On Tuesday, Microsoft issued patches to address 53 vulnerabilities, to include 20 critical fixes, as part of November security updates. Also noteworthy was four of the fixes addressed vulnerabilities with known public exploits (CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700).Â
According to Qualys, none of the bugs with public exploits were being used in active campaigns. See the Security Update Guide for more details.
Also, 25 of the fixes addressed remote execution (RCE) bugs and even one fix addressed a 17 year old arbitrary code execution bug in MS Office Suite. None of the Windows OS patches address critical vulnerabilities.
Qualys further recommended system admins to focus on patches that Microsoft says are more likely to exploit (via phishing attacks or viewing malicious sites): CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, that all address the Scripting Engine in Edge and Internet Explorer.
Special attention on laptops and desktops, where users may have logged in with administrative privileges.Â