Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a denial-of-service attack or spoof an IPv4 address to bypass filtering devices.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…