INFRA
INFRA
INFRA
Microsoft addresses 53 security vulnerabilities in November ‘Patch Tuesday’ release
Microsoft Corp. today released 53 software patches in its November 2017 Patch Tuesday, the most critical dealing with issues in its Edge and Internet Explorer web browsers.
The patches covered the full range of Microsoft products, including Windows OS, Microsoft Office Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core and the Chackra Core browser engine, but in contrast to previous releases, there were no patches for zero-day or heretofore unknown issues.
Greg Wiseman, senior security researcher at Rapid7 Inc., told SiliconANGLE that web browser issues account for two-thirds of this month’s patched vulnerabilities, with 24 common vulnerabilities and exposures reports patched in Microsoft’s Edge browser and 12 with Internet Explorer.
In addition, the release addressed five Adobe Flash Player vulnerabilities, all of which are classified as Critical Remote Code Execution bugs. “In fact it’s quite a big month for Adobe, which has issued advisories across nine separate products, with 62 vulnerability fixes just for Acrobat and Reader,” Wiseman said. “Most of these address critical RCE vulnerabilities. Given the prevalence of PDF documents, administrators should take a close look at whether Adobe software in their environment is up-to-date.”
Chris Goettl, product manager at Ivanti Inc., said that of the patches released, enterprises should pay particular attention to two that deal with vulnerabilities that allow a hacker to create an exploit or at least give them a jumpstart on where to begin.
One vulnerability, known as CVE-2017-11827, could be used in a phishing email or an exploiting website to convince a user to open a malicious attachment or content, he said. “Once exploited, the attacker would gain equal rights to the current user. If the user is a full administrator the attacker would gain control of the affected system.”
The second issue, CVE-2017-11848, is an information disclosure vulnerability in Internet Explorer that “could allow an attacker to track the navigation of the user leaving a maliciously crafted page,” he said.
Further details on the release are available from Microsoft.
Photo: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
