Microsoft has issued the latest Patch Tuesday security update, releasing 16 fixes for core products including five rated critical.
Internet Explorer is involved, as ever, with a fix for a flaw tagged MS16-063 that could allow remote code execution if a user visits a specially crafted webpage designed to exploit the vulnerability.
The hacker could gain the same rights as the user, including taking control of the system, viewing, changing or deleting data and creating new accounts with full user rights, Microsoft warned.
The flaw is rated critical for IE 9 and 11 on affected Windows Clients and moderate for IE 9, 10 and 11 on affected Windows servers.
The Edge browser also has a critical fix for an almost identical problem.
Qualys CTO Wolfgang Kandek said in a blog post that companies should apply the browser fixes as soon as possible.
“These vulnerabilities represent a favourite attack vector for cyber criminals, and we recommend addressing them in the next seven days,” he said.
However, Kandek added that the most important fix is MS16-071, which affects the Microsoft Windows DNS Server.
“This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution if an attacker sends specially crafted requests to a DNS server,” said Microsoft.
Kandek warned that firms must act quickly to apply this patch. “Successful exploitation yields the attacker remote code execution on the server, which is extremely worrisome on such a mission-critical service as DNS,” he said.
“Organisations that run their DNS server on the same machine as their Active Directory server need to be doubly aware of the danger of this vulnerability.”
The other notable critical fix is for Office, and again could allow remote code execution if a user opens a specially crafted Microsoft Office file.
"An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user," said Microsoft.
The other 11 fixes are rated as important and cover several services, and again the advice is to act quickly on those that have a direct impact.
The current rate of patches being issued Microsoft puts the firm on track for a record year. Kandek noted that the June release brings the half-year total to 81, suggesting a possible 160 by the end of the year.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away