Microsoft’s Patch Tuesday released with fixes for 46 issues, 15 of which ended up labeled critical.
This month’s update round is about one third of the size of March’s release, with 46 vulnerabilities fixed, 14 of which are in Hyper-V.
Those which administrators should focus on are two Zero Days undergoing exploitation, CVE-2017-0199 and CVE-2017-0210.
CVE-2017-0199 has been targeting Microsoft Word users since January and affects all versions of Office up to Office 2016 running on Windows 10, Microsoft’s most secure OS to date.
It has also undergone exploitation in an email campaign designed to distribute the Dridex banking Trojan.
The other Zero Day is an elevation of privilege vulnerability in Internet Explorer.
An attacker tricking a victim into opening a maliciously crafted document end up gaining the ability to execute arbitrary code, gaining a foothold to further compromise the organization’s network.
There are also critical updates for the just released Windows 10 Creators Update, as well as Windows Server, .NET Framework, Adobe Flash for IE and more.
Windows Vista received its last round of updates, so any organizations still running the OS should upgrade as soon as possible.