For a number of years I have subscribed to Randy Franklin Smith’s Patch Tuesday newsletter. It tends to hit my inbox in the wee hours of Wednesday. When I was the lead for a computer emergency response team (CERT), it was my job to look at the patches and technical information Microsoft had put out to understand the severity classification, whether the vulnerability was publicly known, and was it being exploited. I also would look for workarounds in case we couldn’t patch for one reason or another.
I no longer lead a CERT and my day-to-day job isn’t as a blue teamer any longer. However, I still want to make sure I stay up with what’s being patched and why. Thankfully, Randy has his Patch Tuesday newsletter, pulling together everything I need. If you want to know about vulnerabilities and receive the newsletter as well, you’ll need to sign up on Randy’s site. The home page has the information that’s in the most current newsletter, so you can evaluate for yourself if this is useful for you before subscribing.