Microsoft released patches for 622 vulnerabilities today, more than tripling the previous Patch Tuesday record of roughly 200 flaws. Two of these vulnerabilities are under active exploitation, making them immediate priorities for organisations.
The two zero-days being actively attacked were reported by incident responders. Microsoft has not yet disclosed full technical details about the exploits or affected systems, but the fact that attackers are already weaponising these flaws means defenders have minimal time to act.
This massive patch volume reflects either a backlog of fixes, coordinated disclosure efforts, or both. For IT teams, the scale presents a real challenge. Organisations must prioritise the two actively exploited flaws before moving through the remaining 620 CVEs. Rushing patches without testing risks breaking critical systems, but delaying leaves networks exposed.
The previous record of approximately 200 vulnerabilities in a single Patch Tuesday occurred in June. Today's release nearly triples that figure, creating resource constraints across security operations teams already stretched thin. Prioritisation frameworks become essential. Teams should patch the two zero-days immediately, then focus on other critical-rated flaws affecting their specific infrastructure before moving to lower-severity issues.
Microsoft's Security Update Guide provides CVE details and affected product information. Organisations should cross-reference their asset inventory against the patch list to determine scope. Those running unpatched Microsoft systems face real risk from attackers who now possess working exploits for at least two flaws.
IT leaders should communicate this patch schedule to business stakeholders immediately. Maintenance windows may need acceleration. Testing labs should concentrate on the two zero-days first, validating patch stability on representative systems before broad deployment.
For organisations heavily invested in Microsoft infrastructure, this Patch Tuesday demands a coordinated response. Delay increases breach risk from known exploits. Speed without validation risks stability. The middle ground involves rapid lab testing of the two critical patches
