The final critical patch is in the Microsoft HTTP stack. This affects not only Office documents but also email and web sites that could be used to deliver the malicious EMF file to victims. A maliciously crafted EMF file can trigger a remote code execution condition. The Office vulnerabilities are compounded by a critical vulnerability in the Microsoft Graphics Component. Microsoft Office makes another appearance with patches for five vulnerabilities including in Office for Mac. All told, this release covers 26 individual vulnerabilities and it wouldn't be Patch Tuesday without an Internet Explorer bulletin, which patches 10 of those vulnerabilities. April's Microsoft Patch Tuesday has arrived with 11 bulletins including four rated Critical and seven rated Important.
