Microsoft's November Patch Tuesday Addresses 55 CVEs

On November 9, Microsoft published its monthly Patch Tuesday security update. This month, Microsoft addressed 55 CVEs, including six rated critical and two zero-days. 

This month’s release contains fixes for CVE-2021-42321, a remote code execution vulnerability in Microsoft Exchange Server and CVE-2021-42292, a security feature bypass in Microsoft Excel. Both of these vulnerabilities have been exploited in the wild as zero-days. 

This month's Patch Tuesday release includes fixes for:

• 3D Viewer
• Azure
• Azure RTOS
• Azure Sphere
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Edge (Chromium-based) in IE Mode
• Microsoft Exchange Server
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows
• Microsoft Windows Codecs Library
• Power BI
• Role: Windows Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Active Directory
• Windows COM
• Windows Core Shell
• Windows Cred SSProvider Protocol
• Windows Defender
• Windows Desktop Bridge
• Windows Diagnostic Hub
• Windows Fastfat Driver
• Windows Feedback Hub
• Windows Hello
• Windows Installer
• Windows Kernel
• Windows NTFS
• Windows RDP
• Windows Scripting
• Windows Virtual Machine Bus

For more information about the notable vulnerabilities in this month’s Patch Tuesday, including the availability of patches and Tenable product coverage, please visit our blog.