Security News > 2022 > November > Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days.

Also separately addressed at the start of the month is an actively exploited flaw in Chromium-based browsers that was plugged by Google as part of an out-of-band update late last month.

The list of actively exploited vulnerabilities, which allow privilege elevation and remote code execution, is as follows -.

CVE-2022-41091 is one of the two security bypass flaws in Windows Mark of the Web that came to light in recent months.

Four other Critical-rated vulnerabilities in the November patch worth pointing out are privilege elevation flaws in Windows Kerberos, Kerberos RC4-HMAC, and Microsoft Exchange Server, and a denial-of-service flaw affecting Windows Hyper-V. The list of fixes for Critical flaws is tailended by four remote code execution vulnerabilities in the Point-to-Point Tunneling Protocol, all carrying CVSS scores of 8.1, and another impacting Windows scripting languages JScript9 and Chakra.

In addition to these issues, the Patch Tuesday update also resolves a number of remote code execution flaws in Microsoft Excel, Word, ODBC Driver, Office Graphics, SharePoint Server, and Visual Studio, as well as a number of privilege escalation bugs in Win32k, Overlay Filter, and Group Policy.

News URL

https://thehackernews.com/2022/11/install-latest-windows-update-asap.html