Microsoft fixed four critical vulnerabilities Tuesday, none of which to date are being exploited in the wild. Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10. All four critical vulnerabilities announced by Microsoft are new, and security pros are advised to patch in the first 72 hours to reduce risk in safeguarding both data and infrastructure. Hereâs a breakdown of the four Microsoft vulnerabilities: CVE-2021-26419: Scripting engine memory corruption vulnerability According to Eric Feldman, senior product marketing manager at Automox, this one operates as a critical remote code execution (RCE) vulnerability that impacts Internet Explorer 11 and 9 running on multiple versions of Microsoft Windows and Windows Server. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and other websites that accept or host user-provided content or advertisements. These websites could contain specially-crafted content that could exploit the vulnerability. Feldman recommends that security pros prioritize this patch, or upgrade to a more modern browser if possible.