Patch Observer Archive

2017MayPatch Monday: Easy Month and no Attacks
2017AprilPatch Monday: Quarterly Java Updates This Month
2017MarchPatch Monday: Firefox Zero Day
2017FebruaryPatch Tuesday: No Patches This Month
2017JanuaryPatch Tuesday:Light Month for Bulletins
2016DecemberPatch Tuesday: Adobe Flash 0 day
2016NovemberPatch Tuesday: 2 Attacks in the Wild
2016OctoberPatch Tuesday: New Patching Process and 0 days
2016SeptemberPatch Tuesday: Stepping it up
2016AugustPatch Tuesday: Time to Think about Microsoft Edge
2016JulyPatch Tuesday: Print Spooler Attacks Possible
2016JunePatch Tuesday: No Active Attacks
2016MayPatch Tuesday: 2 Active Attacks and Adobe Flash
2016AprilPatch Tuesday: 6 Critical Patches with Exploits in the Wild
2016MarchPatch Tuesday: Client Side Attacks
2016FebruaryPatch Tuesday: IE and Adobe Flash
2016JanuaryPatch Tuesday: IE Support for Older IE Versions Ending‏
2015DecemberPatch Tuesday: Month of Arbitrary Code Execution
2015NovemberPatch Tuesday: Lots of Vulnerabilities but No Active Attacks
2015OctoberPatch Tuesday: Time to Kick the Patching in Gear
2015SeptemberPatch Tuesday: 2 Critical Patches with Attacks in the Wild‏
2015AugustPatch Tuesday: First Month for Windows 10
2015JulyPatch Tuesday: Huge Month for Patches
2015JunePatch Tuesday: Month of Privilege Elevation
2015MayPatch Tuesday: Busy month for admins with 13 patches, 3 critical‏
2015AprilPatch Tuesday: April 2015: 4 Critical and 7 Important Patches
2015MarchPatch Tuesday: 4 Critical and 7 Important Patches
2015FebruaryPatch Tuesday: The Month of Office and Group Policy Patches
2015JanuaryNew Year New Patches!
2014DecemberOffice, Internet Explorer and VBScript
2014NovemberMega Patch Tuesday!
2014OctoberTime to Kick the Patching in Gear
2014SeptemberQuite Month for Microsoft
2014AugustBig Month with 9 Patches
2014JulyAnother Internet Explorer Cumulative Update‏
2014JuneEasy Month to Start the Summer
2014MayCritical Month for Internet Explorer and Sharepoint
2014AprilOnly 4 patches but all remote code executions
2014MarchRemote Code Execution, Security Bypass, and Elevation of Privilege Vulnerabilities
2014FebruaryCumulative Internet Explorer Update and Internet Explorer Attack Paths
2014JanuaryLight Month with 4 Important Patches
2013DecemberFive Critical Patches and There is Something for Everyone
2013NovemberCritical Updates to Client-Side Applications
2013OctoberUpdates for Windows, Office and Servers
2013SeptemberUpdates for SharePoint, Active Directory Servers and For Workstations
2013AugustPatches for everyone: ADFS, Exchange and of course Workstations
2013JulyWorkstations Get Patches for 34 Vulnerabilities
2013JuneFive Bulletins for June--One Is Zero-day
2013MayTwo Updates for Internet Explorer Rated Critical and Eight Bulletins Important
2013AprilCritical for Workstations; Important for Servers
2013MarchVulnerabilities in SharePoint, USB drivers, IE and Others
2013FebruarySome Specific Servers; Mostly Workstations Need Attention
2013JanuaryMany Types of Servers Have Vulnerabilities
2012DecemberSeven Security Bulletins Released – the Majority Affect Servers
2012NovemberExcept for the IIS FTP and .NET patches , You Can Take Your Time to Test. Web Proxy Auto Detection strikes again
2012OctoberA varied month for patches: Windows, Office, SharePoint and SQL Server – 2 vulnerabilities are public
2012SeptemberTwo Patches for XSS Vulnerabilities in Servers
2012AugustNine Security Bulletins This Month
2012JulyMany Have Been Publicly Disclosed
2012JuneA Patch for Servers and Others for Workstations
2012MayMicrosoft Fixes 23 Vulnerabilities
2012AprilNew Vulnerabilities in Microsoft Products
2012MarchA Critical Update for RDP
2012FebruaryGive Priority to Critical Updates
2012JanuaryOne critical update - especially for workstations
2011DecemberLess than expected
2011NovemberDon't Forget the Perimeter Firewall
2011OctoberA Variety of Updates Released
2011SeptemberAn Important Patch Tuesday for Both Workstations and Servers
2011AugustBig Patch Tuesday for All Kinds of Servers and Workstations
2011JulyThe Focus is on Workstations
2011JuneBig Patch Tuesday: Servers and Workstations Need Attention
2011MayTwo-patch Tuesday: one for servers, one for Office products
2011AprilMany vulnerabilities fixed; two are for DCs
2011MarchDLL Security is the focus for Patch Tuesday
2011FebruaryBig Patch Month for Workstations, IIS, Domain Controllers, Servers
2011JanuaryTwo Patch Tuesday
2010DecemberPatch Tuesday Fast Facts and Analysis: 12 workstation patches; 5 for servers
2010NovemberToday’s patches run the gamut from Word to Unified Access Gateway
2010OctoberGobs of Workstation Patches and Some Public; Web Hosters Beware of ASP.NET hole
2010September7 out of 9 vulnerabilties likely to have exploit code soon; 1 already being exploited
2010AugustLot of patches this month, 2 public, none currently being exploited
2010JulyUrgent patching needed against this month's 0-day exploits
2010JuneJune 2010 Patch Tuesday Fast Facts
2010May2 workstation vulnerabilities; critical but not urgent at this point
2010AprilFast Facts on 11 Bulletins in This Month's Patch Tuesday
2010March2 Patches But No Emergency (UPDATED) - OOB patch urgent for pre IE8 systems
2010FebruaryTips and Analysis for Huge Patch Tuesday
2010JanuaryQuiet Month Or Not So Much
2009DecemberPatch Tuesday Analysis: 3 for workstations; 3 for servers
2009NovemberInteresting Month of Security Patches
2009OctoberAnalysis and Recommendations on Worst Patch Tuesday in a Long Time
2009SeptemberImportant TCP/IP patch for servers; 4 more for workstations; 4 training sessions
2009August4 workstation holes and a little something for everyone else
2009JulyBad month for patching
2009JunePatch Tuesday Analysis: Something for Everyone
2009MayJust one patch this month but it's bad and getting worse
2009AprilPatch Tuesday: Big, Bad and Dangerous Workstation Vulnerabilities Already in the Wild
2009MarchWorkstations, Web and DNS Servers Hit
2009FebruaryInternet Explorer, Exchange, SQL Server and Visio Hit
2009JanuaryThe Server Service Attacked
2008DecemberDecembers Out of Band Patch for Zero Day IE Exploit - Yes Patch Now and Decembers Zero Day For Workstations and Other Issues
2008NovemberYet Another Month for Workstations
2008OctoberEveything and Everyone Impacted this Patch Tuesday including Yesterday's "Out of Band" Security Bulletin and MS08-067 could be Code Red 2008
2008September4 for Workstations; Servers Get a Pass
2008AugustBad Month For Workstations
2008JulyOnly 4 - But All 4 Corners Hit
2008JuneSomething For Everyone
2008May3 Workstation Holes, One Urgent, New Hole in MS Security Software
2008AprilHefty Vulnerabilities But No Red Alert This Month
2008MarchMS Office Sustains Quadruple Hits; One of Them Urgent
2008FebruaryBig Patch Tuesday
2008JanuaryTwo Easy Ones For Workstation Admins, Everyone Else Gets Off Easy
2007DecemberTough Month for Workstation Admins; Server Admins Get Off Easy Unless You Use MSMQ or Windows Media Servers
2007OctoberGot Word, IE or SharePoint? Time to patch.
2007SeptemberPatch Tuesday September 07
2007AugustWorkstations Hit Hard But No 0-day Exploits So No Rush
2007JulyPatch Tuesday July 07
2007JuneServer admins get off easy; workstation admins moderately affected
2007MayPatch Tuesday May 07
2007AprilApril's Showers
2007FebruaryWorkstation Admins Commence Crying; MS Anti-Malware Becomes Agent of Malware
2007JanuaryVista and IE7 Remain Unscathed But Still a Bad Month for Workstation Vulnerabilities
2006DecemberRandy's Independent Insights on 7 Microsoft Security Bulletins for December 2006
2006NovemberRandy's Independent Insights on 5 Microsoft Security Bulletins for November 2006
2006OctoberRandy's Independent Insights on 10 Microsoft Security Bulletins for October 2006
2006SeptemberA not so crazy Patch Tuesday's...Yes with an 'S
2006AugustAnother Crazy Patch Tuesday
2006JulyRandy's Independent Insights on 7 Microsoft Security Bulletins for July 2006
2006JuneJune is a big month for workstation-centric vulnerabilities.
2006MayRandy's Independent Insights on May's 3 Security Bulletins
2006AprilThat Time of Year Again...April Shower's and Five Security Bulletins
2006MarchRandy's Independent Insights on This Month's Bulletins
2006FebruaryRandy's Independent Insights on This Month's Bulletins
2006JanuaryNew Year and New Patches
2005DecemberThis Month's Security Updates from Microsoft
2005NovemberNovembers Security Updates from Microsoft
2005OctoberBig October for Security Patches
2005AugustSix Bulletins for August
2005JulyJuly 12, 2005 - Today's Security Updates from Microsoft

Receive Randy's same-day, independent analysis each Patch Tuesday

We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.


Additional Resources
Analysis Criteria
Patch History