Microsoft patches 68 vulnerabilities, two actively exploited ones
Microsoft has patched 68 vulnerabilities in Windows, Office, Edge, Internet Explorer and SQL Server, two of which have already been exploited by attackers and three that have been publicly disclosed.
The patches are covered in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are rated critical and eight are rated important.
Administrators should prioritize the Windows patches in the MS16-135 bulletin, because they address a zero-day vulnerability that’s already being exploited by a group of attackers known in the security industry as Fancy Bear, APT28 or Strontium.