Menu
Microsoft moves to fix over 50 security issues in latest Patch Tuesday

Microsoft moves to fix over 50 security issues in latest Patch Tuesday

Adobe also released nine security advisories addressing vulnerabilities in their products

November’s Patch Tuesday saw Microsoft roll out fixes for more than 50 security issues, covering vulnerabilities and bugs in the Windows operating system, Internet Explorer, Edge, ASP .NET Core, Chakra Core browsing engine and Microsoft Office.

Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature, which isn’t new according to security software vendor, Trend Micro.

However, the method has made a resurgence with reports of cyber espionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads.

Microsoft said users with Windows 10 Fall Creators Update, are protected from DDE attacks through its Windows Defender Exploit Guard.

According to a blog post by Trend Micro, 20 of the vulnerabilities addressed by November’s Patch Tuesday were rated critical in terms of severity, with 31 rated important.

Trend Micro said that six of these vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative, and were related to memory corruption, information disclosure, validation issues, security feature bypasses, and privilege escalation, the security vendor noted.

November’s Patch Tuesday, which saw updates released on 14 November, also addresses security flaws that have public exploits, including:

CVE-2017-11827: a memory corruption issue in IE and Edge that can lead to remote code execution (RCE); CVE-2017-11848: an information disclosure vulnerability that can let attackers track users when they leave a website; CVE-2017-11883: a denial-of-service vulnerability in ASP .NET Core; CVE-2017-8700: an information disclosure flaw in ASP .NET Core.

There were also fixes for CVE-2017-11830 and CVE-2017-11877. The former is a vulnerability that enables attackers to bypass Windows Device Guard’s security feature, while CVE-2017-11877 can let an attacker bypass the macro execution protection in Microsoft Excel.

Adobe also released nine security advisories addressing vulnerabilities in their products, including those in Adobe Acrobat and Reader (APSB17-36).

The security bulletin for Flash Player (APSB17-33), which affects Windows (10 and 8.1), Mac, Linux, and Chrome OS is also notable.

Three of these RCE vulnerabilities (CVE-2017-3112, CVE-2017-3114, and CVE-2017-11213), along with 14 others in other Adobe products, were also disclosed to Adobe through Trend Micro’s Zero Day Initiative.

Microsoft released its own versions of Adobe’s patches for Flash Player via ADV170019, Trend Micro said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftadobePatch Tuesday

Featured

Slideshows

Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments