Patch Impact Assessment March 2019

Vulnerability Assessment

4

PUBLICLY DISCLOSED

2

EXPLOITED

2

ZERO-DAY

This is a large and urgent update to the Windows platforms and Microsoft Browsers (IE11 and Edge). With four publicly disclosed vulnerabilities, and two zero-day exploits, ensure that your browser and Windows updates are a top priority for this March Patch Tuesday.

Windows

This Windows update for March addresses 35 vulnerabilities, with six rated as critical and two rated as zero-days. This is a massive and urgent update for Windows.  Add this updates to your “Patch Now” release schedule.

VULNERABILITIES

0
LOW

0
MODERATE

29
IMPORTANT

6
CRITICAL

PATCH NOW!

Browsers

Microsoft has released eleven updates rated as critical for both browsers (Internet Explorer 11 and Microsoft Edge). Even if these updates were not accompanied by a further eleven important and moderate updates, this patch release should be a “Patch Now” update from Microsoft.

VULNERABILITIES

11
LOW

11
MODERATE

11
IMPORTANT

11
CRITICAL

PATCH NOW!

Office

The March Microsoft update cycle has been relatively kind to Microsoft Office, with only three reporterd vulnerabilities rated as important by Microsoft. Add this Microsoft Office update to your standard patch deployment schedule.

VULNERABILITIES

0
LOW

0
MODERATE

3
IMPORTANT

0
CRITICAL

SCHEDULE

Dev Tools

This month Microsoft has attempted to address six vulnerabilities rated as critical relating to remote code execution scenarios in the Chakra Core scripting engine. Given the overlap with the browser (Edge) updates this month, these development and scripting engine updates can be included in your standard development platform update regime.

VULNERABILITIES

1
LOW

0
MODERATE

4
IMPORTANT

6
CRITICAL

TEST

Adobe Flash Player

You can read more (and not much more) about this minor security update from Adobe here.

Add this minor update to your standard patch deployment effort.

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

0
CRITICAL

SCHEDULE

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Patch Tuesday

Large in number, large in nature, this Patch Tuesday needs your attention

With another critical update to Adobe Flash Player, critical updates to Microsoft’s browsers and the number and nature of updates to Windows platform, this month yields a large testing surface for companies.

Read More
Assurance Dashboard

Assurance Security Dashboard June 2020

For June, we’re again trying out a new way of reporting data using a report format that more closely aligns with what customers of our new Assurance offering will see.

Read More
Patch Tuesday

A ‘business-as-usual’ Patch Tuesday update for Windows desktops

With no “zero-days” and a relatively light load of Office, Developer Tools and legacy ESU updates, May’s patch cycle focused on the Windows desktop and server platforms, with 111 security related updates to all platforms.

Read More