There are critical patches that do not have published exploits. Guidance will be adjusted if and when exploits are released publicly. The most significant patches are to Exchange Server and Microsoft Office. Expedite patching for any system using Exchange or Hyper-V since there are fixes for issues specific to those products.
Testing and patching should be started for all systems. If a critical vulnerability has a public exploit, remediation will be expected within 7 days.
All admins are reminded that browser updates, including updates to Edge Chrome and Firefox, should be deployed regularly. Additional information and patches available from Microsoft