The highest severity bug patched this month is a critical RCE vulnerability found in the Microsoft Video Control component of Windows Server. The flaw can be triggered remotely via specially crafted web content or malicious sites, allowing an attacker to gain access to user data or take control of vulnerable systems with elevated privileges. Other critical RCE bugs include two in SharePoint Server and two in Microsoft Office products.
Apart from these vulnerabilities, Microsoft has also released patches for 24 important-rated issues, mostly relating to information disclosure and privilege escalation. These include nine vulnerabilities security flaws and 38 of them are regarded as critical Remote Code Execution (RCE) vulnerabilities.
The most severe of these RCE bugs impacts the Windows CryptoAPI, a Microsoft cryptographic library and application programming interface (API) used to secure communications and data. Another important RCE flaw patched this month affects the Windows GDI+ graphic library, which can be exploited if a user opens a specially crafted document or visits an untrusted webpage.
The remaining 30 flaws include two Elevation of Privilege vulnerabilities in Windows Error Reporting Service and Windows Kernel, as well as 28 information disclosure issues found in various components of the operating system.
Adobe also released 14 security updates today to address 58 vulnerabilities in Acrobat and Reader for Windows and macOS computers, Creative Cloud desktop applications, Adobe Experience Manager Forms, Adobe Digital Editions Classic, Campaign Classic, Analytics Cloud Platform SDKs, and Connector for Microsoft Outlook.