Security News > 2021 > November > Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important.
Still, as always, this Patch Tuesday delivers high-priority fixes, the most urgent of which being the duo that are under attack.
This patch fixes a security feature bypass vulnerability in Microsoft Excel for both Windows and MacOS computers that could allow code execution when opening a specially crafted file.
"While Microsoft only rates the vulnerability as 'Important' because an attacker has to be authenticated to exploit it, Recorded Future has noted that gaining legitimate credential access to Windows systems has become trivial for both nation state and cybercriminal actors," Liska said via email.
Microsoft wasn't clear about which security feature is bypassed by this security feature bypass vulnerability for Microsoft Excel for both Windows and MacOS computers, which affects versions 2013 - 2021.
Microsoft Excel is a frequent target of both nation-state attackers and cybercriminals, he noted.
News URL
https://threatpost.com/microsoft-nov-patch-tuesday-fixes-six-zero-days-55-bugs/176143/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)