While installing software updates may not be the most fun you can have, at least you can do it indoors and remotely, safe from the pandemic still raging outside.
As usual, the main source of update information from Microsoft is the Security Update Guide (SUG). The SUG is a huge database, and it’s easy to get overwhelmed by the amount of information there. I begin my analysis by downloading this month’s information as a spreadsheet, which when loaded into Excel is much easier to handle.
Estimates of the number of vulnerabilities addressed by this month’s updates vary: by my count, it’s one hundred and eighteen. Other people show the total as ‘over 110’ and 114. Microsoft seems to have embraced a ‘keep them guessing’ strategy, perhaps so that we’ll eventually give up and stop counting, and learn to simply accept what we get without trying to get a handle on it. In psychology, that’s known as learned helplessness, which sounds about right.
This month’s updates include fixes for still-supported versions of Windows, Office, Edge, SharePoint, Visual Studio, and VS Code.
Also this month there are fixes for the rather horrible Microsoft Exchange vulnerabilities that have led to even worse compromises of business, government, and education systems worldwide in recent weeks. That’s great news, but unless you work in one of those environments, you are likely not affected.
Windows 10 users are once again faced with limited options: a) give in to Microsoft and allow updates to be installed on their schedule, risking bad updates; or b) delay updates as long as possible, risking being exposed to security vulnerabilities.
Windows 8.1 users still have an actual choice, since automatic updates can be disabled entirely. In which case you’ll need to run Windows Update manually to get the latest updates.
Windows 7 still occasionally gets updates. Microsoft creates them for enterprise clients, who pay a premium for that service. Non-paying folks don’t usually have access to those updates, although sometimes Microsoft makes individual updates available to all if they are particularly dangerous. Note that Windows 7 still works just fine: you can minimize the security risk of running it by being extremely careful when using email, browsing the web, clicking links, and downloading software.
Windows XP is still being used, but it’s long past receiving any updates, and it’s increasingly unable to run new software. It’s perfectly safe to use if it’s not connected to the Internet, or if it’s only used for specific, limited tasks.