September’s Patch Tuesday showcases essential updates for Microsoft Office and Visual Studio.

Microsoft has released its September Patch Tuesday update, which includes a total of 59 updates. This month’s release includes critical patches for Microsoft Office and Visual Studio, as well as updates for non-Microsoft applications like Notepad++ and Autodesk. Notably, this update also brings back updates for Microsoft Exchange Server, which now require server reboots.

To help users navigate the risks associated with each update, the Readiness team has created an infographic outlining the potential vulnerabilities. Additionally, Microsoft has provided a list of known issues that users should be aware of, such as compatibility issues with VMware ESXi for Windows Server 2022 and display issues in SharePoint Server.

In terms of major revisions, Microsoft has addressed several vulnerability issues, including a use-after-free vulnerability in Autodesk FBX SDK 2020 and an elevation of privilege vulnerability in Microsoft Exchange Server.

To mitigate the risks associated with these vulnerabilities, Microsoft has provided specific recommendations. For example, if DHCP and Internet Connection Sharing (ICS) features are not enabled, users are not exposed to the related vulnerabilities.

The Readiness team has also provided testing guidance for this update cycle. They have categorized testing scenarios into standard and high-risk profiles, with a focus on major changes related to third-party printer drivers and updates to Microsoft Intune and Windows Defender Application Control.

In terms of product families, Microsoft did not release any updates for its browsers this month. However, Google Chrome has deprecated support for older Windows versions. For Windows platforms, Microsoft released one critical update and 20 important updates, covering various functional areas. In the Office platform, there were no critical updates, but a zero-day vulnerability in Microsoft Word has been disclosed and exploited. Microsoft also released important updates for Exchange Server and critical updates for its development platforms.

Lastly, in line with the growing trend of managing third-party application updates, Microsoft will now include updates for other key applications in its monthly update process. This includes applications like Adobe Reader, and we can expect more third-party applications to be included in future updates.

Overall, it is crucial for users to stay updated with the latest patches and follow the recommended testing and mitigation steps to ensure their systems are secure.