Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, or information disclosure.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…