The security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code.
A publicly disclosed flaws but not exploited in the wild, identified as CVE-2019-0636 and rated as important, concerns an information vulnerability in Windows operating system. This flaw in Windows could allow an attacker to read the contents of files on disk.
“An information vulnerability exists when Windows improperly discloses file information,” Microsoft says in its advisory. “To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.”
Almost all of the listed critical-rated vulnerabilities leads to remote code execution attacks and primarily impact various versions of Windows 10 and Server editions.
Some of the important-rated vulnerabilities also lead to remote code execution attacks, others allow elevation of privilege, information disclosure, security feature bypass, and spoofing vulnerabilities.
Adobe has also rolled out security updates to fix vulnerabilities in its various software, 71 of which resides in Adobe Acrobat and Reader alone.
Users are highly recommended to update their software packages to the latest versions as soon as possible.