Microsoft has issued its monthly Patch Tuesday, which this month was intended to coincide with its latest Creators Update to Windows 10. This month's Patch Tuesday addresses a hefty 63 vulnerabilities, 22 of which are labelled 'critical'.
While this month's release is somewhat smaller than last month's update, there are more critical vulnerabilities being patched, with the majority of these being in browsers and browser-related technologies.
Five of the critical vulnerabilities are in the Windows Font Library (labelled as Microsoft Graphics in the bulletins).
If compromised, these vulnerabilities could lead to remote code execution via a web-based or file-sharing attack. These updates should be prioritised for workstation-type devices as well as servers.
According to security firm Tripwire, one of the most notable critical bugs is a vulnerability within SharePoint Servers.
This bug could allow specially crafted web requests to read unauthorised content or perform actions in the context of an authorised user. This attack is possible due to a failure to properly sanitise certain web requests and the update ensures proper sanitization occurs.
"VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-773 today," the company warned.
Another security firm, Trustwave, noted that along with most of the "usual suspects", the MS Chakra Scripting Engine is back in this month's patch, with seven RCE vulnerabilities patched.
"The MS Chakra Scripting Engine is implemented in Internet Explorer 9 as an interpreter for Microsoft's JScript language and made its first appearance last month with eight CVEs patched," the firm said.
As usual, Adobe issued its monthly tranche of bug patches, releasing six bulletins covering 19 vulnerabilities. These cover the Flash Player (obviously), Experience Manager, InDesign, Digital Editions, Coldfusion, and the PhoneGap Push Plugin.
Of the 19, six are marked as critical in Flash, InDesign, and Coldfusion. While Coldfusion servers should be patched as soon as possible, the patches for Flash or InDesign should be treated as high priority for Workstation-type devices.
Microsoft and Adobe claimed there are no active attacks against the vulnerabilities they have issued - at least, as far as they are aware.
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum