Patch Impact Assessment April 2019

Vulnerability Assessment

0

PUBLICLY DISCLOSED

2

EXPLOITED

0

ZERO-DAY

With 74 reported vulnerabilities and significant updates to all Microsoft’s major platforms (Windows, Browsers, development platforms, Office and Exchange and of course Adobe Flash, getting these updates in a timely fashion will be hard work

Windows

This is a massive update this month for the Microsoft Windows platform. With this April Patch Tuesday, Microsoft has attempted to resolve nine critical vulnerabilities and 30 (count’ em) vulnerabilities rated as important

VULNERABILITIES

0
LOW

0
MODERATE

30
IMPORTANT

9
CRITICAL

PATCH NOW!

Browsers

Microsoft has attempted to resolve 13 reported vulnerabilities (non publicly reported or exploited) that have been rated as critical. Given that these issues cover most memory areas and scripting across both Microsoft browsers, add this update to your “Patch Now” schedule.

VULNERABILITIES

0
LOW

5
MODERATE

5
IMPORTANT

8
CRITICAL

PATCH NOW!

Office

This month both Microsoft Office and Exchange have reported to have twelve vulnerabilities rated as important by Microsoft.

VULNERABILITIES

0
LOW

0
MODERATE

12
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

The story for updating Microsoft development tools is a little more nuanced than usual. Microsoft has attempted to resolve seven critical vulnerabilities in the Chakra Core system and eleven important updates to the Microsoft Team Foundation Server.

VULNERABILITIES

0
LOW

0
MODERATE

11
IMPORTANT

7
CRITICAL

SCHEDULE

Adobe Flash Player

Adobe has attempted to resolve to vulnerabilities in Adobe Flash Player (CVE-2019-7096, CVE-2019-7108) both rated as critical. Add the Adobe update to your Patch Now list.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

1
CRITICAL

PATCH NOW!

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

The current state (version and build) of each platform (Windows, Office, Browser, etc.).
Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.