image
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today's patches. More than a dozen of the flaws tackled in this month's release are rated "critical," meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment. Perhaps the most concerning of those critical holes is a zero-day flaw in Internet ~~Exploder~~ Explorer (CVE-2019-1429) that has already seen active exploitation. Today's updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages. Microsoft also fixed a flaw in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security protections in some versions of the program that could let malicious macros through. Macros are bits of computer code that can be embedded into Office files, and malicious macros are frequently used by malware purveyors to compromise Windows systems. Usually, this takes the form of a prompt urging the user…

Source