Microsoft's Patch Tuesday for August included four critical remote code execution vulnerabilities, some of which impact the new Windows 10 operating system.
Two of the bugs are in Windows browsers -- one in Internet Explorer and one in the new Microsoft Edge browser -- and both allow remote code execution if a user views a specially crafted webpage.
Another is in Microsoft graphics components, and could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. (Last month, Microsoft released an out-of-band patch for a zero-day vulnerability revealed in the leaked Hacking Team files that was also related to embedded OpenType fonts; that bug was in the Microsoft fonts driver.)
The last critical vulnerability in this month's Patch Tuesday is in Microsoft Office. An attacker could compromise the user via a malicious Office file, conduct remote code execution and run arbitrary code in the context of the current user.
Fourteen vulnerabilities were patched, in all. The full details are available here.