Patch Tuesday – November 2025


Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet.

Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely to see exploitation. Five browser vulnerabilities and a dozen or so fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

    April 18, 2018

    It’s time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Read more… Source: The Hacker News  

  • Spring break! Critical vuln in Pivotal framework’s Data parts plugged

    March 5, 2018

    Pivotal’s Spring Data REST project has a serious security hole that needs patching. Pivotal’s Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. Read more… Source: The Register  

  • Bug in HP Remote Management Tool Leaves Servers Open to Attack

    March 1, 2018

    Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) ...

  • Cisco Patches Critical VPN Vulnerability

    January 30, 2018

    Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 Series ...

  • Oracle Ships 237 Fixes in Latest Critical Patch Update

    January 17, 2018

    Oracle has shipped 237 patches for vulnerabilities impacting hundreds of product versions as part of its latest quarterly critical patch update. Product lines coming in for some of the most fixes include Oracle Financial Services Applications, with 34, Fusion Middleware with 27, MySQL with 25 and Java SE with 21. In many cases, the vulnerabilities can be exploited ...

  • CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

    January 9, 2018

    Microsoft’s workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools. Some anti-malware packages are incompatible with Redmond’s Meltdown patch, released last week, because the tools make, according to Microsoft, “unsupported calls into Windows kernel memory,” crashing the system with a blue screen of death. In extreme ...