November 2021 Patch Tuesday « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

November 2021 Patch Tuesday

(2 posts) (1 voice)

Started 3 years ago by mikiem2
Latest reply from mikiem2

mikiem2
Moderator

petri[.]com/patch-tuesday-november-2021-microsoft-patches-windows-rdp-zero-day-and-exchange-rce

Patch Tuesday in November 2021 sees Microsoft release patches to address 55 CVEs, including fixes for 6 zero-day bugs. There are updates for products including Windows, Windows Server, Office, Exchange Server, Active Directory, Microsoft Dynamics, Hyper-V, and Azure Real Time Operating System (RTOS), which is ThreadX RTOS, an embedded real-time operating system that Microsoft purchased from Express Logic in 2019.

zdnet[.]com/article/microsoft-november-2021-patch-tuesday-55-bugs-patched-two-under-active-exploit/

Microsoft has released 55 security fixes for software including patches that resolve zero-day vulnerabilities actively exploited in the wild.

The Redmond giant's latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for six critical vulnerabilities, 15 remote code execution (RCE) bugs, information leaks, and elevation of privilege security flaws, as well as issues that could lead to spoofing and tampering.

Products impacted by November's security update include Microsoft Azure, the Chromium-based Edge browser, Microsoft Office -- as well as associated products such as Excel, Word, and SharePoint -- Visual Studio, Exchange Server, Windows Kernel, and Windows Defender.

According to the Zero Day Initiative (ZDI), historically, this is a relatively low number of vulnerabilities resolved during the month of November.

"Last year, there were more than double this number of CVEs fixed," the organization says. "Even going back to 2018 when there were only 691 CVEs fixed all year, there were more November CVEs fixed than in this month. Given that December is typically a slower month patch-wise, it causes one to wonder if there is a backlog of patches awaiting deployment due to various factors."

Posted 3 years ago #
mikiem2
Moderator

I've no idea if I was one in a million [or millions], or if this will turn out to be more common, but the Patch Tuesday updates broke Win10 on my wife's PC, and in an unusual way. The problem was a cycle with a black screen lasting several seconds, then the normal display would very briefly return, then the black screen would reappear. The really odd part is that it was only triggered by opening the Start Menu or Notifications fly-outs.

Reinstalling the AMD graphics driver pack, using the option to remove existing drivers first, made no difference. When I had first opened Windows Update it turns out that Microsoft's AI had decided it was safe for that PC to install Win11 -- at the time I said no -- but after determining it wasn't a hardware problem, that's what I wound up doing.

I *suspect* the problem was caused by the .NET updates that were included in the Patch Tuesday fixes. If that was the case, then uninstalling the updates would be hit or miss -- .NET can be like Windows Installer [.msi setup files], where once its records are screwed up, it's near impossible to fix. [After installing an app using .NET you'll often see a .NET optimization process running, sometimes for quite a while, in Task Mgr., and the records that result are not removed with an uninstall. Back in the XP days I successfully fixed such a .NET problem, and it took roughly 3 days using tools that are no longer available.]

If it had happened this past Spring I would have restored a backup, paused updates, then manually installed them one at a time, testing after each one. Then once I found the problem update, I'd again restore the backup, block that individual update using wushowhide.diagcab, and then proceed with updates normally.

Posted 3 years ago #

RSS feed for this topic

Reply

You must log in to post.