Subscribe

Microsoft Releases 55 Security Fixes For Patch Tuesday

November 10, 2021

Microsoft has released 55 security fixes for software for the month of November, including patches that fix zero-day vulnerabilities that are actively exploited in the wild.

The tech giant’s latest set of patches, typically released on the second Tuesday of each month in the so-called Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution bugs (RCE), information leaks, and privilege elevation security vulnerabilities, including patches for issues related to spoofing and tampering.

The November security update affects Microsoft Azure, the Chromium-based Edge browser, Microsoft Office and related products such as Excel, Word, and SharePoint – Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

In addition, the most important vulnerabilities that have been fixed in this update are:

  • CVE-2021-42321: (CVSS:3.1 8.8 / 7.7). In active exploit, this vulnerability affects Microsoft Exchange Server and may lead to RCE due to improper validation of cmdlet arguments. However, attackers must be authenticated.
  • CVE-2021-42292: (CVSS:3.1 7.8 / 7.0). This vulnerability has been found in Microsoft Excel and can be exploited to circumvent security controls. Microsoft says the Preview Pane is not an attack vector. A patch for Microsoft Office 2019 for Mac or Microsoft Office LTSC for Mac 2021 is still not available.
  • CVE-2021-43209: (CVSS:3.1 7.8 / 6.8). A 3D Viewer vulnerability made public, this bug can be locally exploited and trigger RCE.

According to the Zero Day Initiative (ZDI), this is a relatively small number of vulnerabilities that were fixed in November.

In addition, Visual Studio 2022 and .NET 6 were made available to the general public from November 8. Visual Studio 2022 now includes a refresher of some of its key features as well as debug enhancements for developers.

.NET 6, on the other hand, contains performance improvements and is the first version to support both Windows Arm64 and Apple Arm64 Silicon.

For more information, read the original story in ZDNet.

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

June 24, 2025 A new report from Okta shows that despite growing fears about identity theft, most more...

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

June 23, 2025 Canada’s cybersecurity agency and the U.S. Federal Bureau of Investigation have confirmed that a more...

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

June 12, 2025 A new vulnerability discovered in Microsoft Copilot has raised urgent concerns about the security more...

Sleeper Supply Chain Attack Activates After 6 Years

May 6, 2025 A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by more...

Jim Love

Jim is and author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.