April Patch Tuesday brings security updates for Windows 10, IE, Microsoft Edge & more

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft claims that Windows 10 is the most secure Windows operating system ever. However, attackers always find ways to break into the system through some of its featuresĀ and do damage to regular users.

As a part of this April’s Patch this past Tuesday, Microsoft released a handful of new security updates for Windows 10, aiming at known vulnerabilities mainly located in Internet Explorer, Microsoft Edge, and through Adobe Flash Player. The pack consists of 13 security updates, 6Ā critical, and 7Ā important ones, and each update targets a specific feature of the system.

Microsoft releases security updates for Windows 10 and its features

Critical updates

  • MS16-037Ā – This update resolves six vulnerability issues in Internet Explorer, which allow attackers to gain user rights of a user. Attackers can collect users’ data through specially crafted website, which uses a special ‘mechanism’ to expose users’ data. Microsoft marks this update as “Patch Now,” therefore, it is highly recommend to install it.
  • MS16-038Ā -This patch does basically the same thing asĀ MS16-037, but it’s aimed for Microsoft Edge.Ā Microsoft marks this update as “Patch Now,” as well.
  • MS16-039Ā – The update targets vulnerabilities inĀ .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. These vulnerabilities could allowĀ remote code execution if a user opens an infected file through one of these services.
  • MS16-040Ā – This patch updatesĀ MSXML Services Version 3, removing a possibility of leaving system vulnerable toĀ system vulnerable to remote code execution. Unfortunately, this update only targets Version 3, as other versions are left off, so it’s only helpful if you’re running some older program, developed for earlier versions of Windows.
  • MS16-042Ā – This update aims to solve reported vulnerabilities in Microsoft Office. The update should remove the possibility of leaving users’Ā system exposed to attackersĀ if a user opens suspicious Office document. This patch is also marked as the “Patch Now” update, so you should install it.
  • MS16-050Ā – The last patch in this pack of critical updates is not related to Microsoft’s products. This update removes vulnerabilities inĀ Adobe Flash Player, and it should arrive to all newer Windows operating systems (Windows 7, Windows 8/8.1 and Windows 10). If you want to find out more about this update, check Adobe’s support page.

Important updates

  • MS16-041Ā – The first important update is mainly aimed toĀ Server 2008 and Windows 7 users. It should deal with reported vulnerability issues with .NET framework.
  • MS16-044Ā – This update resolvesĀ a single privately reported vulnerability in the core Windows OLE component. If Windows OLE fails to validate user input, an attacker could execute a malicious code through an infected program.
  • MS16-045Ā – This update removes vulnerabilities exposed in Hyper-V created operating systems. However, if you don’t run Hyper-V, you won’t be exposed.
  • MS16-046Ā – Resolves the reported vulnerability in Windows Secondary Logon process.
  • MS16-047Ā – Resolves the reported vulnerability inĀ Windows Logon Security and Domain policy.
  • MS16-048Ā –Ā Resolves the reported vulnerability in the Windows Client/Server Runtime subsystem.
  • MS16-049Ā – Updates theĀ HTTP.SYS file, in order to resolve the vulnerability that could lead toĀ a denial of service scenario.

If you want to find out more details about all Patch Tuesday’s updates, check TechNet’s support page.

More about the topics: windows 10 update

User forum

0 messages