During yesterday’s Patch Tuesday, Microsoft fixed 3 zero-days in Windows and Internet Explorer that were actively attacked. In total the company patched 140 vulnerabilities.
A vulnerability in Internet Explorer allowed an attacker to take control over the system when an user visited a malcious or hacked website. Through one of the Windows vulnerabilities an attacker with access to the system could execute random code with kernel privileges. Another Windows leak could be used to search for specific files on the hard disk if the user visited a specially prepared website with Internet Explorer.
Besides these zero-days in Windows and Internet Explorer, also other vulnerabilities in Windows, Internet Explorer, Edge, SMB, Hyper-V and Office were patched. About these issues information was already known but they weren’t actively attacked.
Microsoft further patched vulnerabilities in Silverlight, DVD Maker, DirectShow, IIS and Exchange.
The patches are automatically downloaded and installed on system with automatic updates enabled