Microsoft issued February 2018 Security Updates that includes more than 50 fixes, 14 of them critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.
One of the most notable critical vulnerabilities fixed is an Outlook memory corruption vulnerability (CVE-2018-0852) that could allow an attacker to run arbitrary code in the context of the current user to take control of the affected system. This scary bug also allows an attacker to use the Outlook Preview Pane as an attack vector.
Another critical fix addresses a StructuredQuery Remote Code Execution (RCE) vulnerability (CVE-2018-0825) that could also allow an attacker to take control of the affected Windows system. Qualys said this patch should be on the top of the priority list and Microsoft said exploitation of this bug is more likely.
The update also includes out-of-band Office patches issues in mid-January and Adobe Flash fixes from last week. See the Security Update Guide for more details on all patches.