Microsoft released 11 security bulletins to resolve vulnerabilities in Internet Explorer, Edge, Office, JScript and VBScript, and .NET Framework.
Microsoft’s security bulletin MS16-084 resolves 15 vulnerabilities in Internet Explorer (IE), most of which the software giant labeled as critical.
They fixed memory corruption vulnerabilities in the application, along with an IE security bypass flaw, information disclosure issues, and browser spoofing vulnerabilities.
They also issued MS16-085 bulletin, which lists 13 security holes in Edge, also rated critical. Most of these flaws were scripting engine memory corruption bugs, but Microsoft also patched information disclosure issues and browser spoofing vulnerabilities.
The most severe of the vulnerabilities in IE and Edge could allow an attacker to execute code remotely on an affected system if a user views a specially crafted webpage using the browser. The attacker could gain the same user rights as the current user and would be able to install programs, view data, change data, delete data, or create new accounts with full user rights.
Microsoft resolved a remote code execution bug (CVE-2016-3238) and an elevation of privilege issue in Windows Print Spooler CVE-2016-3239.
The company also published a separate bulletin (MS16-086) for the scripting engine memory corruption vulnerability in JScript and VBScript tracked as CVE-2016-3204, which affects Internet Explorer.
Microsoft Office saw 7 vulnerabilities patched t with the release of security bulletin MS16-088.
One is a remote code execution bug (CVE-2016-3279) that can end up exploited when the user opens a specially crafted file, while the remaining six are memory corruption flaws.
The new round of updates also resolved information disclosure flaws in Windows Secure Kernel, .NET Framework, and Windows Kernel-Mode Drivers, five Elevation of Privilege flaws in Windows Kernel-Mode Drivers, security feature bypass in Secure Boot and Windows File System, and an information disclosure flaw in Windows Kernel.