Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today.
The company is warning users that if left unpatched, 10 of the issues can lead to remote execution.
The updates resolve issues in Microsoft Windows, Office, Office Service and Web Apps, Exchange, its Internet Explorer and Edge browsers and Adobe Flash Player.
Among the bugs fixed on Tuesday is a 10-year-old vulnerability, CVE-2016-0137, that existed in Detours, Microsoft Office’s hooking engine. The bug, disclosed over the summer and discussed in depth at Black Hat, affected a handful antivirus platforms that use code hooking. The vulnerability allowed hackers to bypass exploit mitigations present in Windows and those third party applications. Researchers at enSilo, who unearthed the bug, disclosed it to Microsoft nine months ago, prior to Black Hat. At the time the researchers warned that hundreds of thousands of users could be affected by the vulnerability.