This security update addresses vulnerabilities affecting Microsoft Office. When successfully exploited, it could allow remote code execution via a specially crafted .RTF file. Remote attackers can also get the same user rights as the current user.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.