Microsoft has released security patches for 54 vulnerabilities found in their products in a security update released as part of their November Patch Tuesday.
Microsoft has released patches for 54 vulnerabilities found in their products in a security update released as part of their November Patch Tuesday.The fixes were released for products like Windows OS, several Office offerings, Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core, and Microsoft Scripting Engine.In the released patches 20 of them were rated as critical, 31 of them were rated important and 3 of them as moderate.Details of Four vulnerabilities with public exploit were published online before the security update which are CVE-2017-11848(Internet Explorer Information Disclosure), CVE-2017-11827(Microsoft browsers remote code execution), CVE-2017-11883(denial of service affecting ASP.NET Core), CVE-2017-8700 (ASP.NET Core Information Disclosure)According to Qualys, a security firm none of the four vulnerabilities were found used in any active campaigns.The security updates also contain two security advisories for adobe flash player and Microsoft office.The other two fixes which should be noted is CVE-2017-11830 which allows attackers to bypass the windows Device Guard Security Feature and CVE-2017-11877Which allows attackers to bypass macro execution protection in Microsoft Excel according to Researchers at Zero Day InitiativeRegarding the vulnerabilities CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, CVE-2017-11873 Microsoft said that there exists a remote code execution vulnerability in the way the scripting engine handles objects in memory in Microsoft browsers, and it could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website, These websites could contain specially crafted content that could exploit the vulnerability,” said Microsoft.For more details regarding the security update, you can visit Microsoft's official Security Update Guide.
Adobe released patches for 86 vulnerabilities
Adobe released patches for 86 vulnerabilities found in their products.A total of nine bulletins were released for Photoshop CC, Connect, DNG Converter, InDesign CC, Digital Editions, Shockwave Player and Adobe Experience Manager. The highest number of patches (56) were released for Acrobat and Reader for windows and mac.For more details regarding the security update you can visit here.Users are advised to update your products immediately.About the Author
[/lgc_column][lgc_column grid="85" tablet_grid="75" mobile_grid="75" last="true" style="background-color: #ffffff;"]Ashique is a self motivated and passionate security analyst with a good knowledge in computer networking, security analysis, vulnerability assessment and penetration testing. [/lgc_column]