Patch Impact Assessment July 2019

Vulnerability Assessment

6

PUBLICLY DISCLOSED

2

EXPLOITED

2

ZERO-DAY

This is a big Patch Tuesday for some Windows users. Older systems such as Windows 7 and Server 2008 need both urgent and important updates to resolve publicly disclosed and exploited vulnerabilities. If you are running later versions of Windows 10, the situation is much improved, with recommendations for scheduled updates and comprehensive testing before deployment.

Windows

If you have moved, and if you are on the latest Windows 10 build (1903) then your build team needs to spend some time on the new sandbox functionality, as there were reported testing issues this month. And, please test your Remote Desktop Services (RDS) implementation. I am not sure that there is a direct mapping to an application specific issue, but it may be time to run RDS through your basic unit tests before a general deployment of the Windows 10 updates. If you are using Windows 7 and 8, add these updates to your “Patch Now” release schedule. If you are using Windows 10, add these updates to your standard deployment schedule of patches.

VULNERABILITIES

0
LOW

0
MODERATE

48
IMPORTANT

2
CRITICAL

PATCH NOW!

Browsers

Unfortunately, Microsoft has reported that these vulnerabilities are likely to be exploited on all platforms, they could lead to code execution with  full user or admin privileges and may only require a visit to a specially crafted web page to exploit. This makes these updates both urgent and important. Add these browser updates to your “Patch Now” release cycle.

VULNERABILITIES

0
LOW

9
MODERATE

0
IMPORTANT

8
CRITICAL

PATCH NOW!

Office

Microsoft has released seven updates for Microsoft, none rated as critical. Add these Microsoft Office updates to your standard office patch schedule.

VULNERABILITIES

0
LOW

0
MODERATE

7
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

We advise adding the .NET changes to a scheduled development update. The Chakra scripting engine updates need to be added to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

1
MODERATE

6
IMPORTANT

8
CRITICAL

SCHEDULE

Adobe Flash Player

There are no updates for Adobe products this month from Microsoft. Yes, it’s true.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

Margarita Time!

Related Posts

Patch Tuesday

A Challenging Patch Tuesday for Legacy Windows Platforms

This is a big Patch Tuesday for some Windows users. Older systems such as Windows 7 and Server 2008 need both urgent and important updates to resolve publicly disclosed and exploited vulnerabilities. If you are running later versions of Windows 10, the situation is much improved, with recommendations for scheduled updates and comprehensive testing before deployment.

Read More
Patch Tuesday

Big, complex Patch Tuesday for Windows, critical updates for Adobe and Edge

This month, Microsoft delivers a big, complex series of updates to Windows, Azure and Edge. With 88 vulnerabilities addressed and four made public, we see “Patch Now” recommendations for both browsers, Windows and Adobe.

Read More
Patch Impact Assessment Summary

Patch Impact Assessment June 2019

This month we’re reporting 88 vulnerabilities addressed and four made public. We have “Patch Now” recommendations for both browsers, Windows and Adobe.

Read More