Patch Tuesday updates have generally been equated with just Microsoft updates for a long time. However, there is another major player that addresses vulnerabilities in its products around the same time as Microsoft: Adobe. This Patch Tuesday, Adobe stole the limelight by addressing two critical vulnerabilities that many security researchers reported. Adding to Adobe’s patches, this Patch Tuesday saw 48 vulnerabilities addressed by Microsoft. Of these 48, seven are critical vulnerabilities and one is a zero-day vulnerability.
Product and software updates
This month’s Patch Tuesday covers updates for the following list of products and software:
Adobe Flash Player
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
Microsoft Visual Studio
Publicly disclosed vulnerabilities
This month’s Patch Tuesday updates include a patch for CVE-2019-0579, a Jet Database Engine remote code execution vulnerability that’s been publicly disclosed and rated critical. This Microsoft update resolves the security issue of the Windows Jet Database Engine improperly handling objects in memory.
Third-party patches: Adobe updates
Adobe has addressed two critical vulnerabilities this month, releasing information about these flaws under Bulletin ID APSB-19. Successful exploitation of these vulnerabilities could lead to arbitrary code execution on an active user session.
This Patch Tuesday, Microsoft also released non-security updates for Office 2010 and Office 2013. View the entire list of non-security updates for the month of January.
Automate your organization’s Patch Tuesday updates
Keeping your endpoints updated seems simple enough, but it can become increasingly difficult as you scale up the number of endpoints you’re updating. The smart choice is to automate your update deployment. ManageEngine offers two solutions for automating deployment tasks: Desktop Central and Patch Manager Plus. Download either of them to start your free, 30-day trial.