Microsoft's second-largest Patch Tuesday ever. SharePoint Server XSS zero-day (CVSS 6.5) confirmed in active exploitation and added to CISA KEV. Windows Defender BlueHammer LPE (CVSS 7.8) has a full public PoC. Also includes a wormable IKE RCE at CVSS 9.8.
CISA added 7 actively exploited vulnerabilities to the KEV catalog including FortiClient EMS SQL injection (CVSS 9.1). Federal deadline is April 16 for Fortinet, April 27 for the remaining six.
In the same week, CISA's KEV catalog gained a Chromium CSS engine UAF, a Roundcube RCE that hid for over a decade, a BeyondTrust RCE abused by ransomware, and a Dagu RCE due to no default authentication. All four require immediate patching.
