On May 12, Microsoft is rolling thirteen security bulletins as part of a new Patch Tuesday. For the month of May, the software maker is pushing out eight new updates rated as Critical and the remaining three updates are rated Important to resolve various vulnerabilities in Windows, Office, Internet Explorer, and other products.
The updates rated as Critical deal with vulnerabilities in Internet Explorer (KB3049563), Windows, .NET Framework, Office, Lync, Silverlight, and Windows Journal (KB3057110 and KB3046002) that could allow remote execution, if the user access a specially crafted webpage or document using these products.
The updates rated as Important address vulnerabilities in Microsoft Server Software, .NET Framework, Silverlight, and Windows. The vulnerabilities could allow elevation of privilege (KB3057191, KB3055642, KB 3058985, KB3057134), feature bypass (KB3050514, KB3050514, KB3057263), remote denial of service (KB3051768), and KB3061518 resolves “the vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. A server needs to support 512-bit DHE key lengths for an attack to be successful; the minimum allowable DHE key length in default configurations of Windows servers is 1024 bits.”
Thus far it appears that Microsoft won’t be releasing a new firmware update for Surface tablets on April, not even for Surface Pro 3. It also seems that there is not new updates in April for Windows 10 Technical Preview.
As always, if you have enabled automatic update, these updates will install automatically. However, you can always go to Windows Update from the Control Panel and install all the May updates manually.