Microsoft today released updates to include security holes in its software, including patches to fix at least 74 weaknesses in different flavors of Windows and programs that run on it. The November updates include zero-day bugs in Internet Explorer currently in the wild, as well as a sneaky bug in some versions of Office for Mac that circumvent security and it was made public in detail before today's patch.
More than a dozen of the shortcomings eliminated in this month's announcement are rated "critical", meaning they include weaknesses that can be used to install malware without any user action, except of maybe browsing a hack or a malicious website or opening an attachment with a capture boom.
Perhaps the most disturbing of these critical holes is a zero-day Internet error
Exploder Explorer (CVE-201
Microsoft also remedied a deficiency in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security defenses in some versions of a program that could release malicious macros.
Macros are bits of computer code that can be embedded in files in Office, and malicious macros are often used by malware vendors to compromise Windows systems. This is usually done in the form of a prompt that prompts the user to "activate macros" after opening a closed document in Office delivered via email. In this way, Office has a feature called "deactivate all macros without notification."
But Microsoft says that all versions of Office still support older types of macros that do not comply with this setting, and can be used as a vector for pushing malware. Will Dornan of CERT / CC reports that while Office 2016 and 2019 for Mac will still prompt the user before executing these older macro types, Office for Mac 2011 fails warned users before opening them.
Other Windows applications or components receiving patches for critical defects today include Microsoft Exchange and Windows Media Player. In addition, Microsoft also patches nine vulnerabilities – five of which are critical – in the Windows Hyper-V Windows 1945 OS Windows Server (and Windows 10 Pro ) , which allows users to create and run virtual machines (other "guest" operating systems) from Windows.
Although Adobe usually releases patches for its Flash Player browser component of Patch Tuesday, this is the second consecutive month that Adobe has not released security updates for Flash. However, today Adobe has made security fixes for various of its creative software packages, including Animate, Illustrator, Media Encoder and Bridge. I also neglected to note last month that Adobe released a critical update to Acrobat / Reader that addresses at least 67 errors, so if you have any of these products installed, please make sure they are patched and finally.
Finally, Google recently fixed a zero-day defect in its Web browser Chrome (CVE-2019-13720). If you use Chrome and see an up arrow to the right of the address bar, an update is forthcoming; completely closing and restarting the browser should install all available updates.
Now seems a good time to remind all of you end users of Windows 7 that Microsoft will suspend delivery of security updates after January 2020 (this end -life also affects Windows Server 2008 and 2008 R2 ). While companies and other volume license buyers will be able to pay for additional adjustments beyond that point, all other Windows 7 users who want to stick to Windows will need to consider migrating to Windows 10 soon.  Standard Heads-Up: Windows 10 likes to install all-in-one patches and restart its computer on its own schedule. Microsoft does not make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you prefer to be notified of new updates when available, so you can choose when to install them, Windows Update has a setting for that. To get there, click on the Windows key on your keyboard and enter "Windows Update" in the box that appears.
Keep in mind that while you're up-to-date on Windows patches is a good idea, it's important to make sure you only update after you've backed up your important data and files. Reliable backup means you're probably not scared when the weird bug bug causes system boot issues. So do yourself a favor and backup your files before installing patches.
As ever, if you have any problems or issues with installing any of these patches this month, please feel free to leave a comment below; there is a decent chance that other readers may have experienced the same thing, and may even delve in here with some helpful tips.
Tags: adobe, CVE-2019-1429, CVE-2019-1457, Internet Explorer Zero Day, Macros, Microsoft, Office for Mac, Windows 7 Expiration
You can skip to the end and leave a comment. Pinging is currently not allowed.