For those of us that are in patching world the last few weeks has not been fun.  It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached. 

Well unfortunately I'm here to add to your woes.  BK wrote in (thanks) to remind me that on the same day that Microsoft patched a critical issue, ZDI released four vulnerabilities that, whilst based on their CVSS score may not quite reach critical (in Microsoft world), will likely result in a patch for most systems (including Windows phone).  

• http://www.zerodayinitiative.com/advisories/ZDI-15-359/
• http://www.zerodayinitiative.com/advisories/ZDI-15-360/
• http://www.zerodayinitiative.com/advisories/ZDI-15-361/
• http://www.zerodayinitiative.com/advisories/ZDI-15-362/

In this case all four were discovered in-house, disclosed to the vendor over 120 days ago and as of release unlikely to have an exploit associated with it. That is however likely to change. 

Mark H