April's Patch Tuesday release contains 113 total CVE numbers addressed, with 19 of them listed as “Critical,” including a fix for a recently announced 0-day vulnerability from March. The “Critical” vulnerabilities affect Windows operating systems, browsers, SharePoint, and Microsoft Dynamics. As always, we recommend testing these patches on a small set of systems before approving them for wider deployment.
Three vulnerabilities are listed as “Exploit Detected” this month.
Operating systems
First, let’s look at the “Critical” vulnerabilities in the operating systems, plus one “Important” that should get some attention. It should be noted that five of the “Critical” vulnerabilities are in Windows 7 and Server 2008 (R2) and require an extended security updates agreement with Microsoft to patch them.