During May’s Patch Tuesday, Microsoft has patched 46 vulnerabilities, including 3 zero-days in Windows, Microsoft Office and Internet Explorer that were actively attacked before the patches were available.
The vulnerabilities in Internet Explorer 11 and Microsoft Office allowed an attacker to execute random code on the system when the user visited a malcious website or opened a malcious EPS file. The vulnerability in the Windows Kernel allowed an attacker to elevate privileges on the system and execute code with kernel rights.
Also vulnerabilities in Internet Explorer and Edge were patched, these were known before the patches were released but Microsoft claims they weren’t exploited.
The leak in Internet Explorer made it possible to bypass warnings for HTTP content on HTTPS websites. The Edge vulnerability allowed a malicious internet sites to perform action in the context of the Intranet Zone.
On most systems the update will be applied automatically.
Users that are on the RTM version of Windows 10 (released in July 2015) will no longer receive updates. Microsoft has stopped providing updates for this version and recommends to update to the latest version of Windows 10.