Microsoft said Tuesday as part of its monthly security bulletin that all Windows users should patch their systems to prevent attackers from exploiting at least two critical flaws, reports Zero Day.

The first two critical patches fix a number of security vulnerabilities in Internet Explorer and Microsoft Edge, respectively.

The most serious flaw (MS16-001) affecting Internet Explorer could allow an attacker to remotely execute code by tricking a user into visiting a specially-crafted webpage. The attacker would gain the same user rights as the current user, which puts administrators at a greater risk.

Though one of the vulnerabilities was publicly disclosed, Microsoft said it wasn't aware of any attacker exploiting the flaw.

Microsoft Edge, the new browser exclusive to Windows 10, also gets updated with a cumulative update. The most serious flaw (MS16-002) also allows an attacker to remotely execute code from a specially-crafted webpage.

Windows Server 2016 Tech Previews 3 and 4 are affected by both bulletins, and require patching.

0 Comments