Microsoft has released updates for 65 vulnerabilities during its Patch Tuesday of April. The updates fix vulnerabilities in amongst others, Windows, Office, Internet Explorer, Flash Player and Edge. Besides that, the company has added an extra protection measure against attackers.
Details about a vulnerability in Sharepoint Server were already disclosed before Microsoft released patches for it, but according to the software giant, it hasn't been actively abused. From the 65 vulnerabilities, 25 are marked as critical, which means an attacker could take control over the affected computer without or, with only a little, interaction of the user. Simply visiting a malicious or hacked website is sufficient to become a victim.
Also, 38 vulnerabilities were marked as important. Six of the vulnerabilities are in Microsoft Office and allow arbitrary code execution, just like with critical vulnerabilities. Because they require the user to open a malicious document, Microsoft has classified them as less harmful and thus marked them as "important".
The company also writes on its website, “we released security updates to provide additional protections against malicious attackers.”
But Microsoft doesn't provide further details on the additional protection measure.
On most Windows systems the updates, and the additional protection measure will be automatically downloaded and installed. They can also be downloaded from the Microsoft Update Catalog.
