During February's Patch Tuesday, Microsoft fixed 50 vulnerabilities in Windows, Internet Explorer, Edge, Outlook, Office and Edge's Javascript engine, ChakraCore. In the worst case the vulnerabilities could be used to take control over the system.
One of the vulnerabilities, that allowed an attacker to circumvent a protection feature of Edge, was already publicly disclosed before a patch was released. However, the vulnerability was not actively abused.
The most critical vulnerabilities are in the scripting engine of Internet Explorer 11 and Edge. Simply visiting a malicious or hacked website, or viewing an infected advertisement, was sufficient for an attacker to execute random code. Also, through vulnerabilities in Microsoft Office and Outlook it was possible to execute random code, but a user first had to open a malicious file.
Microsoft also patched vulnerabilities in the Windows kernel, Microsoft Office and the Windows Embedded OpenType Font Engine. These vulnerabilities could be used to retrieve information, elevate privileges or cause a Denial of Service (DOS).
On most Windows system the update are automatically installed. Users can also manually install them from the Microsoft Update Catalog.
