Last updated at Fri, 21 Jul 2017 15:43:10 GMT
Patch Tuesday came in hot this month with 15 advisories, of which 4 are listed as critical. Hate to point it out, but this was originally advertised as 16 with 5 critical, but the patch for MS14-068 apparently isn't ready for prime time yet. Hopefully the decision to hold it back was based on both the testing and an assessment of risk.
The top patching priority is definitely going to be MS14-064, which is under active exploitation in the wild and may be related, at least superficially, to last month's Sandworm attack, which also worked through a vulnerability in OLE.
After MS14-064, attention belongs on MS14-065 and MS14-066, Internet Explorer and SChannel respectively. The SChannel issue is risky, since there is a very good chance that this service could be exposed or accessed via the perimeter. The IE patches are cumulative, as usual, and address 17 CVEs.
Second most important are MS14-067 for MSXML, MS14-069 for Office, & MS14-073 for Sharepoint which all have priority two for patching.
The expected patch for MS14-075 (MS Exchange) was pulled at the last moment. We can only speculate that some negative interaction outweighing the benefit was discovered.
Every supported version of Windows is impacted by the critical issues, with the minor exception of Server Core not having Internet Explorer exposure.
Perimeter systems are often mission critical and need the fastest attentions. Administrators will have to balance the risk of exploit with their perceived exposure and their tolerance for downtime.