Microsoft released another round of updates on what is commonly known as Patch Tuesday. The November edition is a significant one, as it fixes several zero-day exploits. No more passwords? Microsoft says you can ditch yours and use one of these secure methods instead.
The bug fixes are aimed towards a slew of Microsoft products that include the Edge browser, Microsoft Office, Visual Studio, Exchange Server, Windows Kernel, and Windows Defender. In total, 55 vulnerabilities are patched, of which six have been classified as critical.
This patch fixes fewer issues than last month, which corrected almost 80 vulnerabilities, and is half the amount from November 2019. That has caused the Zero Day Initiative (ZDI) to worryingly ponder if Microsoft is sitting with a backlog of patches.
Here’s the backstory
Of the 55 corrections released in this update, six are critical. Hackers could use several of the flaws to breach computers and steal personal information. Here are some of the highlights:
- CVE-2021-43209 and CVE-2021-43208 both deal with flaws in the 3D Viewer in Windows. In the patch notes, Microsoft explained that “an attacker can expect repeatable success against the vulnerable component.” It is a Remote Code Execution vulnerability meaning that a hacker can run any code on the affected system.
- CVE-2021-38631 and CVE-2021-41371 correct a problem with the Windows Remote Desktop Protocol (RDP). Attackers can use the flaw to extract personal information or locally force the leaking of information.
- CVE-2021-42292 impacts Microsoft Excel and has already been exploited by hackers. It serves as an entry point for attackers to bypass security controls. This patch is specifically for the Windows version of Excel, and there isn’t a patch for the Mac version yet.
- CVE-2021-42321 has also been actively used by hackers and is present in Microsoft Exchange Server. While hackers need to be authenticated for the exploit to be used, a flaw in the command validation can lead to a Remote Code Execution.
What you can do about it
It should be commonplace for you by now, but you must always keep your operating system and software up to date. Just like the latest update, most patch any security flaws that could lead to your computer suffering from a breach.
Before installing any major update, it’s a good idea to back up critical files with a company you can trust. We recommend our sponsor, IDrive.
IDrive protects all your PC, Mac, iPhone, iPad and Android devices with just one account. Its versatile and user-friendly platform has made saving and recovering data simple for small businesses and individual use.
Kim has negotiated a killer deal for you. Tap or click here to save 50% on 5 TB of cloud backup today with IDrive!
Here’s how to update your Windows PC:
- Click the Start button on the bottom left.
- Select Settings, then click Update & Security.
- If you don’t see an update ready to install, you can force the process by tapping Check for Updates.
- Any additional patches and software fixes will be downloaded and installed onto your machine. You can also tick the box to have Windows update any other Microsoft products that you have installed, like Office or Edge.