Yesterday's edition of Microsoft's Patch Tuesday saw the rollout of ten security bulletins, which feature updates for dozens of security flaws. Five of the bulletins are rated as critical and updating asap is highly advised as exploits for two of these flaws are already used in the wild.
The Register took the time to write a nice summary of the security bulletins and reminds us that the October rollout marks the start of Microsoft's new policy to deliver its security updates in just one bundle:
MS16-118 is a cumulative update for Internet Explorer to address 11 security vulnerabilities, including six remote code execution flaws, three information disclosure vulnerabilities, and two elevation of privilege conditions.
MS16-119 will fix 13 CVE-listed vulnerabilities present in the Edge browser. Those flaws include eight remote code execution holes, two information disclosure flaws, two elevation of privilege holes, and one security feature bypass.
MS16-120 addresses seven flaws in the Microsoft Graphics Component in Windows (and used by Skype and Office) that would allow remote code execution, elevation of privilege, or information disclosure by opening a web page or document containing a malformed image or font.
MS16-121 will fix a single remote code execution flaw in Office related to problems with the handling of RTF document files. The flaw has also been patched in Office for Mac, so OS X and macOS users should be on the lookout for an update as well.
MS16-122 patches a remote code execution flaw in the Windows Video Control that can be exposed with files embedded in a web page or email document.
MS16-123 is a patch for five CVE-listed vulnerabilities in Windows Kernel Mode Drivers that allow elevation of privilege when the user runs a locally installed application.
MS16-124 patches four vulnerabilities in Windows that could potentially allow local applications to view registry information.
MS16-125 is an update to address an elevation of privilege flaw in the Windows Diagnostic Hub related to the handling of insecure library data. That flaw could potentially be targeted via a locally installed application.
MS16-126 cleans up an information disclosure flaw in the Windows Internet Messaging API for Internet Explorer that Microsoft has also addressed with the above . Both bulletins will need to be installed (not a problem anymore) for the vulnerability to be fully patched.
MS16-127 patches twelve vulnerabilities in Flash Player for Windows 8.1, Windows 10, and Server 2012.
On a related note, there's also a massive number of updates from Adobe. The company fixed a whopping 83 flaws in its Reader, Acrobat and Flash software. A total of 71 patches fix numerous security issues in Reader and Acrobat, while about a dozen remote code execution issues were plugged in the Flash plug-in.