Microsoft fixes a mass of serious flaws with the latest Windows 10 updates -- but what has it broken this time?
Another Patch Tuesday has rolled around, and this month sees Microsoft releasing a bumper crop of update for Windows 10. In all, April's updates address a total of 108 flaws, 19 of which are considered Critical.
Four of the critical flaws are Exchange vulnerabilities discovered by the NSA, and there are also fixes for no fewer than five zero days. The patches also include fixes for an incredible 89 Important issues.
- Microsoft adds new Windows Tools to Windows 10 for tweakers and administrators
- Microsoft launches a public preview of the 64-bit version of OneDrive
- Microsoft previews its open source Java distribution for Windows, macOS and Linux -- Microsoft Build of OpenJDK
While the number of vulnerabilities addressed by this month's updates is impressive, system administrators around the world will -- despite Microsoft's advice to rely on automatic updates -- almost certainly be holding off installing the patches straight away. The company's track record for releasing problematic patches reached almost farcical levels last month after a series of updates that were supposed to fix printing problems introduced more and more issues for those brave enough to install them.
But this time around, the number of Critical and Important vulnerabilities that are addressed means that uptake is likely to be a little higher than normal.
Writing about the latest batch of updates on the Microsoft Security Response Center, Microsoft says:
This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers. These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats. Customers using Exchange Online are already protected and do not need to take any action. More information on installing these updates is available in our Exchange Release blog.
Full details of all of the updates can be found on Microsoft's Security Update Guide.
While we know the issues that Microsoft has addressed this month, it remains to be seen what unwanted side effects have been introduced this time around. We'll be keeping en eye on things.