It’s the second week of October, and Microsoft’s Patch Tuesday happened to be at the beginning of the calendar month. In a way, this month is exceptional for security updates. It is, however, a pleasant exception because there are no particularly critical issues related to vulnerabilities.
However, there was an exception during the last period, as Microsoft published an out-of-band type security update (CVE-2019-1367) outside of the regular Patch Tuesday. The update was a fix for Internet Explorer’s vulnerability on several different Windows operating systems.
October’s Patch Tuesday’s highest CVSS (Common Vulnerability Scoring System) score of 7.8/10 is related to the following vulnerabilities: CVE-2019-1311, CVE-2019-1315, CVE-2019-1325, CVE-2019-1339, CVE-2019-1340, CVE-2019-1341, CVE-2019-1358, and CVE-2019-1359. According to this month’s vulnerability report, there were no zero-day vulnerabilities for Microsoft’s operating system, browser, or Office products. In addition, none of the vulnerabilities were publicly disclosed. For these reasons, none of the vulnerabilities showed any signs that they could be considered as highly critical.
Version 1903 could be considered an exception because this month it had zero issues, and it has been at the top of the list with its high number of issues the last few months. This month’s known issues do not seem to be unreasonable. October updates have the following number of issues.
|Operating System||Known Issues|
|Windows 10, version 1903 and Windows Server, version 1903||0|
|Windows 10, version 1809 and Windows Server 2019||4|
|Windows 10, version 1803||3|
|Windows 10, version 1709 and Windows Server, version 1709||1|
|Windows 10, version 1703||1|
|Windows 10, version 1607 and Windows Server 2016||2|
|Windows 8.1 and Windows Server 2012 R2||1|
|Windows Server 2012||1|
|Windows 7 and Windows Server 2008 R2 SP1||1|
Microsoft maintains a list of Windows updates and their known issues on the following page.
With all things considered, no exceptional activities are required for security updates. However, Centero recommends testing the updates carefully before migrating them into production.
With CSM Cloud and CSM Cloud for Servers, your devices receive these updates in a managed way according to the configuration that you have selected.