Microsoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange.
Notable patches include two (CVE-2017-11937 and CVE-2017-11940) fixes impacting Microsoft’s Malware Protection Engine (MPE). Both remote code execution vulnerabilities became known last week via research by the UK National Cyber Security Centre. Both were patched last week.
“These MPE vulnerabilities also affect Exchange Server, so back-end administrators do have some work to do this month,” said Greg Wiseman, senior security researcher at Rapid7.