Microsoft’s Security Update Guide provides the raw material for understanding each month’s pile of patches, but it’s not exactly easy to use in its current form. I use the almost-hidden
Download link to the far right of the Security Updates heading about halfway down the page. The downloaded file is an Excel spreadsheet, which I find much easier to navigate that the SUG site. Your mileage may vary.
This month, Microsoft has issued sixty-seven updates and associated bulletins. The updates address seventy-eight vulnerabilities in Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.
The vulnerabilities range from Moderate to Critical in severity, and they can lead to one or more of the usual horrors, including Denial of Service, Elevation of Privilege, Remote Code Execution, Information Disclosure, Spoofing, and Security Feature Bypass. Brrrrr.
By far the easiest way to install all these updates is to let Windows Update do the work. Of course to some extent that means trusting Microsoft not to hose your computer, so there’s that. My current thinking is that I’m willing to trust Microsoft to do this, as long as they at least give me a way to roll back any faulty updates.
Adobe released some security updates to coincide with Microsoft’s patch cycle, but none for the ubiquitous Flash Player or Acrobat Reader.