Some of the bugs in Microsoft's products are actively exploited in the wild:
Of the other flaws, experts are advising users and administrators to prioritize two fixes for bugs currently being targeted in the wild. CVE-2019-0803 and CVE-2019-0859 are a pair of elevation of privilege vulnerabilities in Win32k. Both require the attacker to already have access to the vulnerable PC, so you're really just seeing a bad situation get worse if this exploit is used.At the same time, Adobe also rolled out updates. The firm patched 21 remote code execution flaws in its PDF app, and plugged two remote code execution bugs in Flash Player.
"These bugs allow an attacker to elevate privileges and take over a system after they have access to that system," said Dustin Childs of the Trend Micro ZDI.