Microsoft released 63 security patches for November, including a fix for a zero-day vulnerability already under active exploitation. Of the patches, 12 updates are considered critical, and almost every other patch is ranked as important. Out of the 12 critical vulnerabilities, 10 can be exploited through browsers or opening malicious files, according to a post from Jimmy Graham of Qualys.
“The priority this month should be all Windows OS updates and Edge,” said Chris Goettl of Ivanti. “Internet Explorer has several Important vulnerabilities resolved as does Office, but all of the Critical vulnerabilities, exploits and disclosures are in the OS and Edge browser.”
Goettl also notes Microsoft is re-releasing Windows 10 1809 and Server 2019 after pulling them in October due to user data being deleted after upgrading.
“Take a moment to test before rolling out just to be cautious,” he said.
Here are the highlights from this month’s release with the information you need to prioritize your patching efforts.