Summary Microsoft fixes security holes including 3 already exploited • The Register www.theregister.com
2,323 words - html page - View html page
One Line
Microsoft's November Patch Tuesday addressed 60 vulnerabilities, including 3 that were already exploited, emphasizing the importance of promptly updating systems for enhanced security.
Slides
Slide Presentation (13 slides)
Key Points
- Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities, including three that have already been exploited in the wild.
- One of the exploited vulnerabilities allows attackers to gain SYSTEM privileges and take over a vulnerable Windows box.
- Intel and AMD have also released security updates to address privilege escalation vulnerabilities.
- Adobe has patched 76 vulnerabilities across its various products.
- VMware has fixed a critical authentication bypass vulnerability in its Cloud Director appliances.
- SAP has released three new security notes, including one that fixes a critical improper access control bug in Business One.
- Google has released its Android security bulletin, addressing several vulnerabilities in the mobile OS.
- Microsoft, Meta, and other tech companies are planning strategies to combat election disinformation in 2024.
Summaries
21 word summary
Microsoft's November Patch Tuesday fixed 60 vulnerabilities, including 3 already exploited, and urged users to promptly apply updates for system security.
61 word summary
Microsoft's November Patch Tuesday addressed 60 vulnerabilities, including 3 exploited ones: an elevation-of-privilege bug in Windows Desktop Manager Core Library, flaws in Windows Cloud Files Mini Filter Driver and Windows Defender SmartScreen. These vulnerabilities likely pair with code execution bugs. Patches were also released for other security issues by Adobe, VMware, and SAP. Promptly applying updates is recommended for system security.
114 word summary
Microsoft's November Patch Tuesday addressed approximately 60 vulnerabilities, including three that have already been exploited. These exploited vulnerabilities include an elevation-of-privilege bug in the Windows Desktop Manager Core Library and flaws in the Windows Cloud Files Mini Filter Driver and Windows Defender SmartScreen. Microsoft warns that these vulnerabilities are likely paired with code execution bugs. In addition to these exploits, Microsoft released patches for other security issues, such as an ASP.NET Core denial of service bug and a Microsoft Office security feature bypass flaw. Adobe, VMware, and SAP also released patches for critical vulnerabilities in their respective products. It is recommended to apply these updates promptly to ensure system security and prevent potential attacks.
341 word summary
Microsoft's November Patch Tuesday addressed approximately 60 vulnerabilities, including three that have already been exploited. One of the exploited vulnerabilities, CVE-2023-36033, is an elevation-of-privilege bug in the Windows Desktop Manager Core Library. This flaw allows attackers to gain SYSTEM privileges and take control of vulnerable Windows systems. Another exploited vulnerability, CVE-2023-36036, affects the Windows Cloud Files Mini Filter Driver and also leads to SYSTEM privileges. The third exploited vulnerability, CVE-2023-36025, bypasses security features in Windows Defender SmartScreen. Microsoft warns that these vulnerabilities are likely paired with code execution bugs.
In addition to the exploited vulnerabilities, Microsoft released patches for other security issues. Intel issued an out-of-band update to address a privilege escalation vulnerability in server and personal computer chips. AMD fixed weaknesses in its SEV tech that could be exploited by malicious hypervisors. Microsoft also patched vulnerabilities such as an ASP.NET Core denial of service bug and a Microsoft Office security feature bypass flaw.
Adobe released patches for a whopping 76 vulnerabilities across its products, including Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server. While none of these vulnerabilities have been exploited, they could potentially allow arbitrary code execution and memory leaks.
VMware joined the patch party with a critical authentication bypass vulnerability in its Cloud Director appliances. The vulnerability allows malicious actors to bypass login restrictions when authenticating on certain ports.
SAP's November fixes included three new security notes and updates to previously related notes. One of the new notes fixed a critical improper access control bug in Business One.
In other news, Intel released 31 security updates, AMD had five announcements, and Google released its Android security bulletin.
Overall, Microsoft's November Patch Tuesday addressed several critical vulnerabilities that had already been exploited, as well as numerous other security issues across various products. Adobe, VMware, and SAP also released patches for critical vulnerabilities in their respective products. It is recommended to apply these updates promptly to ensure the security of systems and prevent potential attacks.