> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Patch Tuesday (Microsoft)

> Patch-cycle view that prioritizes Microsoft CVEs by urgency (P0–P3), KEV, CVSS, and EPSS.

# Patch Tuesday (Microsoft)

**Menu:** Agents → Patch Tuesday

Patch Tuesday is a patch-cycle view focused on **Microsoft Patch Tuesday** releases. It helps you triage CVEs for a given patch cycle and prioritize what to patch first using:

* priority bands (**P0–P3**)
* **KEV** (Known Exploited Vulnerabilities)
* **CVSS** severity
* **EPSS** (exploit likelihood)
* affected product family / product

<img src="https://mintcdn.com/socfortressllc/LuvWosHJnQfOpi_O/assets/ui/patch-tuesday.png?fit=max&auto=format&n=LuvWosHJnQfOpi_O&q=85&s=9265882cbccfd02d8eb7bfc075651426" alt="Patch Tuesday" width="1866" height="902" data-path="assets/ui/patch-tuesday.png" />

***

## What you’re looking at

### Cycle summary

<img src="https://mintcdn.com/socfortressllc/LuvWosHJnQfOpi_O/assets/ui/patch-tuesday-summary.png?fit=max&auto=format&n=LuvWosHJnQfOpi_O&q=85&s=7cb0d409778c7199a2354429b3791324" alt="Summary (placeholder)" width="1568" height="572" data-path="assets/ui/patch-tuesday-summary.png" />

At the top, you’ll see:

* count of **unique CVEs**
* counts by priority (P0 Emergency, P1 High, P2 Medium, P3 Low)
* the patch cycle date and generation timestamp

Use this for:

* a fast “how big is this month?” snapshot
* tracking backlog reduction over the patch window

### Filters

<img src="https://mintcdn.com/socfortressllc/ZF3TjekosrsQhf-4/assets/ui/patch-tuesday-filters.png?fit=max&auto=format&n=ZF3TjekosrsQhf-4&q=85&s=954c4454a90402fe54ffc90de2946444" alt="Filters (placeholder)" width="1554" height="582" data-path="assets/ui/patch-tuesday-filters.png" />

You can filter by:

* **Cycle** (e.g., `2026-Feb`)
* **Priority**
* **Product family**
* **Severity**
* **Search** (CVE, title, product)

### KEV toggle

<img src="https://mintcdn.com/socfortressllc/LuvWosHJnQfOpi_O/assets/ui/patch-tuesday-kev-toggle.png?fit=max&auto=format&n=LuvWosHJnQfOpi_O&q=85&s=290ddc9e90d59db006623be9b250a198" alt="KEV toggle (placeholder)" width="1562" height="336" data-path="assets/ui/patch-tuesday-kev-toggle.png" />

Turn on **KEV** to focus on vulnerabilities that are known to be exploited.

### CVE cards

<img src="https://mintcdn.com/socfortressllc/ZF3TjekosrsQhf-4/assets/ui/patch-tuesday-cve-card.png?fit=max&auto=format&n=ZF3TjekosrsQhf-4&q=85&s=44bb51741ea4d4e5dee44863a291cd10" alt="CVE card (placeholder)" width="1602" height="944" data-path="assets/ui/patch-tuesday-cve-card.png" />

Each CVE entry typically includes:

* CVE ID + title
* priority (P0–P3)
* KEV indicator (when applicable)
* product family and affected products
* CVSS
* EPSS + percentile
* associated KBs / updates (when available)

***

## How to use this page (operator workflow)

A practical monthly flow:

1. **Start with KEV + P0**
   * Turn on KEV
   * Filter to P0 (Emergency)
   * Patch these first (or implement compensating controls immediately)

2. **Use EPSS to prioritize within a priority band**
   * When you have many P1/P2 items, sort mentally by EPSS (higher likelihood first)

3. **Group work by product family**
   * Cluster Windows Server vs Workstations vs Office/Edge/etc.

4. **Coordinate by customer / environment**
   * In multi-tenant stacks, drive patch work per tenant and track completion

5. **Validate outcome**
   * Confirm patch deployment via your patch tooling
   * Re-check vulnerability posture in CoPilot after inventory refresh

***

## What P0–P3 means (recommended interpretation)

Use the priority bands as an urgency rubric:

* **P0 (Emergency):** patch immediately (especially if KEV/high EPSS)
* **P1 (High):** patch in the first wave of the cycle
* **P2 (Medium):** patch in the standard window
* **P3 (Low):** patch as capacity allows

Always combine this with:

* asset criticality
* exposure (internet-facing vs internal)
* compensating controls (EDR, network controls, app allowlisting)

***

## Prerequisites

* Patch Tuesday feed/data source is enabled and up-to-date
* Vulnerability data ingestion is working (for EPSS/CVSS enrichment where applicable)

***

## Gotchas

* Don’t treat CVSS as a patch order by itself—use KEV + EPSS + exposure + asset criticality.
* Patch Tuesday prioritization is about **urgency**, not just severity.
* Some environments require maintenance windows—use compensating controls when you can’t patch immediately.
