Microsoft has deployed its latest round of monthly security patches for Windows 10 (and Windows 7/8.1) with a large amount of fixes unleashed – 51 security flaws have been resolved, to be precise, including an important patch for a critical vulnerability which is public knowledge.
While the latter hole in Windows (7, 8.1 and 10) has not yet been exploited to Microsoft’s knowledge (as observed by Bleeping Computer), it’s a nasty one that can potentially allow an attacker to remotely execute code on the victim’s PC.
This is actually an issue in the Windows Jet Database Engine – a component included in every modern version of Windows – which improperly handles objects in memory, but it is now cured. A good thing too, as the vulnerability has been known about since last September.
Other patches included fixes for a pair of vulnerabilities in Microsoft Edge, ensuring the browser is now immune to an elevation of privilege issue, and a memory corruption problem which could allow an attacker to remotely execute malicious code.
Internet Explorer also benefited from attention, again with a remote code execution vulnerability in its browser engine getting papered over.
Several fixes were implemented for Microsoft Office – including the solution to a remote code execution vulnerability in Word – plus two Windows Hyper-V flaws were ironed out, and a DHCP client remote code execution vulnerability.
So yes, there were plenty of remote code execution fixes, for sure. If you want the full list of Microsoft security updates, Bleeping Computer has compiled it here.
Note that a patch was also delivered for Adobe Flash Player which was labelled a security fix, but in actual fact, it was a non-security-related update – rather it addressed feature and performance bugs.