Patch Impact Assessment June 2019

Vulnerability Assessment

4

PUBLICLY DISCLOSED

0

EXPLOITED

0

ZERO-DAY

This month, Microsoft delivers a big, complex series of updates to Windows, Azure and Edge. With 88 vulnerabilities addressed and four made public, we see “Patch Now” recommendations for both browsers, Windows and Adobe. I think that we should pay special attention to this month’s significant updates to ADO and JET.

Windows

This is a big, complex update that affects many of the core operating system components. If you have a reliance on JET/ADO, Hyper-V or specialist line of business applications that relay on core GDI services, then this updates needs application compatibility testing. Otherwise, add this large Windows update to your standard deployment effort.

VULNERABILITIES

0
LOW

1
MODERATE

57
IMPORTANT

5
CRITICAL

PATCH NOW!

Browsers

For this Patch Tuesday, Microsoft has attempted to resolve 16 critical, three important, and 16 moderate vulnerabilities in Microsoft’s Edge browser. Add this update to your Patch Now release cycle.

VULNERABILITIES

3
LOW

16
MODERATE

3
IMPORTANT

16
CRITICAL

PATCH NOW!

Office

These reported issues are more difficult to exploit, and with no critical updates this month, we recommend that you “Schedule” this update as part of your standard deployment effort.

VULNERABILITIES

0
LOW

0
MODERATE

7
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

Schedule the Azure DevOps update, but add the Chakra update to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

0
MODERATE

1
IMPORTANT

9
CRITICAL

SCHEDULE

Adobe Flash Player

As usual, its serious as its ridiculously easy to exploit and if you have Flash on your systems (you really shouldn’t) please add to this critical update to your “Patch Now” deployment effort. 

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

1
CRITICAL

PATCH NOW!

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Patch Tuesday

A Fat Windows Update for September’s Patch Tuesday

Microsoft released 129 updates to its Windows ecosystem this month. The good news: we are not dealing with any zero-days or publicly reported vulnerabilities.

Read More
Assurance Dashboard

Assurance Security Dashboard September 2020

Here is our Assurance Security dashboard that shows the risk associated with this month’s Patch Tuesday updates.

Read More
Patch Tuesday

A zero-day and testing of key printing features will drive August Windows updates

Though a DNS-spoofing vulnerability in Windows has been rated as a zero-day, the focus for this month’s updates should be on testing key Windows features prior to deployment.

Read More