Today is the regular Patch Tuesday for Microsoft, and this time the update will solve 57 different vulnerabilities (in 12 different packages depending on which software you’re using).
Five of these packages are listed as critical, so it’s important that you run Windows Update as soon as you can on your clients/servers.
There is always the question of “should I update now, or should I wait until others have reported that the patch works okay?”. To me, testing the patches in a non-production environment and then deploy in production as well as quickly as posible goes without saying, but those who doesn’t have that ability need to assess the risk.
This risk of patching can of course mean that you run into a bug with the patch, while the risk of Not updating means that attackers will most certain be looking into which issues were fixed and how they can be exploited – and then exploit it on the systems which haven’t been already patched. In my opinion, the risk of not patching outweighs the risk of patching.