In today's update, the three errors are classified as critical, there is one that is classified as moderate and 56 as significant.
Out of a total of 86 vulnerabilities (including fixes to Microsoft Edge) we have:
27 Errors Leading to Elevation of Privilege
2 Feature bypass vulnerabilities security
16 Remote execution vulnerabilities code
11 Vulnerabilities for information disclosure
1 Denial of service vulnerabilities
8 Spoofing vulnerabilities
Last Tuesday, Microsoft has revealed that this vulnerability in Windows MSHTML is already used on the internet in phishing attacks.
These attacks come with malicious Word documents that can download and run a malicious DLL file on the victim's computer.
This file allows an attacker to gain remote access to the device of the victim to steal files and spread throughout the network.
Immediately after Microsoft revealed the vulnerability, too many security people started sharing vulnerability drivers, which now allows anyone to launch attacks, as shown below.
CVE-2021-36968 - Windows DNS Elevation of Privilege Vulnerability
CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability