For system admins who’ve been in their trade for a while, Patch Tuesday and the endless patching and updating that follows is something you’re likely familiar with. For those of you new to the trade, here’s a quick introduction.

What is Patch Tuesday?

It refers to the time of the month that Microsoft releases security and non-security patches to address the vulnerabilities in it’s software products. Updates for improving or enhancing an application/OS are also released on Patch Tuesday.

When is Patch Tuesday?

It usually falls on the second Tuesday of every month. Microsoft formalized Patch Tuesday on October 2003.

Now that we know what Patch Tuesday is, let’s take a look at this month’s Patch Tuesday updates.

Highlights of Patch Tuesday November 2019

This Patch Tuesday, Microsoft has released updates to fix 74 vulnerabilities of which 13 are classified as Critical and 59 are deemed Important. With the release of the November 2019 security updates, Microsoft has also released 2 advisories

Patch Tuesday updates for Microsoft products 

Microsoft Patch Tuesday October 2019 covers vulnerabilities in:

  • Microsoft Windows

  • Internet Explorer

  • Microsoft Edge (EdgeHTML)

  • ChakraCore

  • Microsoft Office, Microsoft Office Services, and Web Apps

  • Open Source Software

  • Secure Boot

  • Microsoft Exchange Server

  • Visual Studio

  • Azure Stack

Some of the third-party applications that have been patched are:

  • Archi 4.6

  • KeePassXC 2.5.1

  • GoodSync 10.10.12

  • Zoom 4.5.5752.1110

  • Microsoft Power BI Desktop 2.75.5649.582

Zero-day vulnerability in Internet Explorer fixed

This month’s Patch Tuesday fixes a critical remote code execution vulnerability in Internet Explorer that was being exploited in the wild. This was a scripting engine memory corruption vulnerability and if exploited, can allow the attacker to conduct web based attacks. The CVE ID to patch this vulnerability is CVE-2019-1429

Apart from this Microsoft also patched a publicly disclosed vulnerability in Microsoft Office for Mac, which was a security feature bypass vulnerability with the CVE ID : CVE-2019-1457

Vulnerabilities that received major updates

Hyper-V hypervisor has been the main focus of this Patch Tuesday. Microsoft has released patches to fix nine Hyper-V vulnerabilities, five of which could have been potentially leveraged to perform remote code execution. The CVE IDs to patch these vulnerabilities are CVE-2019-0712, CVE-2019-0719, CVE-2019-0721, CVE-2019-1309, CVE-2019-1310CVE-2019-1389, CVE-2019-1397, CVE-2019-1398, CVE-2019-1399. Apart from this, Windows Kernal and scripting engines have also received various updates.

Best practices to handle Microsoft Patch Tuesday updates for November 2019

Patching and updating all your endpoints might seem like an impossible task, but there are best practices you can follow to streamline your patching process:

We can already hear you sighing just thinking about this tedious process. But don’t worry, we’ve got you covered! 

ManageEngine offers two solutions—Desktop Central and Patch Manager Plus. Both help you automate all the best practices mentioned above from one central console. You can try both solutions free for 30 days and keep more than 750 applications, including over 300 third-party applications, up to date.

Want to learn more? Join our Patch Tuesday November 2019 webinar where we’ll take a closer look at this month’s updates, analyze the critical vulnerabilities, and discuss the impact of ignoring them. Register now!

 

 

  1. aj

    How do you know which CVE IDs belongs to which Patch id?
    Thank you in advance.