⋮    ⋮  

Microsoft Patches Over 50 Security Vulnerabilities Today – Windows 10 Builds 16299.64 and 15063.728 Start Rolling Out


It's Patch Tuesday which means it's time to update your Windows devices. Microsoft has started to roll out Windows 10 cumulative updates carrying security fixes to numerous issues. The fixes are available to both the PC and Mobile devices. This is the second wave of updates coming to Windows devices this month, as the company already released updates to Windows 10 earlier this month.

Today's update brings fixes to over 53 security vulnerabilities, covering Internet Explorer, Microsoft Edge, Windows, Microsoft Office, ASP.NET Core, and Chakra Core. 20 of these are rated critical, with 30 rated as important. "There’s definitely a malware vibe to this month’s release, as many of the updates directly relate to techniques used to spread the unwanted software," Zero Day Initiative said in an email to Wccftech.

Microsoft Begins Preparing the November 2021 Update (Final Windows 10 Version) for Release – RTM Build Confirmed

It should be noted that at least three of these vulnerabilities that Microsoft has fixed have been publicly disclosed, which means it will become easier for attackers to use them. Tracked as CVE-2017-11827, CVE-2017-8700, and CVE-2017-11848, the issues can lead to code execution and information disclosure. One of the issue fixed with today's updates include CVE-2017-11877 that  fixes an Excel security feature bypass vulnerability that fails to enforce Macro settings, which are often used by attackers.

"Macros have been used by malware authors for years - the most famous (Melissa) dating all the way back to 1999," Dustin Childs, communications manager for the ZDI wrote in an email to Wccftech. "Word and Excel check for the existence of macros, but CVE-2017-11877 details how this check is bypassed in Excel."

It could allow a malware writer to embed a malicious macro in an Excel spreadsheet. The macro would execute once the spreadsheet was opened by the target victim.

It is critically important to install these security updates as soon as they are made available since criminals wait for these disclosures to power the next wave of malware as a huge number of machines never gets patched.

What does today's update brings to Windows 10 Fall Creators Update

Here is the complete list of performance and feature issues that have been addressed with today's cumulative build 16299.64  (KB4048955):

  • Addressed issue that causes the Mixed Reality Portal to stop responding on launch.
  • Addressed issue that causes a black screen to appear when you switch between windowed and full-screen modes when playing some Microsoft DirectX games.
  • Addressed a compatibility issue that occurs when you play back a Game DVR PC recording using Android or iOS devices.
  • Addressed issue where the functional keys stop working on Microsoft Designer Keyboards.
  • Addressed issue to ensure that certain USB devices and head-mounted displays (HMD) are enumerated properly after the system wakes up from Connected Standby.
  • Addressed issue where the virtual smart card doesn't assess the Trusted Platform Module (TPM) vulnerability correctly.
  • Addressed issue where Get-StorageJob returns nothing when there are storage jobs running on the machine.
  • Addressed issue where applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail when creating or opening Microsoft Excel .xls files. The error message is: “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".
  • Addressed issue where application tiles are missing from the Start menu. Additionally, applications that the Store app show as installed don't appear on the application list of the Start menu. Computers that have Internet connectivity and upgrade on or after November 14, 2017 will receive this preventative solution and avoid this issue. Machines that lack network connectivity or have already encountered this issue should follow the steps in the Microsoft Answers thread “Missing apps after installing Windows 10 Fall Creators Update”. Microsoft will release and document an additional solution in a future release.
  • Addressed issue where Microsoft Edge cannot create a WARP support process and appears to stop responding for up to 3 seconds during a wait timeout. During the timeout period, users cannot navigate or interact with the requested page.
  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Microsoft Graphics Component, Windows kernel, Internet Explorer, and Windows Media Player.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

You can head over to this listing for problems fixed in Windows 10 Creators Update (KB4048954). For information on security bugs that Microsoft has patched today, go to this portal. Please note that Microsoft has also included security patches released by Adobe to over 80 issues.