Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
TeamTNT hackers target your poorly configured Docker servers
NUCLEUS:13 TCP security bugs impact critical healthcare devices
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
PhoneSpy: Android spyware campaign targeting South Korean users
New Android malware targets Netflix, Instagram, and Twitter users
These invisible characters could be hidden backdoors in your JS code
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Patch Tuesday
Today is Microsoft’s November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest.
Microsoft has fixed 55 vulnerabilities with today’s update, with six classified as Critical and 49 as Important. The number of each type of vulnerability is listed below:
For information about the non-security Windows updates, you can read about today’s Windows 10 KB5007186 & KB5007189 cumulative updates and the Windows 11 KB5007215 cumulative update.
November’s Patch Tuesday includes fixes for six zero-day vulnerabilities, two actively exploited against Microsoft Exchange and Microsoft Excel.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited vulnerabilities fixed this month are:
The Microsoft Exchange CVE-2021-42321 vulnerability is an authenticated remote code execution bug used as part of the Tianfu Cup hacking contest last month.
However, the Microsoft Excel CVE-2021-42292 was discovered by the Microsoft Threat Intelligence Center and has been actively used in malicious attacks.
The security updates for Microsoft Office for Mac have not been released as of yet.
Microsoft also fixed four other publicly disclosed vulnerabilities that are not known to be exploited in attacks.
Other vendors who released updates in November include:
Below is the complete list of resolved vulnerabilities and released advisories in the November 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws
How to fix the Windows 0x0000011b network printing error
New Windows security updates break network printing
Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws
Windows 11 KB5007215 update released with application fixes
Not a member yet? Register Now
MediaMarkt hit by Hive ransomware, initial $240 million ransom
Microsoft urges Exchange admins to patch bug exploited in the wild
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Lockean multi-ransomware affiliates linked to attacks on French orgs

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

UK Labour Party discloses data breach after ransomware attack

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Mozilla fixes critical bug in cross-platform cryptography library

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

State-backed hackers increasingly use RTF injection for phishing

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…