Bottom line: Windows users and IT admins have their work cut out in applying Microsoft's latest security update that packs over a hundred fixes across the company's Office products, dev tools, browsers, business and mobile applications, and multiple versions of Windows. This Patch Tuesday also addresses 3 zero-day vulnerabilities, 1 of which is currently being exploited and relates to a flaw in the Windows Adobe Font Manager Library.
Microsoft's Patch Tuesday for April 2020 comes at a crucial time for businesses and consumers, especially IT staff, who have to ensure workflow stability in the currently expanding WFH landscape.
They also have to maintain the delicate balance of protecting systems from glaring security threats like zero-day exploits and critical flaws, while making sure the available fixes don't create a ripple of new headaches, given Microsoft's sketchy track record with updates.
With that said, it's still important to remain informed on the company's latest security release, which packs a total of 113 fixes across the following software:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- Microsoft Dynamics
- Microsoft Apps for Android
- Microsoft Apps for Mac
The update also includes fixes for the recently discovered zero-day vulnerabilities related to the Windows Adobe Font Manager Library. For those interested, Bleeping Computer has compiled a detailed report on all issues addressed in this security update.
Last month, Microsoft decided to suspend all optional Windows 10 updates from May 2020 onwards due to the coronavirus, in favor of prioritizing security updates like this one. The company is now also delaying its end of support deadline for older versions of Windows 10 and other products by an additional six months.
"As a member of the global community, we want to contribute to reducing the stress our customers face right now," says Microsoft and has updated the end of support timelines as follows:
- Windows 10, version 1709 (Enterprise, Education, IoT Enterprise): Final security update will now be released on October 13, 2020, instead of April 14, 2020.
- Windows 10, version 1809 (Home, Pro, Pro Education, Pro for Workstations, IoT Core): Final security update will now be released on October 13, 2020, instead of April 14, 2020.
- Windows Server, version 1809 (Datacenter, Standard): Final security update will now be released on November 10, 2020, instead of May 12, 2020.
- Configuration Manager (current branch), version 1810: End of support now extended to December 1, 2020, from May 27, 2020.
- SharePoint Server 2010, SharePoint Foundation 2010, and Project Server 2010: End of support now extended to April 13, 2021, from October 13, 2020.
- Dynamics 365 cloud services: Depreciation date for the Customer Engagement legacy web client is now delayed to December 2020, from October 2020.
- Basic Authentication: Disablement of Exchange Online's basic authentication module has been postponed until the second half of 2021.