Microsoft issued patches for 66 vulnerabilities – three of which rated as “critical” – within its software. The holes were found in software such as Windows, Edge, Azure, Office and SharePoint Server.
In addition to the three “critical” flaws, Microsoft also noted the presence of a Windows MSHTML zero-day. This particular issue is known to affect Windows, with “targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.”
Attackers can specifically craft malicious ActiveX control in an Office doc to host the browser rendering engine, convincing the user to open a malicious file. Those with fewer access rights, it was noted, are less vulnerable. Additional information is available via the Microsoft Security Response Center (MSRC).
The majority of its reported vulnerabilities, meanwhile, were listed as “Important.”
