Patch Impact Assessment July 2019

Vulnerability Assessment

6

PUBLICLY DISCLOSED

2

EXPLOITED

2

ZERO-DAY

This is a big Patch Tuesday for some Windows users. Older systems such as Windows 7 and Server 2008 need both urgent and important updates to resolve publicly disclosed and exploited vulnerabilities. If you are running later versions of Windows 10, the situation is much improved, with recommendations for scheduled updates and comprehensive testing before deployment.

Windows

If you have moved, and if you are on the latest Windows 10 build (1903) then your build team needs to spend some time on the new sandbox functionality, as there were reported testing issues this month. And, please test your Remote Desktop Services (RDS) implementation. I am not sure that there is a direct mapping to an application specific issue, but it may be time to run RDS through your basic unit tests before a general deployment of the Windows 10 updates. If you are using Windows 7 and 8, add these updates to your “Patch Now” release schedule. If you are using Windows 10, add these updates to your standard deployment schedule of patches.

VULNERABILITIES

0
LOW

0
MODERATE

48
IMPORTANT

2
CRITICAL

PATCH NOW!

Browsers

Unfortunately, Microsoft has reported that these vulnerabilities are likely to be exploited on all platforms, they could lead to code execution with  full user or admin privileges and may only require a visit to a specially crafted web page to exploit. This makes these updates both urgent and important. Add these browser updates to your “Patch Now” release cycle.

VULNERABILITIES

0
LOW

9
MODERATE

0
IMPORTANT

8
CRITICAL

PATCH NOW!

Office

Microsoft has released seven updates for Microsoft, none rated as critical. Add these Microsoft Office updates to your standard office patch schedule.

VULNERABILITIES

0
LOW

0
MODERATE

7
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

We advise adding the .NET changes to a scheduled development update. The Chakra scripting engine updates need to be added to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

1
MODERATE

6
IMPORTANT

8
CRITICAL

SCHEDULE

Adobe Flash Player

There are no updates for Adobe products this month from Microsoft. Yes, it’s true.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

Margarita Time!

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Patch Tuesday

A Fat Windows Update for September’s Patch Tuesday

Microsoft released 129 updates to its Windows ecosystem this month. The good news: we are not dealing with any zero-days or publicly reported vulnerabilities.

Read More
Assurance Dashboard

Assurance Security Dashboard September 2020

Here is our Assurance Security dashboard that shows the risk associated with this month’s Patch Tuesday updates.

Read More
Patch Tuesday

A zero-day and testing of key printing features will drive August Windows updates

Though a DNS-spoofing vulnerability in Windows has been rated as a zero-day, the focus for this month’s updates should be on testing key Windows features prior to deployment.

Read More