This post has been republished via RSS; it originally appeared at: Microsoft Security Bulletins.
Severity Rating: CriticalRevision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.