As IT administrators do their best to cope with business continuity plans, it’s imperative that they understand and manage patch updates. With cybersecurity threats on the rise thanks to the pandemic, getting a better understanding of the Patch Tuesday releases and finding ways to deploy them to remote endpoints efficiently is essential. Microsoft has released fixes for a total of 58 vulnerabilities, which is the least of all the whopping Patch Tuesday numbers we’ve seen this year. Among these vulnerabilities, nine are classified as Critical and 48 as Important. There are no zero-day or unpatched vulnerabilities this month.

 A lineup of significant updates

 Microsoft security updates have been released for:

  •  Microsoft Dynamic.
  •  Microsoft Exchange Server.
  •  Microsoft Edge (EdgeHTML-based).
  •  Microsoft Office SharePoint.
  •  Windows Hyper-V.

Noteworthy updates

 Here are three Critical vulnerabilities that are especially noteworthy:

 Shedding some light on this month’s highlights

A total of nine Critical vulnerabilities have been reported this Patch Tuesday; those are listed below. 

Product

CVE Title

CVE ID

Dynamics 365 for Finance and Operations

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

CVE-2020-17158

Dynamics 365 for Finance and Operations

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

CVE-2020-17152

Microsoft Edge (EdgeHTML-based)

Chakra Scripting Engine Memory Corruption Vulnerability

CVE-2020-17131

Microsoft Exchange Server

Microsoft Exchange Remote Code Execution Vulnerability

CVE-2020-17117

Microsoft Exchange Server

Microsoft Exchange Remote Code Execution Vulnerability

CVE-2020-17132

Microsoft Exchange Server

Microsoft Exchange Remote Code Execution Vulnerability

CVE-2020-17142

Microsoft Office SharePoint

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-17121

Microsoft Office SharePoint

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-17118

Windows Hyper-V

Hyper-V Remote Code Execution Vulnerability

CVE-2020-17095

 Third-party updates released this month

Coinciding with this month’s Patch Tuesday, Google and Apple have released their own security updates for Android and iOS respectively. We also have notable security updates from SAP, D-Link, Cisco, QNAP, and VMware. 

Sign up for our free webinar on Patch Tuesday updates to get a complete breakdown of the security, non-security, and third-party updates released this Patch Tuesday. 

Keep reading for a few best practices that are ideal in a remote patch management scenario.

  • Prioritize security updates over non-security and optional updates.

  • Download patches directly to endpoints rather than saving them on your server and distributing them to remote locations.

  • Schedule automation tasks specifically for deploying critical patches for timely updates.

  • Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.

  • Allow end users to skip deployments to avoid disturbing their productivity.

  • Ensure the machines under your scope aren’t running any end-of-life OSs or applications.

  • Ensure you use a secure gateway server to establish a safe connection between your remote endpoints.

Want to see how you can implement these best practices with ease using Patch Manager Plus or Desktop Central? Register for our free Patch Tuesday webinar, and watch our experts carry out these practices in real time. You’ll also get insights on trending cybersecurity incidents, and our product specialists will be available to clarify any questions you might have.

Happy patching!

  1. paolo dantona

    Hi all ,
    what advice do you give when installing monthly patches? Do you have to do them immediately or is it better to wait a few days from release?
    Between Microsoft and third party patches, my company with more than 600 computers sometimes can’t keep up with updates.
    what is your opinion or advice