Discover Microsoft’s latest Patch Tuesday release, alongside a compilation of recent updates to help you stay informed on all changes.
Before “Taco Tuesday” entered everyday language, Tuesdays held a specific meaning for the tech industry: security. This remains true today with Patch Tuesday, the monthly event where Microsoft rolls out security updates and patches for its wide array of software products, including Windows, Office, SQL Server, developer tools, and browsers.
This monthly tradition, occurring on the second Tuesday, was established to simplify the patch distribution and management process for both individual users and IT system administrators. Much like its culinary namesake, Patch Tuesday has become a fixture.
The Microsoft Security Response Center marked the 20th anniversary of Patch Tuesday with a blog post, stating: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”
Microsoft affirms that Patch Tuesday will remain a crucial element of their strategy to ensure user security, noting its significant role in the broader cybersecurity landscape. For example, Adobe and other companies have adopted similar update schedules.
For a long time, Computerworld has featured Patch Tuesday coverage as part of its dedication to delivering vital information to the IT sector. This commitment is why we’ve compiled this evolving list of recent patches, which will be updated monthly.
Below, you’ll find the last six months of updates, in case you missed any previous Patch Tuesday announcements.
February’s Patch Tuesday release addresses 59 vulnerabilities, 6 of which are actively exploited
Microsoft’s Patch Tuesday release for February includes solutions for 59 CVEs across its product range, representing about half the number of patches issued in January. Six of these vulnerabilities, impacting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already under active exploitation. Notably, all five Critical-rated CVEs are directed at Azure services rather than Windows itself.
Both Windows and Office are advised for immediate patching, as CISA has set a March 3 deadline for addressing all six exploited vulnerabilities. Additionally, April will introduce two new enforcement timelines: for Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386). For more information, consult Microsoft Security updates for February 2026.
January’s Patch Tuesday kicks off with significant updates
The initial Patch Tuesday release for 2026 addresses 112 CVEs across Microsoft’s diverse product range. This includes eight critical-rated vulnerabilities and three zero-day flaws. Notably, one zero-day (CVE-2026-20805), an information disclosure vulnerability within the Desktop Window Manager, is currently being actively exploited. Consequently, CISA has added it to the Known Exploited Vulnerabilities catalog, setting a remediation deadline of February 3, 2026. (It’s worth noting that 95 of these vulnerabilities impact Windows.) Further details can be found in the Microsoft Security updates for January 2025.
December’s Patch Tuesday brings three zero-day vulnerabilities
Despite a relatively low total of 57 patches, the December Patch Tuesday update includes fixes for three zero-day vulnerabilities (CVE-2025-64671, CVE-2025-54100, and CVE-2025-62221). It’s worth noting that Microsoft did not release any critical updates for the Windows platform this month. Nevertheless, due to the presence of these zero-days, a “Patch Now” approach is advised for Windows and Microsoft Office. For further information, see Microsoft Security updates for December 2025.
November’s Patch Tuesday: A single zero-day vulnerability
The November Patch Tuesday release presents a significantly smaller collection of updates, featuring only 63 Microsoft patches and a single zero-day vulnerability (CVE-2025-62215) impacting the Windows desktop platform. Despite the reduced severity compared to October’s vulnerabilities, Windows desktops are still recommended for a “Patch Now” deployment this month, with extensive testing still necessary. Additional information is available in the Microsoft Security updates for November 2025.
October’s Patch Tuesday brings a substantial number of fixes
This week, Microsoft rolled out 175 updates covering Windows, Office, and .NET, along with server-specific updates for Microsoft SQL Server and Exchange Server. The release also includes fixes for four zero-day vulnerabilities (CVE-2025-24052, CVE-2025-24990, CVE-2025-2884, and CVE-2025-59230), prompting a “Patch Now” recommendation for Windows users.
Microsoft officially concluded general support for Windows 10 on October 14th, stating: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” For more details, refer to Microsoft Security updates for October 2025.
September’s Patch Tuesday delivers fixes for Windows, Office, and SQL Server
This week, Microsoft issued 86 patches, including updates for Office, Windows, and SQL Server. Notably, there were no zero-day vulnerabilities reported, meaning the Readiness team has not issued a “patch now” recommendation for this month. This marks a significant achievement for Microsoft’s update team. Further underscoring this success, patches for Microsoft’s browser platform have received a “moderate” security rating—a potential first—rather than the usual critical or important designations. For additional details, see Microsoft Security updates for September 2025.
