During the April’s patch Tuesday Microsoft patched two zero-day vulnerabilities: previously disclosed vulnerability in Microsoft Word (CVE-2017-0199, SB2017040901) and another zero-day in Internet Explorer.
According to vendor’s description, the vulnerability in Internet Explorer CVE-2017-0210 (SB2017041202) allows an attacker to access contents from another domain. This is a very dangerous vulnerability as it may allow an attacker to steal potentially sensitive information and probably even interact with another website.
This month Microsoft patched 51 vulnerabilities in total, 7 vulnerabilities in Adobe Flash Player and 44 Microsoft products.
The total number of all patched vulnerabilities in Microsoft products is displayed on the graph above. In 2017 there were 220 vulnerabilities vs 690 vulnerabilities patched in 2016.
As for the zero-days stats, this Tuesday Microsoft patched second zero-day in IE in 2017. The total number of zero-day vulnerabilities in different versions of Internet Explorer has reached 38 vulnerabilities since 2006.