Microsoft: 14 security bulletins; four critical

Two of the four critical vulnerabilities are for Windows operating systems, one affects the Office. The most severely addressed vulnerability in the Office bulletin could allow Remote Code Execution if a user opens a specially crafted Microsoft office file.

“An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user,” Microsoft wrote. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

The final critical update is for the Edge web browser in Windows 10, The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.