Microsoft's April 2018 Patch Tuesday came and went this week and the company issued its regular monthly software patches to fix various vulnerabilities.
Patch Tuesday is the unofficial nickname of the second or third Tuesday of each month. This is when Microsoft rolls out bug fixes and security patches for its line of software products like Windows and Microsoft Office.
Although it's prudent to keep your machines up to date with the latest patches, we've been warning you about the recent string of problematic Windows updates this year. For example, the January and March updates brought unforeseen issues that forced Microsoft to issue emergency out-of-band patches to rectify the bugs.
We can't blame you if you want to wait it out and delay, postpone or defer your Windows updates until it's known that any lingering system-breaking bugs are squashed. Obviously, you don't want an unbootable system on your hands due to an unstable update. That will be disastrous.
However, it's still important to know what critical and important fixes are included in each update.
For example, it looks like April's Patch Tuesday doesn't include any fixes for Intel's Spectre and Meltdown chip flaws (there's one for AMD chips though). That's an important footnote since this year's system breaking patches were caused by the attempts to mitigate those flaws, anyway.
What this month's updates do contain are 65 security patches, including 24 that are rated critical.
April's Patch Tuesday has 65 security fixes
Microsoft released 177 separate patches this month in total.
Fortunately, there are no actual zero-day patches in this batch, meaning there are no security holes that are actively being exploited at this time.
However, one critical patch (CVE-2018-1034) addresses an already known elevation of privilege bug in SharePoint. This security flaw has been documented earlier but Microsoft said it's not being actively exploited.
Other critical fixes are for serious remote code execution bugs in the graphics component of Windows (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016). These are nasty bugs that could allow an attacker to take control of a machine via malicious fonts from a webpage or a document.
Also included in this list is a fix for a remote code execution vulnerability (CVE-2018-0986) in Windows Defender's malware engine. This patch was already pushed out a week ago as an emergency update.
Owners of the Microsoft Wireless 850 Keyboard are also getting a rare hardware fix for a flaw that could allow an attacker to bypass security checks and record keystrokes (CVE-2018-8117). If you use this keyboard model, better patch it as soon as you can.
Computers with AMD processors should be cautious though since this patch (KB4093112) contains a Spectre flaw fix. Hopefully, this patch is not as bad as the early Intel Spectre fixes.
Do you still use Flash? Update ASAP
And as usual. Microsoft also bundled patches for Adobe products in its Patch Tuesday updates too.
Flash Player, in particular, is getting critical patches for three serious remote code execution flaws. These bugs could allow a hacker to take full control of a computer by merely exploiting Adobe's infamous plugin.
Three more Flash patches are for information disclosure bugs and a local privilege execution flaw. If you still insist on using Flash Player for websites (you shouldn't), it's important that you at least update to the latest version 220.127.116.11 immediately.
How to update
If you think April's updates are critical enough that it's not worth delaying them, here's how you do it:
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.
If you want to check, here's how:
On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, select "Check for Updates." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.)
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 18.104.22.168.
New! Chrome, Firefox, Edge will finally get rid of passwords
In other news, WebAuthn is coming to a browser near you! Now, instead of using the archaic username and password system, you can finally use your biometric data like fingerprints, retina scans, facial recognition data to register and sign in to a site. Click here to learn more.