Microsoft and Adobe have released a series of security patches for Adobe Flash, Internet Explorer and Windows as part of the latest round of Patch Tuesday updates.
Microsoft alone is offering 15 fixes to make good 36 vulnerabilities, according to Craig Young, a security researcher at Tripwire.
"The patch which immediately grabbed my attention this month is MS16-061 which resolves a code execution bug within the handling of RPC requests," said Young.
"Although Microsoft rates CVE-2016-0178 as less likely to be exploited, the potential for abuse on this one is enormous. The underlying flaw affects all supported servers and desktops from Windows Vista to Windows 10 and can allow an unauthenticated attacker to gain control of unpatched systems," he added.
Another notable fix is CVE-2016-0189, which affects the legacy Internet Explorer web browser and involves a nasty "remote memory-corruption vulnerability,"according to Symantec.
Internet Explorer has a global market share of about 36 per cent, according to NetMarketShare figures, second only to Google Chrome. Its replacement, Edge, still languishes on under five per cent, despite the supposed popularity of Windows 10
"Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user," adds the firm in a brief advisory. "Failed attacks will cause denial-of-service conditions. Internet Explorer 9, 10, and 11 are vulnerable."
The big issue for Adobe is yet another newly discovered critical Flash vulnerability, CVE-2016-4117. This affects Flash running on Windows, Macintosh, Linux and Chrome OS. Adobe warns that the vulnerability can cause crashes and, potentially, enable a hacker to take remote control. It believes that there is an exploit in the wild.
Adobe warned about the risk posed by the flaw earlier this week: "A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild."
Other updates address a variety of vulnerabilites of flaws in other Microsoft products, with eight important and eight critical issues dealt with, according to Michael Gray, vice president of technology at Thrive Networks.
"Most of the critical are remote code execution, which is a commonly the end result of exploits. Critical patches are still critical and we recommend deploying after your systems have been tested."
What isn't clear is whether Microsoft has slipped some new Windows 10 and/or telemetry-related updates into the mix for users of Windows Vista, 7, 8 and 8.1.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers