Microsoft has published 55 software security updates, including patches for zero-day vulnerabilities being actively exploited in the wild.
The newest batch of fixes from the Redmond behemoth includes patches for six significant vulnerabilities, 15 remote code execution (RCE) defects, data breaches, and security weaknesses that might lead to spoofing and tampering, as well as issues that could lead to spoofing and tampering.
Microsoft Azure, the Chromium-based Edge browser, Microsoft Office (including related applications such as Excel, Word, and SharePoint), Visual Studio, Exchange Server, Windows Kernel, and Windows Defender are all affected by the November security update.
The following are some of the most notable vulnerabilities addressed in this version, all of which are considered critical:
- CVE-2021-42321 (CVSS of 3.1 8.8 / 7.7)
- CVE-2021-42292 (CVSS of 3.1 7.8 / 7.0)
- CVE-2021-43209 (CVSS of 3.1 7.8 / 6.8)
- CVE-2021-43208 (CVSS of 3.1 7.8 / 6.8)
- CVE-2021-38631 (CVSS of 3.0 4.4 / 3.9)
- CVE-2021-41371 (CVSS of 3.1 4.4 / 3.9)
As per Zero Day Initiative (ZDI), historically, the month of November has seen a low number of vulnerabilities fixed.
According to the company, there were more than twice as many CVEs resolved last year. Even in 2018, when only 691 CVEs were fixed for the whole year, November had more CVEs repaired than this month. Knowing that December is often a patch-heavy month, one could ask if there is a backlog of fixes awaiting deployment due to various issues.
Microsoft fixed 71 flaws in the October wave of security updates last month. Patches for a total of four zero-day defects, one of which was actively exploited in the wild, and three of which were made public, are of special significance.
During the September Patch Tuesday, the tech giant addressed over 60 vulnerabilities. A fix for an RCE in MSHTML was one of the changes.
Visual Studio 2022 and.NET 6 were made publicly accessible on November 8, according to Microsoft. Some features of Visual Studio 2022 have been updated, as well as debugging enhancements for developers. .NET 6 has speed improvements and is the first version to support both the Windows Arm64 and Apple Arm64 silicon architectures.