Big Microsoft Security Patch Expected Tuesday

Expect a whopper patch next week, as Microsoft is planning to release 11 fixes in its April security update.

The April patch may contain five "critical" fixes, plus five "important" ones, as well as one "moderate" fix. As usual, remote code execution (RCE) exploit considerations dominate the slate. Eight of the patches deal with RCE risks, while spoofing, elevation-of-privilege and denial-of-service vulnerabilities are among the other system stressors.

Tuesday's patch will address 25 vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange, according to Microsoft Security Response Center spokesman Jerry Bryant.

Bryant also said that a vulnerability in VBScript that could allow RCE attacks and a denial-of-service hole in Redmond's Server Message Block (SMB) Windows component would both be addressed with next week's patch.

The Internet Explorer flaw exploited at this year's Pwn2Own contest will not be patched this month. It's likely that there won't be another IE patch until May and beyond. Microsoft had issued a cumulative out-of-band patch for Internet Explorer just last week.

Critical Bulletins
All of the critical bulletins are Windows operating system fixes with RCE considerations.

The first two critical fixes affect every supported version of Windows operating systems, including Windows 7. Meanwhile, critical fix No. 3 only touches Windows 2000 Server Service.

The fourth critical hotfix affects every OS except Windows 7 and Windows Server 2008. The fifth and final critical security bulletin covers Windows 2000 and Windows XP.

Important and Moderate Bulletins
Important fixes Nos. 1 and 2 affect every supported Windows OS and also plug holes in Windows-based programs.

Important fix No. 3 addresses Microsoft Office. Affected versions include Microsoft Office XP, as well as Microsoft Office 2003 and 2007 versions.

The fourth important bulletin is yet another Windows fix. It covers every supported OS with the exception of Vista and Windows 7. It also touches several versions of Microsoft's Exchange Server, such as Exchange Server 2000, 2003, 2007 and 2010.

The last important bulletin of the slate is another Office hotfix, covering Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007.

Rounding out the April slate is the lone moderate bulletin, which is described as a Windows fix that affects every OS except Windows 2000 and Windows 7.

Microsoft also provides a means for IT pros to check out nonsecurity updates delivered via Windows Update and Microsoft Update. The details are described in this Knowledge Base article.

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • three main icons—a cloud, a user profile, and a padlock—connected by circuit lines on a blue abstract background

    Report: Identity Has Become a Critical Security Perimeter for Cloud Services

    A new threat landscape report points to new cloud vulnerabilities. According to the 2025 Global Threat Landscape Report from Fortinet, while misconfigured cloud storage buckets were once a prime vector for cybersecurity exploits, other cloud missteps are gaining focus.

  • two large brackets facing each other with various arrows, circles, and rectangles flowing between them

    1EdTech Partners with DXtera to Support Ed Tech Interoperability

    1EdTech Consortium and DXtera Institute have announced a partnership aimed at improving access to learning data in postsecondary and higher education.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.