Microsoft’s contribution to our monthly headache starts with a post on the TechNet MSRC blog: April 2018 security update release. This brief page consists of the same boilerplate we get every month, and provides no details at all. We’re informed that “information about this month’s security updates can be found in the Security Update Guide” but there isn’t even a link to the SUG.
Analysis of the SUG for this month’s Microsoft updates shows that there are sixty updates, addressing sixty-eight vulnerabilities in Flash, Excel, Word, and other Office components, Internet Explorer, Edge, Windows, and Defender. Twenty-three of the vulnerabilities are flagged as Critical.
If your Windows computer is not configured for automatic updates, you’ll need to use Windows Update in the Control Panel to install them.
Adobe’s offering for this month’s patching fun is a new version of Flash Player: 220.127.116.11 (APSB18-08). Six security vulnerabilities — three flagged as Critical — are fixed in the new version.
If you’re using a web browser with Flash enabled, you should install Flash 18.104.22.168 as soon as possible. The embedded Flash used in Internet Explorer 11 and Edge on newer versions of Windows will get the new version via Windows Update. Chrome’s embedded Flash will be updated via Chrome’s automatic update system. To update the desktop version of Flash, visit the About Flash page.