Microsoft is now releasing 15 updates in order to correct 70 security vulnerabilities in various Windows domains. Among the vulnerabilities were two zero-day errors.
Patches are for Windows, Internet Explorer (IE), Edge, Office, Sharepoint, and Exchange.
Adobe has released updates for Acrobat / Reader and Flash Player.
Two vulnerabilities, CVE-2019-0803 and CVE-2019-0859 are already being used by hackers and can affect all supported versions of Windows.
The hacker must already have local access to an affected system to be able to use and execute code.
"However, one of the 32 Remote Code Execution (RCE) vulnerabilities dealt with today's patch could potentially be used along with the other two to gain complete control of one system," says one researcher.
There are, however, still some bugs that need to be corrected as soon as possible. Some of these are 8 critical vulnerabilities in the scripting engine used by Microsoft browsers and CVE-2019-0822 vulnerability (which can trick the victim into opening a malicious file).
Installing updates to Adobe Flash Player comes with monthly Windows updates. Automatic installation by Google Chrome, but users may need to restart the operating system (on IE / Edge). On the other hand, Adobe Shockwave Player will no longer exist.
For this reason, security updates will not be issued. The Shockwave never got the attention of Flash, in terms of safety. That is why it was quite vulnerable.
Experts suggest users to uninstall Shockwave as there are 7 vulnerabilities that could put systems at risk.
- Make updates to Windows.
- Make updates after backing up important data and files.
Finally, with the new update, you can choose when you want to install the patch. So far Windows 10 has made updates on their own, which is not always convenient for users.