Microsoft fixes critical security flaw affecting all Windows users

The software giant also fixed six serious vulnerabilities, including a nasty Flash bug that affects most newer users of Windows.
Written by Zack Whittaker, Contributor
(Image: file photo)

Microsoft's monthly batch of security updates was surprisingly light for April, but one flaw sticks out from the crowd.

The software giant said that all users of Windows Vista and later -- including Windows 10 -- should patch as soon as possible to prevent attackers from exploiting a flaw in how the operating system handles graphics and fonts.

The "critical" bulletin (MS16-039) patches a series of vulnerabilities that could allow an attacker to remotely install programs, view data, and create new user accounts with full rights.

An attacker would have to trick a user into opening a specially-crafted media file, which would let the attacker take control of the entire system.

The flaw is not thought to have been actively exploited in the wild.

Microsoft also fixed the so-called Badlock flaw, which it rated "important." The flaw, first revealed last month, drew ire from the security community for publicizing the flaw weeks before it was scheduled to be patched.

Two separate cumulative patches to Internet Explorer (MS16-037) and its newer browser, Microsoft Edge for Windows 10 (MS16-038), will fix 12 separate vulnerabilities, which among other things would allow a hacker to remotely run code or malware on an affected computer.

Another bulletin fixes a number of critical-rated vulnerabilities in Adobe Flash, affecting Windows 8.1 and later.

April patches will be available through the usual update channels.

Editorial standards