It’s the second week of October, and Microsoft’s Patch Tuesday happened to be at the beginning of the calendar month. In a way, this month is exceptional for security updates. It is, however, a pleasant exception because there are no particularly critical issues related to vulnerabilities.

However, there was an exception during the last period, as Microsoft published an out-of-band type security update (CVE-2019-1367) outside of the regular Patch Tuesday. The update was a fix for Internet Explorer’s vulnerability on several different Windows operating systems.

October’s Patch Tuesday’s highest CVSS (Common Vulnerability Scoring System) score of 7.8/10 is related to the following vulnerabilities: CVE-2019-1311, CVE-2019-1315, CVE-2019-1325, CVE-2019-1339, CVE-2019-1340, CVE-2019-1341, CVE-2019-1358, and CVE-2019-1359. According to this month’s vulnerability report, there were no zero-day vulnerabilities for Microsoft’s operating system, browser, or Office products. In addition, none of the vulnerabilities were publicly disclosed. For these reasons, none of the vulnerabilities showed any signs that they could be considered as highly critical.

Version 1903 could be considered an exception because this month it had zero issues, and it has been at the top of the list with its high number of issues the last few months. This month’s known issues do not seem to be unreasonable. October updates have the following number of issues.

Operating System Known Issues
Windows 10, version 1903 and Windows Server, version 1903 0
Windows 10, version 1809 and Windows Server 2019 4
Windows 10, version 1803 3
Windows 10, version 1709 and Windows Server, version 1709 1
Windows 10, version 1703 1
Windows 10, version 1607 and Windows Server 2016 2
Windows 8.1 and Windows Server 2012 R2 1
Windows Server 2012 1
Windows 7 and Windows Server 2008 R2 SP1 1

Microsoft maintains a list of Windows updates and their known issues on the following page.

With all things considered, no exceptional activities are required for security updates. However, Centero recommends testing the updates carefully before migrating them into production.

With CSM Cloud and CSM Cloud for Servers, your devices receive these updates in a managed way according to the configuration that you have selected.

Read more on this topic:

Many Vulnerabilities Are Patched on Microsoft’s Patch Tuesday of April

There are quite many vulnerabilities this month. Take care of the endpoints especially now when users mostly work remotely.   The number of the vulnerabilities has been great during the last months. April is no exception. This month Microsoft patched 113 vulnerabilities. There are not any highest critical level of vulnerabilities targeted to operating systems […]

Patch Tuesday in August should not go by without a notice

August has brought 114 vulnerabilities targeted to Windows OS, browsers and Microsoft Office. This month there are actually patches to fix rather remarkable vulnerabilities. At first there is a critical vulnerability CVE-2020-1472 targeted to Windows Server domain controllers. The vulnerability has the highest scoring of 10.0 in CVSS rating. In addition to that there is a […]