Vulnerability Assessment
0
PUBLICLY DISCLOSED
1
EXPLOITED
0
ZERO-DAY
This October Patch Tuesday is an important but troubled patch release from Microsoft. With a browser out-of-band critical update (CVE-2019-1367) that has been widely reported as causing a number of deployment issues. Our advice this month is to patch Windows and Browsers, schedule your Office and development tool patches, and celebrate a month of no threats to Adobe software!
Threatscape
Exploitability
CVE-2019-1333
CVE-2019-1060
CVE-2019-1367
CVE-2019-1307
CVE-2019-1308
CVE-2019-1239
CVE-2019-1335
CVE-2019-1327
CVE-2019-1372
Windows
PATCH NOW!
VULNERABILITIES
3
CRITICAL
34
IMPORTANT
1
MODERATE
0
LOW
Microsoft has released 38 patches to the Windows platform this month, with two rated as critical (CVE-2019-1060, CVE-2019-1333) and a critical servicing stack advisory (ADV990001). Again, we are seeing updates to familiar windows components: Microsoft JET Engine, RDP, HTTP, APPX, GDI and XML Core Services.
We suggest that most organizations WAIT for a few more days, find out where the trouble-spots are, and then tested extensively before a general deployment.
Browsers
PATCH NOW!
VULNERABILITIES
5
CRITICAL
2
IMPORTANT
1
MODERATE
2
LOW
Microsoft has released ten updates to both browsers this month, with five rated as critical by Microsoft affecting the Chakra, JavaScript and VBScript engine.
Our advice: test your core applications, test all your printers, and then stage a measure roll-out on a departmental basis.
Office
SCHEDULE
VULNERABILITIES
0
CRITICAL
6
IMPORTANT
0
MODERATE
0
LOW
This month’s update brings several updates to Microsoft SharePoint Server with six updates rated as important for Microsoft Office applications.
Make a backup of your server before this update. Add these updates (both desktop and server platforms) to your standard, scheduled update release schedule
Dev Tools
SCHEDULE
VULNERABILITIES
1
CRITICAL
3
IMPORTANT
0
MODERATE
0
LOW
Microsoft has released a critical update for its Azure App Service (please sanitize your inputs) and two important updates (CVE-2019-1313, CVE-2019-1376) to the SQL Server Management studio (SSMS).
All these changes will require extensive testing, and so add these patches to your standard development release schedule.
Adobe
MARGARITA TIME!
VULNERABILITIES
0
CRITICAL
0
IMPORTANT
0
MODERATE
0
LOW
No updates this month for Adobe. It’s Margarita time.