Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later:

This month we got patches for 81 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed and 1 is being exploited according to Microsoft. The exploited vulnerability (CVE-2021-40449) is an elevation of privilege affecting Win32k on virtually all supported Windows versions. Among critical vulnerabilities, there are two Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-40461 and CVE-2021-38672) affecting multiple versions of Windows 10, 11 and Server. The highest CVSS v3 this month (9.0) was associated to the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26427).