Experts have urged users to implement the patches included in this month’s Microsoft Patch Tuesday. The monthly update has provided fixes for six different zero-days and 55 other bugs. According to researchers, users should prioritize patches on Microsoft Exchange and Excel, as these platforms are frequently targeted by threat actors. Of the 55 total vulnerabilities, six are rated critical while the remainder are classified as important. The flaws lie in multiple different applications, including Microsoft Windows, Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Edge, Exchange Server, Visual Studio, and more.
This Patch Tuesday fixes two flaws that are currently under attack. The first is a Microsoft Exchange Server remote code execution vulnerability that is caused by issues within the validation of command-let arguments. Microsoft has released a blog post describing the vulnerability and how it is exploited. The second is a Microsoft Excel security feature bypass vulnerability.
Read More: Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs