Microsoft has patched 60 vulnerabilities during the this month’s Patch Tuesday. Amongst them were two vulnerabilities in Internet Explorer and Windows that were actively attacked before an update was available. Both vulnerabilities allowed an attacker to execute arbitrary code, which in the worst case allowed the attacker to take full control over the system.
In case of the Internet Explorer vulnerability, simply visiting a hacked or malicious website was sufficient to become a victim of such an attack. Microsoft reports that Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 are vulnerable. Trend Micro disagrees and writes on its website that Internet Explorer 11 is not vulnerable because VBScript is disabled by default in Internet Explorer 11 on Windows 10 since October 2017.
The other 58 vulnerabilities which Microsoft patched this month were in Internet Explorer, Microsoft Edge, Microsoft Office, ChakraCore, Windows, .NET Framework, Microsoft SQL Server, Visual Studio and Microsoft Exchange Server.
On most systems the updates are automatically installed.