Crisp, the platform for demand forecasting the food supply chain, gets $12 million in funding

Crisp, a demand forecasting platform for the food industry, has today announced the close of a $12 million Series A funding round led by FirstMark Capital, with participation from Spring Capital and Swell Partners.

Crisp launched out of beta in January of this year with a product that aimed to give food suppliers and distributors a clearer picture of customer demand at retailers. Before Crisp, these organizations usually had several data scientists compiling data from various sources into an unintelligible spreadsheet, making it difficult to see general demand outlooks, and nearly impossible to spot anomalies.

Not only does this lead to losses in revenue, but it also contributes to a terrible amount of food waste.

Crisp looks to solve this by giving these suppliers and distributors a visualization of their data instantly and in real time. The company has built integrations with a large number of ERP software, ingesting historical data from food brands and combining them with a wide range of other signals around demand drivers, such as seasonality, holidays, price sensitivity, past marketing campaigns, changes in the competitive landscape and weather that might affect the sale or shipment of ingredients or the product itself.

The end goal is to consolidate data across the industry, from brands to distributors to grocery stores, so that each individual link in the food chain can do a better job of matching their supply with their demand on an individual basis.

Since launching out of beta, Crisp has expanded beyond food brands and suppliers into retail and distributor space. The company has also expanded beyond produce and dairy into verticals like beverages, bakery, CPG, flowers, meat and poultry. The startup says its seen an 80% increase in the number of customers using the platform since January.

Obviously, the coronavirus pandemic brings its own unique challenges and opportunities to Crisp’s business. On the one hand, grocery store shopping is booming and the supply chain behind it is certainly in need of better data science and demand forecasting as user behavior shifts rapidly. On the other hand, user behavior is shifting rapidly.

With state by state, and sometimes county by county, lockdowns and shifts in the restrictions imposed on small businesses, Crisp has had to manually track what’s going on around the country in order to provide clear insights to its customers.

“This period we’re in has increased that willingness to share data and increased collaboration between everybody in the supply chain,” said founder and CEO Are Traasdahl. “We’ve seen a big shift there. Earlier, everyone assumed that everyone else was able to deliver, but now this ability to have a full, top-down visibility across a whole depth of companies, not just the companies next to you in your trading relationships, but being able to unify data and have more insights from multiple steps away from yourself, and get that data in real time been accelerated.”

Crisp currently has 33 employees (with plans to hire on the back of the funding), which is 33% women and 15% people of color. Half of Crisp’s management team are women.

As companies accelerate their digital transitions, employees detail a changed workplace

The U.S.’s COVID-19 caseload continues to set records as major states move to re-shutter their economies in hopes of stemming its spread. For many workers the situation means more time in the home office and less time in their traditional workplace. My colleague Greg Kumparak spent some time talking to companies about how best to work remotely. You can read that on Extra Crunch here.

What the world will look like when safety eventually returns is not clear, but it’s becoming plain that the workplace will not revert to its old normal. New data details changed employee sentiment, showing that a good portion of the working world doesn’t want to get back to its pre-COVID commute, and, in many cases, is eyeing a move to a different city or state in the wake of the pandemic and its economic disruptions.


The Exchange explores startups, markets and money. You can read it every morning on Extra Crunch, and now you can receive it in your inbox. Sign up for The Exchange newsletter, which will drop every Saturday starting July 25.


The changing workplace has shifted — accelerated, you could say — demand for all sorts of products and services, from grocery delivery to software. The latter category of tools has seen quickening demand as the world moves to support newly remote workforces, helping keep them both productive and secure.

TechCrunch has covered the accelerating digital transformation — industry slang for companies moving to a more software-and-cloud world — before, noting that investors are making big bets on companies that might benefit from its ramping pace. Thanks to new data from a Twilio-led survey, we have a fresh look at that trend.

Undergirding the digital transformation is how today’s workers are adapting to remote work. If many workers don’t want to stop working from home, the gains that companies serving the digital transformation are seeing could prove permanent. New data from a Qualtrics -led survey may help us understand the new mindset of the domestic and global worker.

At the union of the two datasets is a lens into the future of not only how many information workers, to borrow an old phrase, will labor in the future, but how they’ll feel about it. So, this morning let’s explore the world through two data-driven lenses, helped as we go with notes from interviews with Qualtrics’ CEO Ryan Smith and Twilio’s chief customer officer, Glenn Weinstein.

What workers want

Atlassian brings a table view to Trello

Atlassian today announced a number of updates to both its Confluence workspace and its Trello collaboration and project management tool. The focus here, the company says, is on supporting “the next phase of remote work.” Trello alone saw a 73% rise in signups in mid-March 2020, just as companies started shifting to work-from-home, compared to the same time a year ago.

The actual new features are pretty straightforward. The highlight for Trello users is surely the beta version of a table view. This marks the first time the service is giving users this spreadsheet-like overview of what is happening across their various Trello boards. It reminds me quite a bit of Airtable, but what’s maybe more important here than the feature itself is that the Trello team says this is the first of a series of new ways to view data across multiple projects in the application.

Image Credits: Atlassian

As for Confluence, a lot of the new features here are about saving users time (or measuring it). Coming soon, for example, is a bulk content management feature that will allow users to do things like archive multiple pages with a single click, label them or export them, among other things.

Available now are Confluence Smart Links that let you preview content from across the web so that users don’t have to leave their workspace to see important information, as well as real-time feedback on the content in Confluence, with the ability to view, create and resolve in-line comments while in the service’s edit mode.

Image Credits: AtlassianThe last new Confluence feature is Page Insights, which is all about metrics. With this, Confluence adds estimated read time to its page view counts, “making it easier to form quick decisions about when and how to consume content in a busy workday. […] This simplifies the mental process of navigating the endless sea of content.” Who still has the time and energy to read all of those long documents, after all?

“Teams around the world were forced into working remotely, but now many organizations are considering a permanent move to a more distributed work environment,” said Pratima Arora, head of Confluence at Atlassian. “With so many work streams across departments and individuals, it becomes impossible to rely on the old system of email chains as a vehicle for planning and managing work. Leaders need to look at whether they have the right work management system to support collaboration across the organization for the long term.”

Emergence’s Jason Green thinks some of the tech backlash is justified, but the B2B opportunities still outweigh the challenges

Jason Green, co-founder and partner at Emergence, is one of the leading VCs investing in enterprise startups at the moment. But even with the focus on B2B, many of their companies have become household names — Zoom, Yammer, Box and Salesforce among them.

Now, we’re all living in a climate where everything has been turned upside down. Meetings are virtual, the future economy and collective health of the world are unknowns, and being an investor — or a founder — comes with completely new parameters and rules of engagement.

We sat down with Green for an enlightening hour to talk about the challenges of all that, plus making deals, running a business, and suddenly finding your quiet, B2B name being turned into a verb. It was an interesting conversation, worth a read for enterprise startups and investors, but — similar to how B2B can spill into consumer — equally insightful for many more.

Extra Crunch Live is our new virtual speaker series for Extra Crunch members. Folks can ask their own questions live during the chat, with guests that include Aileen Lee, Kirsten Green, Mark Cuban and many, many more. You can check out the schedule here.

Below, you’ll find a lightly edited transcript of our recent chat with Green.

How is sourcing impacted in the current climate?

Sourcing is not much different. We follow the same due diligence process, so when we make an investment, the whole team basically dives in and does due diligence. So we make manager references and customer calls and spend time with each of the management team having one-on-ones. In some ways, it was better. First of all, we could very easily do breakout rooms with each of the individual management team members and then come back. So there was this dynamism to the meeting that we hadn’t had before. We were able to basically record it and share it with folks that couldn’t participate. So all of us had all the information when we were making the decision together. That was pretty special, actually. So it took a little bit longer, it probably took about 50% longer than we would have done otherwise. But I think actually, now knowing what we’ve done, we could probably compress it back to our normal timeframe. So I think in a lot of ways, we’ve learned like a lot of folks that we can do things remotely that we probably didn’t think were possible before. Hopefully, we’ll see how the investment turns out, but we’re super excited about it.

Are you considering more startups outside the Valley, and how are they viewing their own place outside the Valley?

Qumulo scores $125M Series E on $1.2B valuation as storage biz accelerates

Qumulo, a Seattle storage startup helping companies store vast amounts of data, announced a $125 million Series E investment today on a $1.2 billion valuation.

BlackRock led the round with help from Highland Capital Partners, Madrona Venture Group, Kleiner Perkins and new investor Amity Ventures. The company reports it has now raised $351 million.

CEO Bill Richter says the valuation is more than 2x its most recent round, a $93 million Series D in 2018. While the valuation puts his company in the unicorn club, he says that it’s more important than simple bragging rights. “It puts us in the category of raising at a billion-plus dollar level during a very complicated environment in the world. Actually, that’s probably the more meaningful news,” he told TechCrunch.

It typically hasn’t been easy raising money during the pandemic, but Richter reports the company started getting inbound interest in March just before things started shutting down nationally. What’s more, as the company’s quarter closed at the end of April, they had grown almost 100% year over year, and beaten their pre-COVID revenue estimate. He says they saw that as a signal to take additional investment.

“When you’re putting up nearly 100% year over year growth in an environment like this, I think it really draws a lot of attention in a positive way,” he said. And that attention came in the form of a huge round that closed this week.

What’s driving that growth is that the amount of unstructured data, which plays to the company’s storage strength, is accelerating during the pandemic as companies move more of their activities online. He says that when you combine that with a shift to the public cloud, he believes that Qumulo is well positioned.

Today the company has 400 customers and more than 300 employees, with plans to add another 100 before year’s end. As he adds those employees, he says that part of the company’s core principles includes building a diverse workforce. “We took the time as an organization to write out a detailed set of hiring practices that are designed to root out bias in the process,” he said.

One of the keys to that is looking at a broad set of candidates, not just the ones you’ve known from previous jobs. “The reason for that is that when you force people to go through hiring practices, you open up the position to a broader, more diverse set of candidates and you stop the cycle of continuously creating what I call ‘club memberships’, where if you were a member of the club before you’re a member in the future,” he says.

The company has been around since 2012 and spent the first couple of years conducting market research before building its first product. In 2014 it released a storage appliance, but over time it has shifted more toward hybrid solutions.

Puppet announces $40 million debt round from BlackRock

Puppet, the Portland, Oregon-based infrastructure automation company, announced a $40 million debt round today from BlackRock Investments.

CEO Yvonne Wassenaar says the company sees this debt round as part of a longer-term relationship with BlackRock . “What’s interesting, and I think part of the reason why we decided to go with BlackRock, is that typically when you look at how they invest this is the first step of a much longer-term relationship that we will have with them over time that has different elements that we can tap into as the company scales,” Wassenaar told TechCrunch.

In terms of the arrangement, rather than BlackRock taking a stake in the company, Puppet will pay back the money. “We’ve borrowed a sum of money that we will pay back over time. BlackRock does have a board observer seat, and that’s really because they’re very interested in working with us on how we grow and accelerate the business,” Wassenaar said.

Puppet has been in the process of rebuilding its executive team, with Wassenaar coming on board about 18 months ago. Last year she brought in industry veterans Erik Frieberg and Paul Heywood as CMO and CRO, respectively. This year she brought in former Cloud Foundry Foundation director Abby Kearns to be CTO.

All of these moves are with an eye to a future IPO, says Wassenaar. “We’re looking at how do we progress ultimately, ideally on a path to an IPO, and what is it going to take for Puppet to go through that journey,” she said.

She points out that in some ways, the pandemic has forced companies to look more closely at automation solutions like the ones that Puppet provides. “What’s really interesting is […] that the pandemic in many ways has put wind in our sails in terms of the need for corporations to automate and think about how they leverage and extend from a technology perspective going forward,” she said.

As Puppet continues to grow, she says that diversity is a core organizational value, and that while the company has made progress from a gender perspective (as illustrated by the presence of her and Kearns in the C Suite), they still are working at being more racially diverse.

“Where I believe we have a lot more work and there’s a lot more focus right now is further complementing that [gender diversity] from a racial perspective. And it’s an area that I have personally taken on, and I’m committed to making changes in the company as we go forward to support more racial diversity as well,” she said.

Previously the company had raised almost $150 million, with the most recent round being a $42 million Series F in 2018, according to Crunchbase data. The company previously took $22 million in debt financing in 2016, prior to Wassenaar coming on board.

In the cloud era, building on platforms you don’t own is normal

When Salesforce launched Force.com in 2007, it was the culmination of years of work to bring together a way to customize Salesforce and eventually to build applications on top of the platform. By using a set of Salesforce services, companies could take advantage of work that SFDC had already done, speeding up building time and reducing time to market. Today, the successor of Force.com is called Salesforce Platform.

But going that route didn’t come without some risk, because back in 2007 building atop a Platform as a Service (PaaS) wasn’t a common way of developing software. Even by 2012 when nCino launched its banking software solutions on Force.com, it likely raised some eyebrows by using a cloud platform as the backbone of its fintech offering.

Even though it probably took resolve, the approach worked, as evidenced this week when nCino went public — a debut that was met with a strong investor response. And nCino is notably not the first time that a company built atop Salesforce’s PaaS has gone public; nCino’s own IPO follows Veeva’s 2013 debut.

But astute observers for the Salesforce ecosystem will note that other successful companies have been built on the Salesforce cloud. As you will see, many successful companies have benefited from building on top of Salesforce.

Feature Spotlight – Introducing the New Threat Center

We’re excited to announce our new Threat Center, offering a range of new features and a complete redesign of our threat management interface in the SentinelOne console. Threat Center helps your security team manage threats faster and easier, while at the same time enabling analysts to dive even deeper into the data. The new features are available to all customers with the latest Kauai release.

In this feature spotlight, we’ll explore what’s new with Threat Center and show how analysts can handle threat management more effectively than ever before.

What Problems Do Threat Hunters Face?

Our on-device agent delivers a wealth of information to the console, but to maximize effective use of it, we wanted to redesign our interface around the way analysts work in solving their day-to-day problems. In essence, we wanted to provide streamlined workflows to help analysts meet the following challenges:

  • Understanding that a new threat exists, without the burden of alert fatigue
  • Accessing all relevant data with a minimum of UI interactions
  • The ability to rapidly perform top-down analysis on a new threat
  • The ability to take different mitigation measures from a single window
  • Easy access to logging and improved collaboration features

Our new Threat Center has three tabs, ‘Overview’, ‘Explore’ and ‘Timeline’ and a one-stop-shop mitigation window that together effectively handle these challenges. Let’s see how it works.

Understanding the Threat

From the Incidents page, click on a threat to go to the new Threat Center interface.

You’ll see there are three tabs, Overview, Explore, and Timeline, with the new Status bar common to each for fast, effective threat management.

The new interface immediately allows you to see the status of a threat and what the agent’s AI thinks about it.

It allows you and your team to see at a glance:

  • The Threat Status – has the threat been mitigated by policy or not?
  • The AI Confidence Level – is the threat regarded as suspicious or malicious?
  • The Analyst Verdict and Incident Status – mark up the threat so the rest of the team knows whether it’s in progress or not yet been dealt with.

In the Overview tab, right below the Status bar you’ll see network history, which will instantly answer questions such as:

  • Is this the first time the threat has been identified on my network?
  • If not, when was it first seen and last seen?

You can also click from there to directly begin a new hunt for the threat in Deep Visibility.

Without changing the view, you can also see right from the same page detailed information such as:

  • Which process initiated the threat
  • Which detection engine identified it and whether it was statically or dynamically detected
  • How the threat is classified. For example, whether it is ransomware, a backdoor or a trojan
  • Whether the process is signed and verified, and if so, by whom.

Also, if you want to analyze the threat or detonate it in your own sandbox, you can fetch the threat file directly from the same view.

Fast, Easy Access to All Relevant Data

Sometimes, there might be a delay before an analyst starts to review a threat. Many things could have changed during that period: the OS may have changed version, different users could have logged into the endpoint, the protection policy may have changed and more. For this reason, below the threat details we show a snapshot of the endpoint as it was at detection time.

On the left side of the snapshot, we show the real-time data that we think is the most important to the analyst during investigation. The analyst can see if there are other threats that need attention, whether the endpoint is currently online, and whether the endpoint is quarantined from the network.

If you are using our new CWPP Agent, you can get full visibility about the pod on which the threat was detected, and afterward, take any action directly on the pod like quarantining the threat or any other available mitigation action.

Even better, from this one interface, you can initiate multiple actions, such as view real-time data about the endpoint, start a remote shell, quarantine the endpoint and more.

Rapid Top-Down Analysis with Threat Center

We want to help the analyst understand why the on-device agent AI convicted the threat. We do this by showing the analyst which MITRE techniques were being used as part of the detected attack in the Threat Indicators view on the right-side of the Overview tab.

If the analyst needs more information on any of those, the MITRE ATT&CK TTPs are hotlinks that will open the relevant page from the MITRE website.

For Analysts Who Need More, There Is Explore

But there’s much more to explore in our new UI for the analyst or team that wants to dig further down into the details of the attack. Click the ‘Explore’ tab and you can view the entire attack storyline, find what triggered the threat, what tools and commands the attacker used, and most important of all, how to prevent this attack from occurring again.

Analysts can easily see all processes, files, registry modifications, network activity and other interesting events related to the threat. The Explore tab shows what each process did, which files it created or modified, which child processes it created, what network actions occurred like IP connections and DNS queries, whether there were Registry changes, and much more.

All this data can be viewed in the Process Tree view or through a tabular view at the bottom of the page.

Every Activity Logged in the Threat Timeline

The third major tab in the new Threat Center is the Incident Timeline in the ‘Timeline’ tab.

Logging actions and decisions has always been a crucial responsibility of the analyst. It can be used both during and after an investigation in situations such as

  • Improving analysis – tracking each action and explanatory notes that the analyst makes on each threat
  • Improving team collaboration – what did another investigator do, and when?
  • Going back in time to understand who decided, say, to add an item to the exclusions list and why.

That’s why we created the Timeline. This tool captures every activity of the analyst, the console and the Agent that is related to the threat. In the Timeline, you can find mitigation actions, endpoint activities, notes, mitigation reports, fetched logs, and more.

Know What You Want To Do? Use Our One-Stop-Shop Mitigation Window

Sometimes, the analysis process eats up time, but once we know what action we need to take, we want to take that mitigation action without delay.

To facilitate that, Threat Center enables the analyst to take all the required actions needed to complete work on the threat. With one click, the analyst can rollback the threat or perform any of the other available mitigation actions. The threat can be added to Exclusions, marked as resolved, and notes can be added to explain the rationale behind the decisions taken.

See What The Agent Really Did To The Threat

Visibility is always important. It’s not enough to say that we “mitigated” the threat. Analysts want to know what exactly the Agent did and when.

This is why we provide full visibility about what the Agent did: how many processes were killed, which files were quarantined, which new files created by the threat that we deleted, and which items were rolled back and to what state.

On top of that, if the analyst needs more than a summary view, the full report is just a single click away.

Conclusion

Analysts have a big responsibility, and sometimes they see lots of threats on a single shift.

We want to make sure they can analyze a threat in minimum time, make use of decisions taken in the past on similar threats, reduce manual mistakes, collaborate with the team and understand how to avoid those threats in the future. We believe the new Threat Center offers teams the most effective way to achieve those goals, but we’re not done yet. We continue to listen to customer feedback and to innovate, so you can be sure you’ll see more features and improvements to Threat Center in future releases.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Gmail for G Suite gets deep integrations with Chat, Meet, Rooms and more

Google is launching a major update to its G Suite productivity tools today that will see a deep integration of Gmail, Chat, Meet and Rooms on the web and on mobile, as well as other tools like Calendar, Docs, Sheets and Slides. This integration will become available in the G Suite early adopter program, with a wider roll-out coming at a later time.

The G Suite team has been working on this project for about a year, though it fast-tracked the Gmail/Meet integration, which was originally scheduled to be part of today’s release, as part of its response to the COVID-19 pandemic.

At the core of today’s update is the idea that we’re all constantly switching between different modes of communication, be that email, chat, voice or video. So with this update, the company is bringing all of this together, with Gmail being the focal point for the time being, given that this is where most users already find themselves for hours on end anyway.

Google is branding this initiative as a ‘better home for work’ and in practice, it means that you’ll not just see deeper integrations between products, like a fill calendaring and file management experience in Gmail, but also the ability to have a video chat open on one side of the window while collaboratively editing a document in real-time on the other.

Image Credits: Google

According to G Suite VP and GM Javier Soltero, the overall idea here is not just to bring all of these tools closer together to reduce the task-switching that users have to do.

Image Credits: Google

“We’re announcing something we’ve been working on since a little bit before I even joined Google last year: a new integrated workspace designed to bring together all the core components of communication and collaboration into a single surface that is not just about bringing these ingredients into the same pane of glass, but also realizes something that’s greater than the sum of its parts,” he told me ahead of today’s announcement. “The degree of integration across the different modes of communication, specifically email, chat, and video calling and voice video calling along with our existing physical existing strength in collaboration.”

Just like on the web, Google also revealed some of its plans when it first announced its latest major update to Gmail for mobile in May, with its Meet integration in the form of a new bar at the bottom of the screen for moving between Mail and Meet. With this, it’s expanding this to include native Chat and Rooms support as well. Soltero noted that Google things of these four products as the “four pillars of the integrated workspace.” Having them all integrated into a single app means you can manage the notification behavior of all of them in a single place, for example, and without the often cumbersome task-switching experience on mobile.

For now, these updates are specific to G Suite, though similar to Google’s work around bringing Meet to consumers, the company plans to bring this workspace experience to consumers as well, but what exactly that will look like still remains to be seen. “Right now we’re really focused. The people who urgently need this are those involved in productivity scenarios. This idea of ‘the new home for work’ is much more about collaboration that is specific to professional settings, productivity and workplace settings,” Soltero said.

But there is more…

Google is also announcing a few other feature updates to its G Suite line today. Chat rooms, for example, are now getting shared files and tasks, with the ability to assign tasks and to invite users from outside your company into rooms. These rooms now also let you have chats open on one side and edit a document on the other, all without switching to a completely different web app.

Also new is the ability in Gmail to search not just for emails but also chats, as well as new tools to pin important rooms and new ‘do not disturb’ and ‘out of office’ settings.

One nifty new feature of these new integrated workspaces is that Google is also working with some of its partners to bring their apps into the experience. The company specifically mentions DocuSign, Salesforce and Trello. These companies already offer some deep Gmail integrations, including integrations with the Gmail sidebar, so we’ll likely see this list expand over time.

Meet itself, too, is getting some updates in the coming weeks with ‘knocking controls’ to make sure that once you throw somebody out of a meeting, that person can’t come back, and safety locks that help meeting hosts decide who can chat or present in a meeting.

Image Credits:

‘Wormable’ Flaw Leads July Microsoft Patches

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Top of the heap this month in terms of outright scariness is CVE-2020-1350, which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

Microsoft said it is not aware of reports that anyone is exploiting the weakness (yet), but the flaw has been assigned a CVSS score of 10, which translates to “easy to attack” and “likely to be exploited.”

“We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction,” Microsoft wrote in its documentation of CVE-2020-1350. “DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”

CVE-2020-1350 is just the latest worry for enterprise system administrators in charge of patching dangerous bugs in widely-used software. Over the past couple of weeks, fixes for flaws with high severity ratings have been released for a broad array of software products typically used by businesses, including Citrix, F5, Juniper, Oracle and SAP. This at a time when many organizations are already short-staffed and dealing with employees working remotely thanks to the COVID-19 pandemic.

The Windows Server vulnerability isn’t the only nasty one addressed this month that malware or malcontents can use to break into systems without any help from users. A full 17 other critical flaws fixed in this release tackle security weaknesses that Microsoft assigned its most dire “critical” rating, such as in Office, Internet Exploder, SharePoint, Visual Studio, and Microsoft’s .NET Framework.

Some of the more eyebrow-raising critical bugs addressed this month include CVE-2020-1410, which according to Recorded Future concerns the Windows Address Book and could be exploited via a malicious vcard file. Then there’s CVE-2020-1421, which protects against potentially malicious .LNK files (think Stuxnet) that could be exploited via an infected removable drive or remote share. And we have the dynamic duo of CVE-2020-1435 and CVE-2020-1436, which involve problems with the way Windows handles images and fonts that could both be exploited to install malware just by getting a user to click a booby-trapped link or document.

Not to say flaws rated “important” as opposed to critical aren’t also a concern. Chief among those is CVE-2020-1463, a problem within Windows 10 and Server 2016 or later that was detailed publicly prior to this month’s Patch Tuesday.

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for a particular Windows update to hose one’s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files. Last month’s bundle of joy from Microsoft sent my Windows 10 system into a perpetual crash state. Thankfully, I was able to restore from a recent backup.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

Also, keep in mind that Windows 10 is set to apply patches on its own schedule, which means if you delay backing up you could be in for a wild ride. If you wish to ensure the operating system has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches whenever it sees fit, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a reliable lookout for buggy Microsoft updates each month.