There are no known exploits for the new vulnerabilities released. Guidance will be adjusted if and when exploits are released publicly. The most significant patches are to ODBC drivers for connections to SQL server and Windows Defender SmartScreen functions. If using Windows DNS Server, prioritize the review and patching of the remote code execution vulnerabilities fixed in this patch set.
Testing and patching should be started for all systems. If a critical vulnerability has a public exploit, remediation will be expected within 7 days.
All admins are reminded that browser updates, including updates to Edge Chrome and Firefox, should be deployed regularly. There are Outlook client updates included this month as well. Review the vendor release notes for download and other information