Microsoft released 13 security updates for vulnerabilities in Windows, Internet Explorer, Edge, Office, Microsoft Server Software, the .NET Framework and Adobe Flash Player during its Patch Tuesday of February. The updates fix 42 vulnerabilities, 6 updates have been marked critical.
A critical vulnerability allows code execution without user interaction. This could be due to malware or by browsing to a malicious website or opening an email. Other, less critical, updates fix vulnerabilities that allow an attacker with system access to elevate his rights, or vulnerabilities that make a Denial of Service possible.
Two vulnerabilities were already publicly disclosed before Microsoft released a patch. These are vulnerabilities in Sharepoint and Windows and according to Microsoft they haven’t been actively attacked yet.
Internet Explorer saw most of its vulnerabilities fixed, 13 in total. Microsoft also fixed two critical leaks in the built-in PDF Reader of Windows 8.1 and Windows 10. These leaks allowed an attacker to take control over the computer with a malicious PDF document.