Microsoft’s Patch Tuesday addressed 120 vulnerabilities. 17 are
critical severity rated, with two zero days addressed. The first
allows attackers to bypass security features to load files, and the
second affects the Internet Explorer scripting engine, allowing
attackers to execute code. Both zero days are actively exploited and
one is publicly disclosed. Additional information can be found here
Adobe also released patches for Adobe Lightroom, Acrobat and Reader.
The Lightroom vulnerability affects Lightroom Classic version 18.104.22.168
and earlier, and has a vulnerability rating of 3 (high). The Reader
vulnerabilities affects all versions from 2015 to present and has a
vulnerability rating of 2.
Other notable patches released include Chrome and Citrix.
Chrome addressed 15 bugs, the majority of which are rated high.
Citrix addressed a set of vulnerabilities in Citrix Endpoint
Management (XenMobile Server). Applies to version 10.9 and newer.
Older than 10.9 requires an upgrade to a newer version entirely.