Microsoft’s Patch Tuesday fixed vulnerabilities mainly in Windows, Office, Internet Explorer and Edge.
There were 65 vulnerabilities in Microsoft software fixed this month, with 22 coming in with a critical rating.
The critical updates target Windows, Office, and several other products, with one public disclosure for SharePoint Server which has a case number of CVE-2018-1034. The issue could allow an attacker to gain the same rights as the logged-in user.
There’s also a vulnerability in the Windows kernel that allows for elevation of privilege, and Microsoft officials said it is not aware of any public exploits either. Attackers exploiting this flaw can take full control of the system, and affected Windows versions include 64-bit versions of Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1.
“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company said in a post.
There was also an Adobe patch that affected Microsoft. Flash Player patches are part of the pack shipped to Windows users. Flash Player comes built-in by default into Internet Explorer 11 and Microsoft Edge and vulnerabilities end up addressed via Windows Update.