Microsoft Corporation has announced security updates for April that affect a broad range of Microsoft products. Microsoft Corporation typically announces security updates on the second Tuesday of each month.

Pitt Information Technology recommends that users immediately identify and install the security updates necessary to remediate these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible within the following guidelines:

• Patches addressing zero-day and known exploited vulnerabilities should be installed within 14 days of release.
• Critical/high and unknown/unspecified common patches within 30 days of release.
• Low/medium common patches within 90 days of release.

Specific information about the updates is available on Microsoft’s Security TechCenter, notably the Base Score – or severity rating – for each vulnerability. More information on the Base Score/severity ratings is available from sans.org.

In addition, Pitt IT recommends that all students, faculty, staff, and departments utilize an endpoint protection solution such as Microsoft Defender for Endpoint/Server.

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.  These announcements are led by Pitt IT Security.