It’s the second Tuesday of the month, which means it’s time for another round of Patch Tuesday updates from Microsoft. This month’s Patch Tuesday was highly anticipated for two reasons: 1) it was expected to provide a critical fix for the issues in the Windows 10 October update (version 1809), and 2) the October edition of Patch Tuesday marks the 15th anniversary of Patch Tuesday.
Unfortunately, this update is less than exciting because it doesn’t contain any fixes for Windows 10 version 1809, and it only addresses 49 vulnerabilities, which is the lowest this year. Of the all the vulnerabilities addressed with this update, 12 are marked critical.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows
-
Microsoft Office
-
Microsoft Office Services and Web Apps
-
Chakra Core
-
SQL Server Management Studio
-
Microsoft Exchange Server
Zero-day vulnerabilities
There’s only one zero-day vulnerability addressed with this month’s Patch Tuesday:
-
Win32k Elevation of Privilege Vulnerability (CVE-2018-8453):
This is an elevation of privilege vulnerability that exists in a Windows machine when the Win32k component fails to properly handle objects in memory. This vulnerability is being actively exploited, so it’s been marked as an important update.
Critical patch updates
As usual, most of this month’s critical vulnerabilities are memory corruption flaws in the Chakra scripting engine that could allow a remote attacker to execute arbitrary code on a target system. Here’s a list of all the critical flaws that Microsoft has patched with October’s edition of Patch Tuesday.
Non-security updates
This Patch Tuesday, Microsoft also released non-security updates for Office 2013 and Office 2016. View the entire list of non-security updates for the month of October.
Automate the deployment of Patch Tuesday updates
Keeping your endpoints updated seems simple enough, but it can become increasingly difficult as you scale up the number of endpoints you’re updating. The smart choice is automating your update deployment. ManageEngine offers two solutions for automating deployment tasks: Desktop Central and Patch Manager Plus. Download either of them to start your free, 30-day trial.
