Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Fortunately these are all in the monthly OS rollups so you can knock them out in one update per system. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No additional updates for exchange this month!