGLE that web browser issues account for two-thirds of this month’s patched vulnerabilities, with 24 common vulnerabilities and exposures reports patched in Microsoft’s Edge browser and 12 with Internet Explorer.
In addition, the release addressed five Adobe Flash Player vulnerabilities, all of which are classified as Critical Remote Code Execution bugs. “In fact it’s quite a big month for Adobe, which has issued advisories across nine separate products, with 62 vulnerability fixes just for Acrobat and Reader,” Wiseman said. “Most of these address critical RCE vulnerabilities. Given the prevalence of PDF documents, administrators should take a close look at whether Adobe software in their environment is up-to-date.”
Chris Goettl, product manager at Ivanti Inc., said that of the patches released, enterprises should pay particular attention to two that deal with vulnerabilities that allow a hacker to create an exploit or at least give them a jumpstart on where to begin.
One vulnerability, known as CVE-2017-11827, could be used in a phishing email or an exploiting website to convince a user to open a malicious attachment or content, he said. “Once exploited, the attacker would gain equal rights to the current user. If the user is a full administrator the attacker would gain control of the affected system.”
The second issue, CVE-2017-11848, is an information disclosure vulnerability in Internet Explorer that “could allow an attacker to track the navigation of the user leaving a maliciously crafted page,” he said.
Further details on the release are available from Microsoft.
Photo: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU