Microsoft has issued the latest Patch Tuesday security update, releasing 16 fixes for core products including five rated critical.
Internet Explorer is involved, as ever, with a fix for a flaw tagged MS16-063 that could allow remote code execution if a user visits a specially crafted webpage designed to exploit the vulnerability.
The hacker could gain the same rights as the user, including taking control of the system, viewing, changing or deleting data and creating new accounts with full user rights, Microsoft warned.
The flaw is rated critical for IE 9 and 11 on affected Windows Clients and moderate for IE 9, 10 and 11 on affected Windows servers.
The Edge browser also has a critical fix for an almost identical problem.
Qualys CTO Wolfgang Kandek said in a blog post that companies should apply the browser fixes as soon as possible.
“These vulnerabilities represent a favourite attack vector for cyber criminals, and we recommend addressing them in the next seven days,” he said.
However, Kandek added that the most important fix is MS16-071, which affects the Microsoft Windows DNS Server.
“This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution if an attacker sends specially crafted requests to a DNS server,” said Microsoft.
Kandek warned that firms must act quickly to apply this patch. “Successful exploitation yields the attacker remote code execution on the server, which is extremely worrisome on such a mission-critical service as DNS,” he said.
“Organisations that run their DNS server on the same machine as their Active Directory server need to be doubly aware of the danger of this vulnerability.”
The other notable critical fix is for Office, and again could allow remote code execution if a user opens a specially crafted Microsoft Office file.
"An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user," said Microsoft.
The other 11 fixes are rated as important and cover several services, and again the advice is to act quickly on those that have a direct impact.
The current rate of patches being issued Microsoft puts the firm on track for a record year. Kandek noted that the June release brings the half-year total to 81, suggesting a possible 160 by the end of the year.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear