April's Patch Tuesday: Microsoft & Oracle Address 124 Vulnerabilities, Pwn2Own Highlights Urgent Need for Updates
April's Patch Tuesday brought significant updates from Microsoft and Oracle, addressing 26 and 98 vulnerabilities respectively across Windows, Office 365, and other software categories. Microsoft's top priority patch, MS15-033, addresses five Remote Code Execution (RCE) vulnerabilities in Office 365, including a 0-day (CVE-2015-1641) currently under limited attacks. Two critical RCE vulnerabilities (CVE-2015-1649 and 1651) can be triggered simply by previewing an email in Outlook. Another critical patch, MS15-034, affects the HTTP stack on Windows servers, allowing attackers to run code and escalate privileges. Oracle's April 2015 Critical Patch Update fixed 98 vulnerabilities, including critical updates to Java, Oracle RDBMS, and MySQL. April's Patch Tuesday from Microsoft also included 11 patches addressing 26 vulnerabilities, affecting Windows and Office 365 on servers and workstations. APS15-06 for Adobe Flash addresses a vulnerability (CVE-2015-3043) actively exploited in the wild. A cumulative update for Internet Explorer, MS15-032, addresses 10 vulnerabilities affecting all versions from IE6 to IE11. Older Windows versions are affected by a vulnerability in the EMF graphics format, MS15-035, requiring user interaction to render a malicious file. With the Pwn2Own competition demonstrating the real-world impact of unpatched vulnerabilities, it's crucial for users and administrators to apply these updates promptly. Microsoft and Oracle have provided comprehensive patches, addressing a wide range of critical issues. Users should prioritize updating Adobe Flash, Office 365, and their browsers to protect against active exploits.
