April Patch Tuesday brings security updates for Windows 10, IE, Microsoft Edge & more

Microsoft claims that Windows 10 is the most secure Windows operating system ever. However, attackers always find ways to break into the system through some of its features and do damage to regular users.

As a part of this April’s Patch this past Tuesday, Microsoft released a handful of new security updates for Windows 10, aiming at known vulnerabilities mainly located in Internet Explorer, Microsoft Edge, and through Adobe Flash Player. The pack consists of 13 security updates, 6 critical, and 7 important ones, and each update targets a specific feature of the system.

Microsoft releases security updates for Windows 10 and its features

Critical updates

• MS16-037 – This update resolves six vulnerability issues in Internet Explorer, which allow attackers to gain user rights of a user. Attackers can collect users’ data through specially crafted website, which uses a special ‘mechanism’ to expose users’ data. Microsoft marks this update as “Patch Now,” therefore, it is highly recommend to install it.
• MS16-038 -This patch does basically the same thing as MS16-037, but it’s aimed for Microsoft Edge. Microsoft marks this update as “Patch Now,” as well.
• MS16-039 – The update targets vulnerabilities in .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. These vulnerabilities could allow remote code execution if a user opens an infected file through one of these services.
• MS16-040 – This patch updates MSXML Services Version 3, removing a possibility of leaving system vulnerable to system vulnerable to remote code execution. Unfortunately, this update only targets Version 3, as other versions are left off, so it’s only helpful if you’re running some older program, developed for earlier versions of Windows.
• MS16-042 – This update aims to solve reported vulnerabilities in Microsoft Office. The update should remove the possibility of leaving users’ system exposed to attackers if a user opens suspicious Office document. This patch is also marked as the “Patch Now” update, so you should install it.
• MS16-050 – The last patch in this pack of critical updates is not related to Microsoft’s products. This update removes vulnerabilities in Adobe Flash Player, and it should arrive to all newer Windows operating systems (Windows 7, Windows 8/8.1 and Windows 10). If you want to find out more about this update, check Adobe’s support page.

Important updates

• MS16-041 – The first important update is mainly aimed to Server 2008 and Windows 7 users. It should deal with reported vulnerability issues with .NET framework.
• MS16-044 – This update resolves a single privately reported vulnerability in the core Windows OLE component. If Windows OLE fails to validate user input, an attacker could execute a malicious code through an infected program.
• MS16-045 – This update removes vulnerabilities exposed in Hyper-V created operating systems. However, if you don’t run Hyper-V, you won’t be exposed.
• MS16-046 – Resolves the reported vulnerability in Windows Secondary Logon process.
• MS16-047 – Resolves the reported vulnerability in Windows Logon Security and Domain policy.
• MS16-048 – Resolves the reported vulnerability in the Windows Client/Server Runtime subsystem.
• MS16-049 – Updates the HTTP.SYS file, in order to resolve the vulnerability that could lead to a denial of service scenario.

If you want to find out more details about all Patch Tuesday’s updates, check TechNet’s support page.