Try Readiness

Patch Impact Assessment October 2019

Vulnerability Assessment

0

PUBLICLY DISCLOSED

1

EXPLOITED

0

ZERO-DAY

This October Patch Tuesday is an important but troubled patch release from Microsoft. With a browser out-of-band critical update (CVE-2019-1367) that has been widely reported as causing a number of deployment issues. Our advice this month is to patch Windows and Browsers, schedule your Office and development tool patches, and celebrate a month of no threats to Adobe software!

Threatscape

Exploitability

CVE-2019-1333

CVE-2019-1060

CVE-2019-1367

CVE-2019-1307

CVE-2019-1308

CVE-2019-1239

CVE-2019-1335

CVE-2019-1327

CVE-2019-1372

Windows

PATCH NOW!

VULNERABILITIES

3
CRITICAL

34
IMPORTANT

1
MODERATE

0
LOW

Microsoft has released 38 patches to the Windows platform this month, with two rated as critical (CVE-2019-1060, CVE-2019-1333) and a critical servicing stack advisory (ADV990001). Again, we are seeing updates to familiar windows components: Microsoft JET Engine, RDP, HTTP, APPX, GDI and XML Core Services.

We suggest that most organizations WAIT for a few more days, find out where the trouble-spots are, and then tested extensively before a general deployment.

Browsers

PATCH NOW!

VULNERABILITIES

5
CRITICAL

2
IMPORTANT

1
MODERATE

2
LOW

Microsoft has released ten updates to both browsers this month, with five rated as critical by Microsoft affecting the Chakra, JavaScript and VBScript engine.

Our advice: test your core applications, test all your printers, and then stage a measure roll-out on a departmental basis.

Office

SCHEDULE

VULNERABILITIES

0
CRITICAL

6
IMPORTANT

0
MODERATE

0
LOW

This month’s update brings several updates to Microsoft SharePoint Server with six updates rated as important for Microsoft Office applications.

Make a backup of your server before this update. Add these updates (both desktop and server platforms) to your standard, scheduled update release schedule

Dev Tools

SCHEDULE

VULNERABILITIES

1
CRITICAL

3
IMPORTANT

0
MODERATE

0
LOW

Microsoft has released a critical update for its Azure App Service (please sanitize your inputs) and two important updates (CVE-2019-1313, CVE-2019-1376) to the SQL Server Management studio (SSMS).

All these changes will require extensive testing, and so add these patches to your standard development release schedule.

Adobe

MARGARITA TIME!

VULNERABILITIES

0
CRITICAL

0
IMPORTANT

0
MODERATE

0
LOW

No updates this month for Adobe. It’s Margarita time.

Leave a Comment

Your email address will not be published. Required fields are marked *

Understanding the Threatscape Report

The Readiness “Threatscape” report summarizes your risk of not applying this month’s patches, using all publicly-available vulnerability data.

It’s important to note that it’s equally important to know the risk to your applications if you DO apply this month’s patches. This is of course is dependent on:

  • The current state (version and build) of each platform (Windows, Office, Browser, etc.).
  • Which applications are part of your portfolio.

Luckily, determining the risk of applying patches is easy (and fast and dynamic, thanks to our Dynamic Platform Assessment tool.

To understand what will happen when you apply this month’s patches, contact us and assess your first 25 applications for free.

Try Readiness

For each major platform, the pie chart shows the breakdown of vulnerabilities rated critical, important, moderate and low. These match the tables below the graph.

The size of the pie represents the total number of vulnerabilities. The larger the pie, the more vulnerabilities present.

The position of the pie on the vertical axis represents the relative risk to your application portfolio. The higher the position, the higher the exploitability.

Related Posts

Patch Tuesday

Just a few more updates for 2019 makes for a light December Patch Tuesday

January 27, 2020

There is an urgent update to Microsoft Internet Explorer 11 and three critical updates to the Windows platform that will require some attention this month. In addition, we have cumulative updates for the .NET and SQL server platforms that will require some testing before general deployment.

Read More
Written by
Patch Impact Assessment Summary

Patch Impact Assessment January 2020

January 27, 2020

Here’s our patch impact assessment for January’s Patch Tuesday.

Read More
Written by
Patch Impact Assessment Summary

Patch Impact Assessment December 2019

December 11, 2019

Here’s our patch impact assessment for December’s Patch Tuesday.

Read More
Written by

Contact Us

Free trial (25 applications)

Terms of use

Privacy policy

Read more articles

EricJanuary 27, 2020

Just a few more updates for 2019 makes for a light December Patch Tuesday

Patch Tuesday0
EricJanuary 27, 2020

Patch Impact Assessment January 2020

Patch Impact Assessment Summary0
EricDecember 11, 2019

Patch Impact Assessment December 2019

Patch Impact Assessment Summary0
EricDecember 5, 2019

Microsoft's Desktop Analytics is Here and it's Free—Do you Get What you Pay For?

Opinion0
GregNovember 14, 2019

Critical updates to Excel and publicly disclosed exploits make for an urgent November Patch Tuesday

Patch Tuesday0

1-833-2READINESS+44 203 633 5432

© Copyright 2019 Application Readiness Inc.

    
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume you're happy with it. Find out more.