Patch Impact Assessment March 2019

Vulnerability Assessment

4

PUBLICLY DISCLOSED

2

EXPLOITED

2

ZERO-DAY

This is a large and urgent update to the Windows platforms and Microsoft Browsers (IE11 and Edge). With four publicly disclosed vulnerabilities, and two zero-day exploits, ensure that your browser and Windows updates are a top priority for this March Patch Tuesday.

Windows

This Windows update for March addresses 35 vulnerabilities, with six rated as critical and two rated as zero-days. This is a massive and urgent update for Windows.  Add this updates to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

0
MODERATE

29
IMPORTANT

6
CRITICAL

PATCH NOW!

Browsers

Microsoft has released eleven updates rated as critical for both browsers (Internet Explorer 11 and Microsoft Edge). Even if these updates were not accompanied by a further eleven important and moderate updates, this patch release should be a “Patch Now” update from Microsoft.

VULNERABILITIES

11
LOW

11
MODERATE

11
IMPORTANT

11
CRITICAL

PATCH NOW!

Office

The March Microsoft update cycle has been relatively kind to Microsoft Office, with only three reporterd vulnerabilities rated as important by Microsoft. Add this Microsoft Office update to your standard patch deployment schedule.

VULNERABILITIES

0
LOW

0
MODERATE

3
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

This month Microsoft has attempted to address six vulnerabilities rated as critical relating to remote code execution scenarios in the Chakra Core scripting engine. Given the overlap with the browser (Edge) updates this month, these development and scripting engine updates can be included in your standard development platform update regime.

VULNERABILITIES

1
LOW

0
MODERATE

4
IMPORTANT

6
CRITICAL

TEST

Adobe Flash Player

You can read more (and not much more) about this minor security update from Adobe here.

Add this minor update to your standard patch deployment effort.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

SCHEDULE

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Opinion

Continuous Update Models: Good for Developers, Bad for IT Departments

Desktop migrations used to be a big thing: maybe kind of a heroic effort, with sacrifices in time, money and broken systems during deployment. Due …

Read More
Virtualization

Layering is Back!

What are the downsides of layering and virtualization that prevent it from being the cost saver that these companies were expecting? Are they avoidable and if so, how? Is it time, once again, for the virtual machine to shine?

Read More
Patch Tuesday

Take your time, get it right for March Patch Tuesday

With 115 patches, this will be a difficult set of updates to release and manage. Test the changes to each platform, create a staged rollout plan and wait for imminent changes from Microsoft.

Read More