As IT administrators do their best to cope with business continuity plans, it’s imperative that they understand and manage patch updates. With cybersecurity threats on the rise thanks to the pandemic, getting a better understanding of the Patch Tuesday releases and finding ways to deploy them to remote endpoints efficiently is essential. Microsoft has released fixes for a total of 58 vulnerabilities, which is the least of all the whopping Patch Tuesday numbers we’ve seen this year. Among these vulnerabilities, nine are classified as Critical and 48 as Important. There are no zero-day or unpatched vulnerabilities this month.
A lineup of significant updates
Microsoft security updates have been released for:
- Microsoft Dynamic.
- Microsoft Exchange Server.
- Microsoft Edge (EdgeHTML-based).
- Microsoft Office SharePoint.
- Windows Hyper-V.
Noteworthy updates
Here are three Critical vulnerabilities that are especially noteworthy:
-
CVE-2020-17095 – Hyper-V Remote Code Execution Vulnerability: Allows malicious programs to execute arbitrary code on host Hyper-V VMs
-
CVE-2020-17096 – Windows NTFS Remote Code Execution Vulnerability: Allows attackers to gain elevated privileges and execute arbitrary commands both locally and remotely
-
CVE-2020-17099 – Windows Lock Screen Security Feature Bypass Vulnerability: Allows command execution from a locked Windows device
Shedding some light on this month’s highlights
A total of nine Critical vulnerabilities have been reported this Patch Tuesday; those are listed below.
Product |
CVE Title |
CVE ID |
Dynamics 365 for Finance and Operations |
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
|
Dynamics 365 for Finance and Operations |
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
|
Microsoft Edge (EdgeHTML-based) |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Remote Code Execution Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Remote Code Execution Vulnerability |
|
Microsoft Exchange Server |
Microsoft Exchange Remote Code Execution Vulnerability |
|
Microsoft Office SharePoint |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Microsoft Office SharePoint |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Windows Hyper-V |
Hyper-V Remote Code Execution Vulnerability |
Third-party updates released this month
Coinciding with this month’s Patch Tuesday, Google and Apple have released their own security updates for Android and iOS respectively. We also have notable security updates from SAP, D-Link, Cisco, QNAP, and VMware.
Sign up for our free webinar on Patch Tuesday updates to get a complete breakdown of the security, non-security, and third-party updates released this Patch Tuesday.
Keep reading for a few best practices that are ideal in a remote patch management scenario.
-
Prioritize security updates over non-security and optional updates.
-
Download patches directly to endpoints rather than saving them on your server and distributing them to remote locations.
-
Schedule automation tasks specifically for deploying critical patches for timely updates.
-
Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.
-
Allow end users to skip deployments to avoid disturbing their productivity.
-
Ensure the machines under your scope aren’t running any end-of-life OSs or applications.
-
Ensure you use a secure gateway server to establish a safe connection between your remote endpoints.
Want to see how you can implement these best practices with ease using Patch Manager Plus or Desktop Central? Register for our free Patch Tuesday webinar, and watch our experts carry out these practices in real time. You’ll also get insights on trending cybersecurity incidents, and our product specialists will be available to clarify any questions you might have.
Happy patching!
Hi all ,
what advice do you give when installing monthly patches? Do you have to do them immediately or is it better to wait a few days from release?
Between Microsoft and third party patches, my company with more than 600 computers sometimes can’t keep up with updates.
what is your opinion or advice
Hi Paola! Apologies for the delayed response. It is always a best practice to test your newly incoming patches in an environment similar to your organizational setup. Take a look at our automated Test & Approval of patches that will make it easier for you – https://www.manageengine.com/patch-management/test-and-approve-patches.html. How to video – https://youtu.be/P2UqDc-Jz6Q