With 67 flaws addressed, six publicly-reported issues and one vulnerability already exploited, this month’s updates pale in comparison to the challenges addressing the Log4j issue.
This month’s Patch Tuesday update is important for several reasons. With 67 unique vulnerabilities addressed, six publicly-reported issues and one already exploited, this month’s updates still pale in comparison to dealing with the Log4j issue. (Fortunately, there are no browser or Microsoft Exchange updates and minimal changes to Microsoft Office.) We have added the Windows updates and Visual Studio updates to our “Patch Now” release cycle recommendations, while Office updates are relegated to a normal release cadence. You can find more information on the risk of deploying these Patch Tuesday updates in this infographic. There are no reported high-risk changes to the Windows platform this month. However, there is one reported functional change, and an additional feature. Here are our high-level testing recommendations: Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. I’ve referenced a few key issues that relate to the latest builds, including: One of the best ways to see if there are known issues that could affect your target platform is to check out the many configuration options for downloading patch data at the Microsoft Security Update guidance or the summary page for this month’s security update. Major revisions Microsoft released four updates for informational reasons (documentation and FAQ updates) including: CVE-2021-43236, CVE-2021-43883, CVE-2021-43893, CVE-2021-43905. In addition, Microsoft released several major updates to previous patches, including: Due to the larger scope of these patches, you may not have downloaded and applied them in November. This month, all four updates will be included in the patch cycle (though their dates may reflect a November release date). This month, there is a single reported vulnerability that includes both mitigation and documented workarounds: Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: This month, the Chromium project released 16 updates for the Microsoft Edge browser.
