Skip to content

April's Patch Tuesday: Microsoft, Adobe, and Oracle Release Critical Updates

Microsoft's top priority patch fixes five Remote Code Execution vulnerabilities, including a 0-day. Adobe and Oracle also release crucial updates.

This is a picture of a screen , where there are some icons , and there is a popup message on it.
This is a picture of a screen , where there are some icons , and there is a popup message on it.

April's Patch Tuesday: Microsoft, Adobe, and Oracle Release Critical Updates

April's Patch Tuesday brings significant updates from Microsoft 365, addressing 26 vulnerabilities across 11 patches. Oracle also releases a Critical Patch Update fixing 98 vulnerabilities in over 25 software categories. Meanwhile, Adobe addresses an active Flash vulnerability.

Microsoft's top priority patch, MS15-033, tackles five Remote Code Execution (RCE) vulnerabilities in Office, including a 0-day (CVE-2015-1641) actively exploited in the wild. This patch affects Windows and Office on both servers and workstations. Another critical patch, MS15-034, addresses an RCE type vulnerability (CVE-2015-1635) in the HTTP stack on Windows servers, impacting Windows 2008, 2012, 7, and 8.

MS15-032 is a cumulative update for Internet Explorer, fixing 10 vulnerabilities, nine rated critical, affecting all versions from IE6 to IE11. MS15-035 addresses a vulnerability in the EMF graphics format, requiring user interaction to exploit, and affecting older versions of Windows. Notably, Microsoft's patches follow Trend Micro's initiatives to address security vulnerabilities in Adobe, Mozilla, and Google Chrome software during the PWN2OWN competition in Vancouver.

Adobe's April Security Bulletin includes APS15-06, a high-priority patch for Adobe Flash, addressing a vulnerability (CVE-2015-3043) currently being abused in the wild. Oracle's Critical Patch Update April 2015 fixes 98 vulnerabilities in over 25 software categories, including Java, Oracle RDBMS, and MySQL. The April 2014 update also addressed 100 vulnerabilities, including a critical update to Java on the desktop.

In summary, April's Patch Tuesday brings crucial updates from Microsoft 365, Adobe, and Oracle. Microsoft addresses critical RCE vulnerabilities in Office and Windows, while Adobe patches an actively exploited Flash vulnerability. Oracle's update fixes a wide range of vulnerabilities across multiple software categories. Users and administrators are advised to apply these updates promptly to protect against known security threats.

Read also:

Latest