The flaw, , also affects Skype for Business 2016, Microsoft Lync 2010 and Lync 2013, as well as Office 2007 and Office 2010.
Another major flaw, MS15-124, affects all supported versions of Internet Explorer, which can allow an attacker to to gain the same user rights as the current user. Those running as an administrator would be most affected by the flaw.
An attacker would have to "take advantage of compromised websites," said the advisory. "These websites could contain specially crafted content that could exploit the vulnerabilities." An attacker could also convince a user to open a web page from an email.
Both of these flaws were privately reported and are not thought to have been exploited in the wild.
Here's the rundown for the other critical flaws:
MS15-126 addresses critical flaws in JScript and VBScript, which could allow an attacker to gain the same rights as the current user. The flaws affect Windows Vista and Windows Server 2008 (and Server Core installations).
MS15-127 fixes an issue with Windows DNS, which could allow an attacker to run code as a local system account by modifying how Windows DNS servers handle requests. Only machines running Windows Server 2008 and later are affected.
MS15-129 patches issues relating to Microsoft Silverlight for both Windows and Mac users, which could lead to read-write access violations. An attacker would have to trick a user into visiting a malicious web page to carry out the attack.
MS15-130 resolves a flaw in Windows 7 and Windows Server 2008 R2, which could allow an attacker to remotely execute code by exploiting a flaw in font processing.
MS15-131 relates to Microsoft Office 2007 users and later on both Windows machines and Macs, which could allow an attacker to remotely execute code if a user opens a specially-crafted Office file.