Microsoft’s patch Tuesday had a lot of fixes this week, a couple patches for zero day updates, and more – a total of 78 CVE’s and two advisories. The biggest zero day is CVE-2019-1132, with a good write up from ESET here, which can lead to a local privilege escalation within Windows.
Before you patch, either with Windows Update or manually, be sure to grab KB4509096, which is a servicing stack update that according to Microsoft “Addresses an issue with a Secure Boot feature update that may cause BitLocker to go into recovery mode because of a race condition.”. This is recommended to be installed before the cumulative updates that Microsoft has released as part of Patch Tuesday’s group of updates.
A good overview of the patches released this round of updates is available at Zero Day Initiative.