On Tuesday, 10th April Microsoft made available their scheduled security updates to resolve 63 vulnerabilities assigned to the same number of CVEs (defined). Microsoft have provided further details are provided within their Security Updates Guide.
There are 3 knowledge base articles detailing potential issues (some of which are pending resolutions) you may experience upon installing these updates. They are listed below for your reference:
Alongside these updates; Adobe released updates for the following products:
Adobe Digital Editions (priority 3, 2x CVEs)
Adobe Experience Manager (priority 3, 3x CVEs)
Adobe Flash Player v188.8.131.52 (priority 2, 6x CVEs)
Adobe InDesign CC (priority 3, 2x CVEs)
Adobe PhoneGap Push Plugin (priority 3, 1x CVE)
Non-Microsoft browsers should update automatically e.g. Google Chrome should release a browser update in the coming days or will use their component update feature. Microsoft issued a security advisory containing details of their updates
As always; you can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page (since Secunia PSI will be phased out on the 20th of April):
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below. A useful list of all CVEs for this month is present here:
Microsoft Graphics Component consisting of the following 6 CVEs:
Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability : described in more detail here.
Separately AMD have issued microcode (defined) updates for Windows 10 Version 1709 to enhance the protection of their customer’s against variant 2 (CVE-2017-5715) of the Spectre vulnerability. Further details of these updates are available within these KB articles: KB4093112 and KB3073119
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
Wireshark 2.4.6 and 2.2.14
v2.4.6: 10 security advisories
v2.2.14: 8 security advisories
The security advisory wnpa-sec-2018-24 applicable to both of the above versions resolves 10 memory leaks.
As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v2.4.6) or v2.2.14). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.