Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity.
Tracked as CVE-2020-17087, one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was disclosed by Google Project Zero, which reported the flaw was being exploited in the wild alongside a Google Chrome flaw (CVE-2020-15999) – which had been patched on Oct. 20.