Microsoft issued April 2018 Security Updates that include at least 63 vulnerability fixes, 22 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Visual Studio, Malware Protection Engine and Adobe Flash.
The majority of the fixes are in Microsoft’s browser and browser-related technologies.
According to Qualys, five of the critical vulnerabilities impact the Windows Font Library (also known as Microsoft Graphics in the security bulletins). These should be prioritized for patching.
Threatpost also noted a Sharepoint elevation of privilege vulnerability (CVE-2018-1034), rated as important, was also publicly disclosed. This bug still has no fix, but has also not yet been publicly exploited.
Microsoft also released an out-of-band patch update last week to address a remote execution vulnerability (CVE-2018-0986) in Microsoft Malware Protection Engine.