This post has been republished via RSS; it originally appeared at: Microsoft Security Bulletins.
Severity Rating: CriticalRevision Note: V2.0 (April 11, 2017): Bulletin revised to announce the release of update 4017018 for Windows Vista and Windows Server 2008. The update adds to the original release to comprehensively address CVE-2017-0038. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4017018 for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.