Microsoft has issued its monthly Patch Tuesday, which this month was intended to coincide with its latest Creators Update to Windows 10. This month's Patch Tuesday addresses a hefty 63 vulnerabilities, 22 of which are labelled 'critical'.
While this month's release is somewhat smaller than last month's update, there are more critical vulnerabilities being patched, with the majority of these being in browsers and browser-related technologies.
Five of the critical vulnerabilities are in the Windows Font Library (labelled as Microsoft Graphics in the bulletins).
If compromised, these vulnerabilities could lead to remote code execution via a web-based or file-sharing attack. These updates should be prioritised for workstation-type devices as well as servers.
According to security firm Tripwire, one of the most notable critical bugs is a vulnerability within SharePoint Servers.
This bug could allow specially crafted web requests to read unauthorised content or perform actions in the context of an authorised user. This attack is possible due to a failure to properly sanitise certain web requests and the update ensures proper sanitization occurs.
"VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-773 today," the company warned.
Another security firm, Trustwave, noted that along with most of the "usual suspects", the MS Chakra Scripting Engine is back in this month's patch, with seven RCE vulnerabilities patched.
"The MS Chakra Scripting Engine is implemented in Internet Explorer 9 as an interpreter for Microsoft's JScript language and made its first appearance last month with eight CVEs patched," the firm said.
As usual, Adobe issued its monthly tranche of bug patches, releasing six bulletins covering 19 vulnerabilities. These cover the Flash Player (obviously), Experience Manager, InDesign, Digital Editions, Coldfusion, and the PhoneGap Push Plugin.
Of the 19, six are marked as critical in Flash, InDesign, and Coldfusion. While Coldfusion servers should be patched as soon as possible, the patches for Flash or InDesign should be treated as high priority for Workstation-type devices.
Microsoft and Adobe claimed there are no active attacks against the vulnerabilities they have issued - at least, as far as they are aware.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago