It’s September 2016 Patch Tuesday, and Microsoft has released 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers , Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy. Seven updates are rated as critical, while the other seven are rated as important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin.
Oracle released today its Critical Patch Update (CPU) for October 2013. The CPU is Oracle’s quarterly mechanism to publish updates for all of its supported products, including – for the first time in Oct 2013 – Java. Java used to be on a different update cycle of every four months, but as of this month, it is synchronized with the normal Oracle updates.
Update 2: Microsoft reissued MS13-061 today to include Exchange 2013 again. You should be able to install it now without issues, but it makes sense to test the installation in your environment and/or wait until your next downtime for the installation.
Update: Microsoft has pulled the MS13-061 update for Exchange 2013 because it causes a corruption of the index database. Hopefully you have not been impacted, because you do not install server patches on critical machines right away, which seems like a good cautious measure at the moment. Nevertheless If you have Exchange 2013 and have not installed MS13061 yet then wait. If you have installed it and your installation shows signs of the issue, please take a look a KB2879739 for a workaround involving the editing of registry keys.