Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Patch Tuesday tracks Microsoft's regular security updates, helping readers understand vulnerabilities, fixes, and risks affecting software users.
Search across headline titles and summaries.
Background for this topic.
Patch Tuesday is the second Tuesday of each month, when Microsoft publishes a scheduled set of security and quality updates for supported products. The term is also used broadly for the recurring monthly patch cycle that organizations use to review, test, and deploy vendor fixes. Releases may address vulnerabilities in operating systems, applications, browsers, and infrastructure components, with severity and affected versions varying by update.
For security teams, the release is a trigger for vulnerability-management work: identify exposed and supported assets, assess whether a flaw is being exploited or affects a critical system, and prioritize deployment accordingly. Testing and staged rollout can reduce compatibility and availability problems, while leaving internet-facing or unpatched systems exposed can increase the chance of compromise. Teams should also account for patches that require reboots, configuration changes, or dependent updates, and track exceptions with compensating controls. Critical fixes may warrant accelerated or emergency deployment rather than waiting for the normal maintenance window.
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
Patch Tuesday updates require urgent action from sysadmins
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Plus: Fixes from Intel, AMD, Citrix and more Patch Tuesday November's Patch Tuesday also falls on election day in the US, so let's hope that democracy fares better than Microsoft, which reported six of today's bugs are already being exploited in the wild by miscreants.…
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws. [...]