For this month's edition of Patch Tuesday, Microsoft rolled out seven bulletins, four rated as critical and three marked as important. It includes a critical update for an Internet Explorer flaw, a critical update for Silverlight, two critical and two important updates for Office (one affecting Microsoft Server software as well), and an important update for Windows.
Cumulative Security Update for Internet Explorer (2809289) (IE/Windows)
This security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) (Windows)
This security update resolves three privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.