Microsoft this Tuesday released 17 security bulletins that covered 135 vulnerabilities in its products and another one for Flash Player, whose security patches are circulated through Windows Update. This is the largest batch of fixes that Microsoft has ever released and it includes the patches that were scheduled for February. Microsoft had decided to postpone them due to a last minute issue.The fixes also cover several publicly known and highly exploited vulnerabilities.
The affected software include Internet Explorer, Microsoft Office, Microsoft Lync, Windows, Skype for Business, Microsoft Silverlight, Microsoft Edge and Microsoft Exchange.
Nine bulletins were considered critical and nine important.
On highest priority is MS17-013 bulletin, which resolves vulnerabilities in Microsoft Windows, Office, Skype for Business, Lync, and Silverlight. Many of these vulnerabilities could allow remote code execution if a user visits any specially designed website or a document. Users with administrative user rights will be the most impacted ones.
Another bulletin MS17-012 resolves vulnerabilities in Microsoft Windows.
The MS17-006 bulletin for Windows and Internet Explorer and MS17-007 bulletin for Windows and Edge resolve vulnerabilities that were publicly disclosed, including that of critical remote code execution.
Of interest to server administrators are MS17-008 bulletin for Security Update for Windows Hyper-V and MS17-019 resolving Active Directory Federation Server issue. Also, bulletins MS17-015 and MS17-016 for Microsoft Exchange and IIS are important as these systems get exposed to the internet.