Security News > 2023 > November > Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild.

The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.

CVE-2023-36413, a Microsoft Office security feature bypass flaw, can be exploited if an attacker convinces someone to open a malicious file - which we all know isn't too difficult to do.

"This vulnerability could be exploited by an unauthenticated attacker targeting a Microsoft PEAP Server by transmitting specially crafted malicious PEAP packets across the network," Silva told The Register.

Adobe patched a whopping 76 vulnerabilities across its Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server products - though none of the bugs have been found or exploited by miscreants.

Finally, a single critical bug in FrameMaker Publishing Server could be exploited to bypass security features.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/15/november_2023_patch_tuesday/