If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month. It usually falls on the second Tuesday of each month and is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users.
It’s not exactly a big red-letter day for the tech industry but IT professionals and regular consumers mindful of computer security are always eager to know what each Patch Tuesday brings.
These updates usually contain bug fixes, security patches and malware database refreshes for supported Windows operating systems and a slew of Microsoft software products.
This November, Microsoft issued fixes for 53 vulnerabilities including 20 flaws that were rated as critical.
Please apply these updates as soon as you can since some of them are already known publicly.
Four publicly known exploits
Details about four of the 53 vulnerabilities were already published publicly before Patch Tuesday but thankfully, none of them are being actively exploited.
These four publicly known exploits are as follows:
- CVE-2017-11848 – An Internet Explorer Information Disclosure
- CVE-2017-11827 – Microsoft Browser Memory Corruption
- CVE-2017-11883 – ASP>Net Core Denial of Service
- CVE-2017-8700 – ASP.NET Core Information Disclosure
Windows browser security fixes
Other notable fixes are six scripting engine memory corruption flaws in Microsoft Edge and Internet Explorer 11 that could allow an attacker to execute code and take over a machine remotely. These vulnerabilities affect the said browsers running on Windows 10, Windows 8.1, Windows 7 and Windows Server version 1709.
The six browser Scripting Engine Memory Corruption Vulnerabilities are as follows:
Other critical fixes
Two other critical fixes stand out from the bunch. One is CVE-2017-11830, a flaw that allows attackers to bypass the Windows Device Guard security feature. The other one is CVE-2017-11877, a fix for an Excel flaw that allows attackers to bypass macro execution protection.
As usual, Adobe likewise released security fixes for its products. This time around, Adobe fixed 86 security flaws, including five critical vulnerabilities in Adobe Flash Player, two in Photoshop, 62 in Acrobat and Reader and 5 in Adobe Connect.
To read more about Adobe’s Security Bulletins regarding its products, click here.
If you use any of these products, please update as soon as you can.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
But if you want to check, here’s how:
On Windows 10, click Start (Windows logo), choose “Settings,” select “Update & Security,” then on the “Windows Update” section, click on “Advanced Options.” (Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.) Under “Advanced Options,” just make sure the drop down box is set to “Automatic.”
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
Adobe Flash updates are included in Microsoft’s Windows updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
–> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 22.214.171.124.