Menu
Try Readiness

Patch Impact Assessment November 2019

Vulnerability Assessment

1

PUBLICLY DISCLOSED

1

EXPLOITED

0

ZERO-DAY

This is a really big update for the Windows platform. And while we don’t have a zero-day vulnerability like September’s Patch Tuesday, there are two vulnerabilities that deserve our attention. The first (CVE-2019-1429) relates to a vulnerability in the Microsoft Script Engine which has been reported as publicly exploited. And the second, (CVE-2019-1457) is a publicly reported exploit in Microsoft Excel.

Threatscape

Exploitability

CVE-2019-1441

CVE-2019-1429

CVE-2019-1390

CVE-2019-1427

CVE-2019-1445

CVE-2019-1447

CVE-2019-1370

CVE-2019-1425

Windows

PATCH NOW!

VULNERABILITIES

9
CRITICAL

48
IMPORTANT

0
MODERATE

0
LOW

If you are running Windows 10 (preferably later than 1803) then there are significant changes to the Hyper-V platform that will require testing. Schedule this Windows update, with a staggered release schedule for your Windows 10 desktops.

Browsers

PATCH NOW!

VULNERABILITIES

3
CRITICAL

1
IMPORTANT

2
MODERATE

0
LOW

Unfortunately, this month there has been reports of a Microsoft Script engine vulnerabilities exploited in the wild (CVE-2019-1429) that like other related vulnerabilities could lead to arbitrary code execution in the user’s security context. There is even an ActiveX web-based attack for this vulnerability, which we thought was not really “allowed” anymore. Add these Microsoft browser updates to your “Patch Now” release cycle.

Office

SCHEDULE

VULNERABILITIES

1
CRITICAL

9
IMPORTANT

0
MODERATE

0
LOW

Unusually, there has been a publicly reported exploit for Excel (CVE-2019-1457) that though difficult to exploit. This security relies on Excel macros and the vain hope that users will not download and open Excel files sent to them from strangers. As a result of this, please add this month’s Microsoft Office update to your “Patch Now” release cycle.

Dev Tools

SCHEDULE

VULNERABILITIES

0
CRITICAL

2
IMPORTANT

0
MODERATE

0
LOW

This is a relatively quiet month for Microsoft developer tools updates with just two patches (CVE-2019-1370) and CVE-2019-1425), both rated as important by Microsoft. Affecting the open source Open Enclave SDK and Visual Studio, these two vulnerabilities may lead to an elevation of privilege security issue. Fortunately, the Visual Studio vulnerability has already been separately addressed by two NPM advisories: Arbitrary File Overwrite and the fstream version. Add this update to your regular developer update schedule.

Adobe

MARGARITA TIME!

VULNERABILITIES

0
CRITICAL

0
IMPORTANT

0
MODERATE

0
LOW

No Adobe updates for this month. If this continues into January, we will remove this section from our updates going forward. But for now, it’s Margarita time!

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

Try Readiness

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Opinion

Microsoft’s Desktop Analytics is Here and it’s Free—Do you Get What you Pay For?

December 5, 2019

Analysing your desktop applications prior to migrating to a new system or doing a major update is vital. One of the major reasons why ‘software …

Read More
Written by
Patch Tuesday

Critical updates to Excel and publicly disclosed exploits make for an urgent November Patch Tuesday

November 14, 2019

This is a really big update for the Windows platform. And while we don’t have a zero-day vulnerability like September’s Patch Tuesday, there are two vulnerabilities that deserve our attention.

Read More
Written by
Opinion

Migrate from Windows 7 to Windows 10 Before It’s Too Late: Everything You Need to Know!

October 18, 2019

Out-dated operating systems such as the beloved Windows 7, may still be functional but leave your company vulnerable. It is inherently risky to continue running Windows 7 and much safer to migrate to Windows 10 before it is too late.

Read More
Written by

Contact Us

Free trial (25 applications)

Terms of use

Privacy policy

Read more articles

EricDecember 5, 2019

Microsoft's Desktop Analytics is Here and it's Free—Do you Get What you Pay For?

Opinion0
GregNovember 14, 2019

Critical updates to Excel and publicly disclosed exploits make for an urgent November Patch Tuesday

Patch Tuesday0
EricNovember 13, 2019

Patch Impact Assessment November 2019

Patch Impact Assessment Summary0
EricOctober 18, 2019

Migrate from Windows 7 to Windows 10 Before It's Too Late: Everything You Need to Know!

Opinion0
GregOctober 10, 2019

A Troubled Update to Critical Browser Patches for October Patch Tuesday

Patch Tuesday0

1-833-2READINESS | +44 203 633 5432

© Copyright 2019 Application Readiness Inc.

    
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume you're happy with it. Find out more.