Microsoft Releases Patch Tuesday Windows Update Fixing 14 Security Flaws Including The 0-Day Found By Google

windows10 start
What's that in the air? Could it be the smell of egg nog and pine? Nope, it's Microsoft Patch Tuesday, of course! This month's rollout is rather large and notable for a number of reasons. However, what matters most is that if you're not up-to-date yet, you'll want to take a little trip to the Windows Update section and take care of business.

Speaking of business, the advice to update is imperative for those managing user PCs in the enterprise, as this rollout of patches includes a fix for a huge bug Google disclosed one week ago. This bug, called CVE-2016-7255, is a local privilege escalation flaw that is particularly dangerous, as it's been proven to be actively exploited. If you don't want to download all of the new updates in one fell swoop, make sure you snag at least this one.

Windows Update Patch Tuesday Nov 2016

While it could be argued that this particular bug should have been spotted ages ago, it's great to see that Microsoft wasted no time in squashing it - releasing the fix a mere week later. That's a lot better than 90 days, as we've seen in the past.

Other fixed bugs include 10 that affect Microsoft Office, three previously disclosed ones for Internet Explorer and Edge, and three other critical vulnerabilities affecting Windows. These include an open type font flaw that could be exploited if someone visits a malicious website, as well as a DLL loading issue with Task Scheduler that could lead someone to take control over a machine.

In case we were not clear enough above: update. Some Patch Tuesday rollouts might not seem that important, but this one certainly is.


Via:  Qualys
Show comments blog comments powered by Disqus