Microsoft this week released Vulnerability-related.PatchVulnerability software updates to fix Vulnerability-related.PatchVulnerability roughly 50 security problems with various versions of its Windows operating system and related software , including one flaw that is already being exploited Vulnerability-related.DiscoverVulnerability and another for which exploit code is publicly available . The zero-day bug — CVE-2018-8453 — affects Vulnerability-related.DiscoverVulnerability Windows versions 7 , 8.1 , 10 and Server 2008 , 2012 , 2016 and 2019 . According to security firm Ivanti , an attacker first needs to log into the operating system , but then can exploit this vulnerability to gain administrator privileges . Another vulnerability patched Vulnerability-related.PatchVulnerability on Tuesday — CVE-2018-8423 — was publicly disclosed Vulnerability-related.DiscoverVulnerability last month along with sample exploit code . This flaw involves a component shipped on all Windows machines and used by a number of programs , and could be exploited Vulnerability-related.DiscoverVulnerability by getting a user to open a specially-crafted file — such as a booby-trapped Microsoft Office document . KrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases Vulnerability-related.PatchVulnerability monthly security updates before installing the fixes , with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out . This month , Microsoft briefly paused Vulnerability-related.PatchVulnerability updates for Windows 10 users after many users reported losing all of the files in their “ My Documents ” folder . The worst part ? Rolling back to previous saved versions of Windows prior to the update did not restore the files . Microsoft appears to have since fixed Vulnerability-related.PatchVulnerability the issue , but these kinds of incidents Vulnerability-related.PatchVulnerability illustrate the value of not only waiting a day or two to install updates but also manually backing up your data prior to installing patches ( i.e. , not just simply counting on Microsoft ’ s System Restore feature to save the day should things go haywire ) . Mercifully , Adobe has spared Vulnerability-related.PatchVulnerability us an update this month for its Flash Player software , although it has shipped Vulnerability-related.PatchVulnerability a non-security update for Flash .