Microsoft has just released a cumulative update for Windows 10 Version 1511 (KB3140768), bringing Windows 10 to version 10586.164 and with that update are a large number of fixes for what appear to be very serious exploits, affecting a large number of Windows subsystems.
The security updates are listed at the bottom of this article, but to summarize the KB articles, it appears that there is an issue with how Windows handles objects in memory, allowing an attacker to gain administrative privileges over a system running any version of Windows from Windows Vista on. This attack can seemingly be delivered through a variety of channels, including applications, pdf files, Microsoft Office documents, USB drives, or even media files hosted on a website.
Because of the wide ranging nature of these fixes, and the public nature of them now that they have been released, it is highly recommended that everyone install these updates immediately to best protect themselves from malicious software. These patches also affect all versions of Windows currently supported.
- Security Update for .NET Framework to Address Security Feature Bypass - Important
- Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege - Important
- Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege - Important
- Security Update for Secondary Logon to Address Elevation of Privile - Important
- Security Update for Microsoft Windows to Address Elevation of Privilege - Important
- Security Update for Windows OLE to Address Remote Code Execution - Important
- Security Update for Microsoft Office to Address Remote Code Execution - Important
- Security Update for Microsoft Windows PDF Library to Address Remote Code Execution - Critical
- Security Update for Windows Media to Address Remote Code Execution - Critical
- Security Update for Graphic Fonts to Address Remote Code Execution - Critical
- Security Update for Windows Library Loading to Address Remote Code Execution - Important
We have reached out to Microsoft and are waiting for a comment on the exploit or exploits that were patched.
Source: Microsoft Security Bulletin