Microsoft released its latest monthly security update, addressing 68 vulnerabilities that impact several products in its portfolio. The batch includes fixes for 11 issues marked as Critical, 55 as Important, and 2 OpenSSL vulnerabilities flagged as High severity.
The most severe flaws consist of code injection, elevation of privilege, denial of service (DoS) and remote code execution vulnerabilities affecting products such as Azure, Microsoft Exchange Server, Hyper-V, Kerberos, and Windows’ Point-to-Point Tunneling (PPTP) protocol.
November’s Patch Tuesday provides fixes for two high-severity OpenSSL vulnerabilities that could lead to crashes, facilitate remote code execution, or allow attackers to cause Denial of Service via buffer overrun.
A crucial part of this month’s security updates consists of patches for six actively exploited zero-day vulnerabilities, one of which was publicly disclosed. The now-patched zero-days are:
Microsoft recommends prioritizing the latest security updates to prevent attackers from exploiting the vulnerabilities addressed. While most systems should install the updates automatically, you could also perform a manual check and apply any recommended patches.
Trustworthy security software such as Bitdefender Ultimate Security can also protect you against zero-day exploits and other types of cyberthreats with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024