During this month’s Patch Tuesday, Microsoft released updates for 50 vulnerabilities that affect Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Flash Player, Windows Kernel and more. When some vulnerabilities are properly exploited they can provide an attacker full control over the system.One of the vulnerabilities in Internet Explorer was already publicly disclosed before a patch was available, but Microsoft claims it has not been actively attacked. In total, the software giant marked 11 vulnerabilities as critical, which means they allow an attacker to execute arbitrary code remotely. Microsoft marked the other 39 as important.
Cisco’s security division, Talos, has issued an advisory about three of the vulnerabilities which the company believes are notable and require prompt attention. These are two vulnerabilities in the Microsoft Scripting Engine and one in the Windows DNSAPI.
Besides that, an emergency patch for Flash Player that was released last week is also distributed with the updates of this Patch Tuesday. That means that Flash Player will be updated on systems where the latest Flash Player update hasn’t been installed yet.
On most systems updates will be automatically installed without any user interaction. Users who can’t wait for the automatic updates can also search for updates manually.