Today the second Tuesday of the month, Microsoft Patch Tuesday. The day the cyber security world thinks about Microsoft patches and vulnerabilities. But remember other vendors also release cyber security and functionality updates and patches on or around the same time – check those as well.
Our support team have started reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. Our team will also keep an eye on the reports for the next day or two to check there are no issues, stagglers or absconders! It is always a busy time for us and should be for you or your IT or Cyber Security Support as well.
Here is Microsoft’s detailed page on Patch Tuesday for May 2025:
May 2025 Security Updates – Release Notes – Security Update Guide – Microsoft
Cyber security highlights
Microsoft’s Patch Tuesday update has fixed 78 vulnerabilities and 11 of these are considered critical and 66 as important. Five of them patch zero-day vulnerabilities that are already being exploited in the wild.
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws – BleepingComputer
Not sure what a zero-day vulnerability is? Have a look at this article which explains the zero-day risk to your organisation:
What are zero-day vulnerabilities
Ok, so you do not use Windows – you are a Mac person and proud of it, Patch Tuesday has no impact on you. But what happens when your supplier or best client skips the Patch Tuesday updates? These updates are important for everyone!
Your Takeaway from Microsoft Patch Tuesday.
As always the days around Patch Tuesday are busy for our team as they check the reports from the SOC and RMM to ensure the clients we look after, that everyone in their organisations has updated their systems. If you do not have that kind of support then get these updates done yourself and check that the auto-updating has auto-updated.
Why is Microsoft’s Patch Tuesday Important?
Last year a high-profile hack of the UK’s Electoral Commission, was partly attributed to a failure to apply updates and patches to their systems:
Just when you thought the election was behind us!
Patching and updates are an important step in every cyber security plan – you and you team must get them done – read about that here:
How Microsoft Patch Tuesday can help your cyber security planning
and here:
Don’t Skip That Restart | Octagon Technology
If you’d like our team to check that the updates are being done, have a look here.
Clive Catton MSc (Cyber Security) – by-line and other articles
