Twelve months of Patch Tuesday, distilled.
Monthly briefings on Microsoft's security updates — vulnerabilities remediated, known deployment issues, the pros and cons of rolling out, and where Secure Chain can help.
A heavy month dominated by remote code execution and identity risk.
May 2026's Microsoft release skewed towards remote code execution and identity weaknesses — a combination that creates a realistic path to data exfiltration if left unpatched.
Read briefingBrowser engine and Office vulnerabilities take centre stage.
April 2026's release was led by browser engine flaws and a cluster of Office document-handling vulnerabilities — the realistic infection vector for most ransomware affecting UK SMEs.
Read briefingExchange Server and Outlook headline a high-impact month.
March 2026 brought a focused set of Exchange Server and Outlook vulnerabilities — a familiar pattern that has previously led to opportunistic mass exploitation within days.
Read briefingA lighter month — but two zero-days demand immediate action.
February 2026 was numerically smaller than usual, but included two vulnerabilities reported as actively exploited in the wild. Volume is not the right measure for prioritisation.
Read briefingFirst release of the year — a broad spread across the Microsoft estate.
January 2026 set the tone with a wide-ranging release touching Windows, Office, Hyper-V and Azure components. Several rated Critical, with realistic exploitation paths for unmanaged endpoints.
Read briefingLast release of the year — modest in volume, meaningful in impact.
December 2025 delivered a smaller-than-average release, weighted towards Windows kernel and Office issues. The challenge is operational: limited maintenance windows around the holiday period.
Read briefingBrowser, Office and one exploited Windows vulnerability.
November 2025's release was led by browser updates, a cluster of Office issues, and one Windows vulnerability reported as actively exploited at time of disclosure.
Read briefingCybersecurity Awareness Month meets a heavy Patch Tuesday.
October 2025 was one of the larger releases of the year — wide-ranging Windows, Office, Exchange and Azure updates. A good month to demonstrate patching maturity to auditors and boards.
Read briefingBack-to-school release with realistic remote-work risks.
September 2025's release focused on remote-work attack surface — VPN clients, networking stacks and browser components. Relevant for any organisation with a distributed workforce.
Read briefingSummer release with a Hyper-V escape and Office cluster.
August 2025 brought a Hyper-V guest-to-host escape and another cluster of Office vulnerabilities — challenging timing for SMEs with reduced summer staffing.
Read briefingMid-summer release with Windows networking and SQL Server fixes.
July 2025's release covered Windows networking, SQL Server and the usual cadence of kernel and Office issues. SQL Server fixes in particular needed careful planning around database availability.
Read briefingStart of the cycle — a balanced release with two notable Critical CVEs.
June 2025 kicked off our twelve-month archive with a balanced release including two Critical vulnerabilities in Windows networking and a SharePoint Server RCE worth prioritising.
Read briefing