In a security update posted on May 10, Microsoft specified that it has developed a patch to address a severe vulnerability in Windows.
"The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website," Microsoft wrote in its update. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Affected software includes everything from Windows Vista to Windows 10, encouraging Microsoft to mark the update as "critical" for its users. The security patch corrects how the Windows GDI component and the Windows Imaging Component handle objects in memory.
The patch can be downloaded through Windows Update. Microsoft notes that the download will begin automatically if users have automatic updating turned on. For Windows RT 8.1 users, the update is solely available through Windows Update.
The company states that the vulnerability has not been widely exploited. However, this is the fourth patch issued by Microsoft this year that has impacted every version of Windows. In 2016, dozens of security flaws have been patched by Microsoft, some of which impact Internet Explorer (Edge), Microsoft Office and developer tools.
Microsoft is not the only company that issued significant security updates on May 10. Adobe notably issued its own security advisory, specifically for Adobe Flash Player, which is widely used by websites.
"Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild," the company said on its blog. "Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12."
However, it was Aruba Networks that made major headlines last week for its vulnerabilities. Google Security Engineer Sven Blumenstein published findings on May 6 that showed 26 security flaws in its products, including Aruba OS and AirWave Management Platform.
In 2015, there were 38 percent more security incidents detected than in 2014. The theft of "hard" intellectual property also increased by 56 percent last year. As much as 70 percent of cyberattacks combine phishing and hacking, and they typically involve a secondary victim.
