Staying current with Microsoft’s monthly patches is challenging, yet critical for one’s cybersecurity program. This week, Microsoft’s November Patch Tuesday released 55 patches, six of which were categorized as “critical,” four were previously disclosed (which means that cyber criminals may already be exploiting them), and two are being exploited now. Plugging all of these vulnerabilities should be a high priority for your security teams.
The vulnerabilities being exploited by cyber criminals now include one that allows remote code execution to Microsoft Exchange Server; the other involves bypassing a security feature in Microsoft Excel.
For a complete list of the vulnerabilities, the patches and what to do about them, the Sans Internet Storm Center outlines them well in its monthly summary, which can be accessed here.