Microsoft has patched more than two dozen vulnerabilities in its code, many of them considered by experts to be "critical." One bug allowed attackers to take control of a server or workstation via Windows Search. The fixes were part of an update on Tuesday that included 48 patches.
Exploiting the Windows Search vulnerability requires an attacker to remotely send a specially crafted message to the Windows Search service to exploit how the technology handles objects in memory. It would allow the attacker to take full control of the infected computer, per Microsoft.
Dustin Childs, who handles communications for Trend Micro’s Zero Day Initiative, wrote in a post that this bug is "by far the most critical bug for this month" because it allows a malicious request to execute code on a targeted system within an enterprise.
The security updates for Windows 10 PC and mobile were specific to Microsoft Edge, Microsoft Windows Search, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine.