'In the Web-based attack scenario, the attacker hosts a website specifically designed to exploit the vulnerability through Internet Explorer and then make the site accessible to users,' Microsoft explained. 'An attacker can embed the embedded ActiveX Control as' safe 'in an Microsoft Office application or file with an IE rendering engine.'
In addition, Microsoft also patched many vulnerabilities in remote code execution in Microsoft Office and Excel, patched six bugs in Adobe Flash Player, three of which were considered serious.
The remaining errors belong to Windows, Microsoft Office, Internet Explorer, Microsoft Edge, ChakraCore, Malware Protection Engine, Microsoft Visual Studio, and Microsoft Azure IoT SDK, along with errors on Adobe Flash Player
Users should update the patch as quickly as possible by going to Settings> Update and Security> Windows Update> Check for Updates.
See more: