Microsoft released the official patches for over 112 newly discovered vulnerabilities as part of its November 2020 Patch Tuesday. The technology giant stated the latest fixes address 17 critical-rated flaws, 93 important, and 12 low-rated flaws, including an actively exploited zero-day flaw, which was disclosed by Google’s security team recently.
The security release consists of updates for various Microsoft products, which include:
- Microsoft Windows
- Office and Office Services and Web Apps
- Internet Explorer
- Exchange Server
- Microsoft Dynamics
- Windows Codecs Library
- Azure Sphere
- Windows Defender
- Microsoft Teams
- Visual Studio
“The Microsoft Security Response Center has been scoring Windows and Browser vulnerabilities since 2016. Now we are scoring every vulnerability and displaying the details that make up that score in the new version of the Security Update Guide,” Microsoft said.
Last month Microsoft released updates to fix 129 vulnerabilities: 23 of which were deemed critical, 105 were important, and the rest were moderate in severity. The patches addressed vulnerabilities in Microsoft Windows, the Edge browser, ChakraCore, Internet Explorer, SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps.
CISA Advice to Patch Microsoft Flaws
Recently, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an advisory for enterprises’ specifically asking them to apply required patches for the two Microsoft vulnerabilities – RCE Windows Codecs (CVE-2020-17022) and Visual Studio Code (CVE-2020-17023). With CVE-2020-17023 requiring an update, coupled with an out-of-band advisory, both CISA and Quinlan have encouraged administrators to patch this vulnerability quickly. While Microsoft stated that there is no exploitation observed in the wild, the follow up of the CISA advisory suggests that administrators should review the patches and apply the updates if necessary. Read the full story here…