November Patch Tuesday
November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities. From a risk perspective let’s start with the most sever, the two zero days. DHS CISA has also released BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by threat actors that also need some evaluation to see if you have some low hanging fruit to pluck from the reach of threat actors.