Microsoft yesterday patched 47 vulnerabilities in Windows, Internet Explorer, Edge, Office and Exchange during its monthly Patch Tuesday. Three of them were known zero-day leaks, that according to Microsoft weren’t actively attacked.
The 47 vulnerabilities were fixed with 16 patches of which 5 are marked as critical. Critical vulnerabilities allow an attacker to take control over a computer without much interaction of the user. An user visiting a malicious or hacked website, or viewing an infected advertisement can be sufficient to exploit it.
In case of the Office vulnerability, all that was needed for an infection was that an user viewed a document in the preview pane of Office. Another vulnerability could be exploited if an user opened a malicious PDF document in the Windows PDF reader.
The 3 zero-day leaks were in Windows Search, The Web Proxy Auto Discovery Protocol and in Microsoft’s Edge browser. The Redmond software giant stresses that there have been no reports of attacks abusing these leaks.
Other patch prevents attackers from elevating their rights in case they already had access to the system and Microsoft released a patch that prevents attackers from performing a denial of service attack. Users are advised to update as soon as possible. On most systems this will be an automated process thanks to Windows Update.