This month's patch batch closes an actively exploited privilege bug

Most of the month's fixes are unremarkable, but one local privilege-escalation vulnerability is confirmed exploited in the wild — the kind of bug that turns a single clicked attachment into domain-wide trouble.

Attack chains love these: phish a user, run as that user, then use the EoP to become SYSTEM and move laterally.

Deploy the update to internet-facing and high-value hosts first, then everything else within your normal window.