Microsoft's patch on Tuesday this month has been higher than usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploitation and an Exchange flaw Server that was disclosed last month with a proof-of-concept code. [1
Microsoft has a patched Exchange against a vulnerability that allows remote attackers with fewer than an unparalleled mailbox account to gain administrative control over the server. Dialed PrivExchange, CVE-2019-0686 was publicly disclosed last month, with the proof-of-concept code it exploited. In Tuesday's advisory, Microsoft officials have said they have not seen active exploits, but they are "likely."
To avoid readers' thinking that Microsoft is the only major software manufacturer whose products have been actively exploited in the past week, Apple last week had three iOS weaknesses that said researchers who have been exploited as zero days in the wild . Two of the zero-days were discovered by Project Zero. Apple declined to comment.
Of all, Microsoft has had over 70 vulnerabilities, of which 20 are rated critically. The vulnerable products include IE, Edge, Windows, Office, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Microsoft Dynamics, Team Foundation Server, and Visual Studio Code. Microsoft has a general idea here.