Patch Impact Assessment July 2019

Vulnerability Assessment

6

PUBLICLY DISCLOSED

2

EXPLOITED

2

ZERO-DAY

This is a big Patch Tuesday for some Windows users. Older systems such as Windows 7 and Server 2008 need both urgent and important updates to resolve publicly disclosed and exploited vulnerabilities. If you are running later versions of Windows 10, the situation is much improved, with recommendations for scheduled updates and comprehensive testing before deployment.

Windows

If you have moved, and if you are on the latest Windows 10 build (1903) then your build team needs to spend some time on the new sandbox functionality, as there were reported testing issues this month. And, please test your Remote Desktop Services (RDS) implementation. I am not sure that there is a direct mapping to an application specific issue, but it may be time to run RDS through your basic unit tests before a general deployment of the Windows 10 updates. If you are using Windows 7 and 8, add these updates to your “Patch Now” release schedule. If you are using Windows 10, add these updates to your standard deployment schedule of patches.

VULNERABILITIES

0
LOW

0
MODERATE

48
IMPORTANT

2
CRITICAL

PATCH NOW!

Browsers

Unfortunately, Microsoft has reported that these vulnerabilities are likely to be exploited on all platforms, they could lead to code execution with  full user or admin privileges and may only require a visit to a specially crafted web page to exploit. This makes these updates both urgent and important. Add these browser updates to your “Patch Now” release cycle.

VULNERABILITIES

0
LOW

9
MODERATE

0
IMPORTANT

8
CRITICAL

PATCH NOW!

Office

Microsoft has released seven updates for Microsoft, none rated as critical. Add these Microsoft Office updates to your standard office patch schedule.

VULNERABILITIES

0
LOW

0
MODERATE

7
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

We advise adding the .NET changes to a scheduled development update. The Chakra scripting engine updates need to be added to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

1
MODERATE

6
IMPORTANT

8
CRITICAL

SCHEDULE

Adobe Flash Player

There are no updates for Adobe products this month from Microsoft. Yes, it’s true.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

Margarita Time!

Related Posts

Patch Impact Assessment Summary

Patch Impact Assessment (Threatscape Report) September 2019

Here’s our 2019 Patch Impact assessment report reformatted with our new “Threatscape” report, showing a more complete assessment of the risk of not installing September’s Patch Tuesday updates in an easily-digestible, at-a-glance report.

Read More
Patch Tuesday

Complex September Update Brings Large Windows, Browser and Development Tool Patches

Greg Lambert’s Patch Tuesday post for September is here. This September update cycle brings two zero-days and three publicly reported vulnerabilities in the Windows platform.

Read More
Patch Impact Assessment Summary

Patch Impact Assessment September 2019

This September update cycle brings two zero-days and three publicly reported vulnerabilities in the Windows platform. Both browser and Windows updates require immediate attention and your development team will need to spend some time with the latest patches to .NET and .NET Core.

Read More