Try Readiness

Patch Impact Assessment August 2019

Vulnerability Assessment

0

PUBLICLY DISCLOSED

0

EXPLOITED

0

ZERO-DAY

This is a huge month for Patch Tuesday as Microsoft attempts to address 78 unique vulnerabilities spanning Windows desktop and server platforms, Microsoft Office and core development tools. Without the pressure of a publicly reported vulnerability and no Zero-days to urgently address, we recommend a measure pace of testing before deployment for the Windows and Office updates, with a more rapid pace for the IE and development tools patches.

Windows

This is pretty massive update to the Windows platform with fifteen updates rated as critical and 55 rated as important by Microsoft. The two biggest issues relate to how Microsoft handles fonts (a recurring theme) and the worm-able vulnerability (CVE-2019-1222)  in Microsoft Remote Desktop Services (formerly Terminal Services). Not only does this month’s Patch Tuesday update attempt to address  a large number vulnerabilities, it creates a large testing area for deployment engineers. 

VULNERABILITIES

0
LOW

0
MODERATE

55
IMPORTANT

16
CRITICAL

PATCH NOW!

Browsers

Microsoft has attempted to address twelve vulnerabilities to both its web browsers (Edge and Internet Explorer) with nine rated as critical. Though we don’t have any vulnerabilities publicly reported or known to be exploited, two groups of issues relate to the Chakra scripting engine and how both browsers handle memory.

VULNERABILITIES

3
LOW

9
MODERATE

3
IMPORTANT

9
CRITICAL

PATCH NOW!

Office

This is an interesting month for Office updates. For August we see five patches rated as critical by Microsoft and the remaining nine updates are rated as important. Unusually, Microsoft has released an update to a trusted font issue for Office for Mac, and the venerable Office 2013 has an update to the aging Microsoft JET database engine.

VULNERABILITIES

0
LOW

0
MODERATE

9
IMPORTANT

5
CRITICAL

SCHEDULE

Dev Tools

Microsoft has attempted to address eight vulnerabilities to their development platform with seven rated as critical and the remainder rated as important. All the critical updates relate to the Chakra scripting engine (which also relate to the IE  and Edge security issues. In addition to the Chakra issues and updates.

VULNERABILITIES

0
LOW

0
MODERATE

1
IMPORTANT

7
CRITICAL

SCHEDULE

Adobe Flash Player

Microsoft has not released any specific bulletins or advisories for Adobe products.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

WAIT

1 thought on “Patch Impact Assessment August 2019”

  1. Robin Washburn

    Is it common that when MSFT deploys patches it can bring ReAccess/Powerline down for a week? Our dev shop has reported 3 patches over the past 5 months that have brought our system down from 3 – 7 days each time.
    It does not seem likely that MSFT would risk damage to their reputation by doing this, which is starting to happen with our company.
    Any feedback would be appreciated.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

Try Readiness

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Patch Impact Assessment Summary

Browser updates are back for Update Tuesday – Testing may be needed for Windows patches

November 16, 2020

Microsoft released 129 updates to its Windows ecosystem this month. The good news: we are not dealing with any zero-days or publicly reported vulnerabilities.

Read More
Written by
Assurance Dashboard

Assurance Security Dashboard November 2020

November 12, 2020

Here is our Assurance Security dashboard that shows the risk associated with this month’s Patch Tuesday updates.

Read More
Written by
Partners

Readiness has now joined the UK G-Cloud 12 Framework

October 20, 2020

It gives me great pleasure to write today that we have now been formally accepted into the UK Government G-Cloud 12 program.

What is the G-Cloud program? The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the United Kingdom Government of commodity information technology services that use cloud computing.

Read More
Written by

Subscribe and stay current

GregNovember 16, 2020

Browser updates are back for Update Tuesday - Testing may be needed for Windows patches

Patch Tuesday0
GregNovember 12, 2020

Assurance Security Dashboard November 2020

Assurance Dashboard0
GregOctober 20, 2020

Readiness has now joined the UK G-Cloud 12 Framework

Partners0
GregOctober 19, 2020

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

Patch Tuesday0
GregOctober 15, 2020

Assurance Security Dashboard October 2020

Assurance Dashboard0

1-833-2READINESS+44 203 633 5432

© Copyright 2019 Application Readiness Inc.

    
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume you're happy with it. Find out more.