Yesterday was Microsoft's regular Update Tuesday, and new vulnerabilities were discovered that need updates immediately.
Included in this batch of security patches are five critical updates to popular everyday programs such as Internet Explorer, Microsoft Office and even Microsoft's new browser Edge. So if you are using these programs regularly, make sure you apply them as soon as you can.
The cumulative browser updates (Internet Explorer and Microsoft Edge), in particular, addresses a vulnerability that could allow remote code execution through a malicious webpage. The scary part about this vulnerability is that, once exploited, the attacker could gain the same user rights as the current logged-in user. This means if your system gets compromised while an administrator account is logged in, the attackers could basically do anything they want, like view and delete data, install programs, change passwords, etc.
The Microsoft Office and the Active Scripting patches close similar holes. Remote code execution via poisoned websites could potentially give the attacker full control of your machine. Bad news all around so it is advised that you apply these patches as soon as possible.
The last critical update is another important one, especially for networks who run their own DNS servers. The exploit lets attackers send malicious requests to a DNS server that will allow them to, yes, you guessed it right, execute remote code.