blog main picture

April Patch Tuesday Bulletin

Welcome to the April Microsoft Patch Super Tuesday Bulletin. This month there are 73 Bulletins we recommend to be addressed. There are 6 Critical updates for the Microsoft products. The good news is that even if the amount of vulnerabilities is high, none of them are being reported as exploited in the wild.
 
The only vulnerability worth mentioning is the Out-of-Band update to the Malware Protection engine, which addresses the remote code execution that was reported as possible through it.
 
ECHO is addressing these for our clients. To others, we hope this list is useful for you.
 
For additional details, please find the release details below:
 
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Internet Explorer
IE 9, 10, 11
Critical
*Workaround: No
**Exploited: No
Remote Code Execution
Information Disclosure
Edge
Microsoft Edge
Critical
*Workaround: No
**Exploited: No
Remote Code Execution
Information Disclosure
Windows
Windows 7, 8.1, RT 8.1, 10
Server 2008/2008 R2
Sever 2012, 2012 R2
Server 2016
Windows Defender
Important
*Workaround: No
**Exploited: No
Information Disclosure
Elevation of Privilege
Denial of Service
Remote Code Execution
Security Feature Bypass
Office, Office Services and Web Apps
Excel and Word 2007, 2010, 2013, 2016
SharePoint Server and Office 2010, 2013, 2016
Office Web Apps 2010, 2013
 Office for Mac 2016
Important
*Workaround: No
**Exploited: No
Information Disclosure
Remote Code Execution
Elevation of Privilege
 
Chakra
ChakraCore
Critical
*Workaround: No
**Exploited: No
Remote Code Execution
Adobe Flash
Player
Critical
*Workaround: No
**Exploited: No
Remote Code Execution
Information Disclosure
Malware Protection Engine
Windows Defender Intune Endpoint Protection
Critical
*Workaround: No
**Exploited: No
Remote Code Execution
Visual Studio
VS 2010, 2012, 2013, 2015, 2017
Important
*Workaround: No
**Exploited: No
Information Disclosure