Microsoft pushed out 16 bulletins on Tuesday, addressing 44 different vulnerabilities in its software, including Windows, Exchange Server, Office, Edge, and Internet Explorer.

Microsoft pushed out 16 bulletins on Tuesday addressing 44 different vulnerabilities in its software, including Windows, Exchange Server, Office, Edge, and Internet Explorer.

Five of the bulletins have been branded critical because each vulnerability associated with them could be used to carry out remote code execution; the remaining 11 are marked important.

According to experts, one of the more concerning critical fixes involves a use after free vulnerability that affects Microsoft Windows DNS server for Windows Server 2012 and 2012 R2. If an attacker sent a specially crafted request to a DNS server, they could convince it to run arbitrary code, Microsoft’s advisory warns.

“Organizations that run their DNS server on the same machine as their Active Directory server need to be doubly aware of the danger of this vulnerability,” Wolfgang Kandek, CTO at Qualys, warned Tuesday afternoon.

Microsoft fixed the issue by modifying how the servers handle requests. Users should update but since most Windows DNS servers don’t face the internet and most admins use them for internal traffic the issue shouldn’t be an immediate concern.

Another critical issue, MS16-070, affects Microsoft Office and could allow an attacker to run arbitrary code and take control of an affected system if the user was logged on with admin rights. An attacker could trigger an exploit merely by sending a Microsoft Word RTF file to a user. Microsoft acknowledges the preview pane is an attack vector and that the flaw could be triggered with a simple e-mail without user interaction.

If for some reason users can’t apply the patches for MS16-070 right away, as a workaround, Microsoft is encouraging users to use Office’s File Block policy to prevent Office from opening .RTF documents from unknown or untrusted sources.

Two more of the critical bulletins, cumulative security updates for Microsoft’s browsers Internet Explorer and Edge, address multiple remote code execution vulnerabilities.

In Edge, the browser’s Content Security Policy fails to properly validate some documents and the Chakra JavaScript engine has difficulty rendering when it handles objects in memory. According to Microsoft’s advisory a few vulnerabilities also exist with regard to how Edge parses .PDF files.

The Internet Explorer fixes mostly pertain to memory corruption vulnerabilities, especially in engines like JScript 9, JScript, and VBScript.

The number of bulletins released by Microsoft are about on par with its May release, when it pushed out 17 bulletins, eight of which were critical. That release included a patch for a JScript and VBScript scripting engine vulnerability that was being publicly exploited. As far as Microsoft is aware, none of exploits this month’s patches fix are being exploited in the wild.

Microsoft pushed out the updates the same day that Adobe rolled out patches for its DNG Software Development Kit, Brackets, Creative Cloud Desktop App, and hotfixes for ColdFusion. A patch for Flash Player, intended to remedy a vulnerability Adobe claims is being exploited in “limited, targeted attacks” was expected today but will arrive later this week.

The remaining bulletins were marked important by Microsoft today: