Microsoft's monthly Patch Tuesday came a little earlier this month and they dropped five critical patches for a number of Windows vulnerabilities yesterday.
The biggest security fix is for a flaw in Windows 10's new Edge Browser, which would have allowed remote code execution attacks.
The security bug affects how Edge renders PDF pages automatically by default, which is not the case for other browsers. This means an attacker could embed a maliciously crafted PDF document on a website and Edge will run the exploit automatically, potentially compromising full control of a machine (MS16-102).
Although no attacks exploiting this flaw have been reported yet, it is certainly a potent way for attackers to infect millions of machines. As with all these security updates, catching these flaws before attackers could utilize them is critical for the safety of users around the world.
Attackers will now start looking for Edge's PDF flaws as entry points for malicious code since PDF is a widely used document platform. As a temporary workaround, Microsoft suggests that users remove Edge from the default PDF reader file associations.
We have an even better suggestion, don't use Microsoft Edge as your browser until they sort this PDF bug out completely. As we mentioned earlier, other browsers like Chrome or Firefox do not render PDF content by default.
The Microsoft Edge browser is only available on Windows 10 systems so this patch doesn't apply to Windows 8.1 and earlier.
More Critical Updates
Critical updates in yesterday's Patch Tuesday batch include the usual cumulative security patches for all supported Internet Explorer versions that fixes flaws leading to more remote code execution (MS16-095).