Another month, another Patch Tuesday! Admins who have been around for a while are familiar with the significance of this day. If you are not one of them, we’ll bring you up to speed with a quick introduction before we look at the highlights of July’s Patch Tuesday, followed by a well-crafted set of patching best practices ideal for the new normal.

What is Patch Tuesday?
The second Tuesday of every month is considered as Patch Tuesday, and it’s on this day that Microsoft releases security and non-security updates for its operating system and other related applications.

Why is Patch Tuesday important?
Microsoft formalized Patch Tuesday on October 2003 and has upheld this practice since then. This process gives IT admins sufficient time to plan and have all their resources ready before they set about with the patching process for that month.

Now that we have touched upon its importance, let’s check out this month’s Patch Tuesday updates.

Breakdown of July’s Patch Tuesday updates

Security updates were released for the following lineup of products:

  • Microsoft Windows

  • Microsoft Edge (EdgeHTML-based)

  • Microsoft Edge (Chromium-based) in IE Mode

  • Microsoft ChakraCore

  • Internet Explorer

  • Microsoft Office and Microsoft Office Services and Web Apps

  • Windows Defender

  • Skype for Business

  • Visual Studio

  • Microsoft OneDrive

  • Open Source Software

  • .NET Framework

  • Azure DevOps

Crucial vulnerabilities and public disclosures  

The most noteworthy fix in July’s Patch Tuesday is for a vulnerability in Windows DNS Server CVE-2020-1350. With a severity rating of 10, this remote code execution vulnerability can be weaponized to create wormable malware if left unpatched. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

This Patch Tuesday also includes fixes for two previously disclosed Important vulnerabilities. A security advisory ADV200008 for Enabling Request Smuggling Filter on IIS Servers was released. The second publicly disclosed vulnerability CVE-2020-1463 is an elevation of privilege vulnerability in the way that the SharedStream Library handles objects in memory.

Critical and noteworthy updates  

This Patch Tuesday comes with 18 Critical updates, and 105 Important ones. The Critical updates include:

CVE-2020-1147

CVE-2020-1436

CVE-2020-1435

CVE-2020-1409

CVE-2020-1349

CVE-2020-1439

CVE-2020-1403

CVE-2020-1410

CVE-2020-1374

CVE-2020-1421

CVE-2020-1350

CVE-2020-1025

CVE-2020-1041

CVE-2020-1040

CVE-2020-1032

CVE-2020-1036

CVE-2020-1042

CVE-2020-1043

It is recommended that you give priority to the patches mentioned above, followed by the other Important patches.

Non-security updates   

Microsoft has released cumulative updates for Windows 10 that include the non-security updates KB4565503 and KB4565483. It also stated it will resume non-security releases for Windows 10 and Windows Server, version 1809 and later, with no change to the cumulative monthly security updates.

Other notable mentions

The Chrome team announced the promotion of Chrome 84 to the stable channel for Windows, Mac and Linux. This update is said to include 38 security fixes that will roll out over the coming days or weeks.

Interested in learning more? Sign up for ManageEngine’s free webinar, and take a closer look at this month’s Patch Tuesday updates along with our experts.

Best practices to handle patch management in the current work-from-home scenario

With COVID-19 sending most of the workforce home, patching and securing endpoints presents various new challenges to IT admins. Here are the steps you need to follow to ensure that it doesn’t stop you from being on top of your patching game:

  • Automatic updates, though extremely convenient, can eat up end-users’ bandwidth and also put them at risk for faulty patches in a WFH scenario. Disable these updates with Patch Manager Plus and Desktop Central’s dedicated patch, 105427, and prioritize only essential patches.

  • Updates can get tricky. It’s advised to create a restore point, which is a backup or image that captures the state of the machines, before deploying big updates like those from Patch Tuesday.

  • Communication is key for a successful remote workforce. Establish a patching schedule and keep end users informed about it. Set up specific times for deploying patches and rebooting systems. Let end users know what has to be done from their end—for instance, that they need to connect to the VPN for three hours from 6pm to 9pm.

  • Don’t let patching affect productivity. Test the patches on a pilot group of systems before deploying them to the production environment to prevent any adversities.

  • Flexibility is crucial while it comes to deploying policies in remote environments. Allow users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience, thereby not disrupting their work. Our patch management products come with options for user-defined deployment and reboot.

  • Prioritize patches based on severity. Install security updates starting with critical updates. Schedule the non-security updates, as well as security updates that are not rated Critical, to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment. Holding off on deploying feature packs and cumulative updates can help minimize bandwidth consumption, as these updates are bulky.

  • Run patch reports to get a detailed view of the health status of your endpoints.

With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management from testing patches to deploying them. You can also tailor the patching tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure.

 Also, take a look at this thoughtfully compiled guide with insights from past Patch Tuesdays, and make informed decisions when it comes to patching.