There are seven critical vulnerabilities in Microsoft’s first Patch Tuesday of the year.
Including the additional 42 vulnerabilities, none of the issues are undergoing active attacks, officials said.
Vulnerabilities exist in Windows, Office, Internet Explorer, Edge, the .NET Framework, Exchange Server, Adobe Flash Player, ChakraCore, ASP.NET, and Microsoft Visual Studio.
One critical patch among those offered is the one for a remote code execution (RCE) flaw in the Windows DHCP client that has a case number of CVE-2019-0547. The issue could allow an attacker to execute their code on affected systems.
The hole is in Windows 10 and Server version 1803, which is latest versions of the OS.
In addition to the DHCP issue, three other RCE’s affect the ChakraCore scripting engine included in Edge, two affect Microsoft’s Hyper-V server virtualization environment, and one impacts Edge directly.
Click here to view Microsoft’s January Security Update Summary.