The second Tuesday of the month is here, which, in the IT world, means it’s Patch Tuesday. It’s important to patch diligently and regularly to keep cyberthreats and attacks away. This month, Microsoft has released security fixes to address 50 vulnerabilities out of which five are classified as Critical and 45 as Important. Seven zero-days have also been patched of which six have been actively exploited.
In this blog, we’ll talk about the updates released and offer our advice for how to handle patch management in a hybrid work environment. You can also register for our free Patch Tuesday webinar and listen to our experts break down this month’s Patch Tuesday updates in detail.
What is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of every month. It’s on this day that Microsoft releases both security and non-security updates for its operating system and other related applications. Since Microsoft has been consistent about when it releases these updates, IT admins are well-prepared for the release of Patch Tuesday updates.
Why is Patch Tuesday important?
Important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. If there are any zero-day vulnerabilities, these are also fixed during Patch Tuesday with some exceptions for critical and highly exploited vulnerabilities, in which case an out-of-band security update is released to address that particular vulnerability.
Highlights of June’s Patch Tuesday
Security updates were released for the following lineup of products:
-
.NET Core & Visual Studio
-
Microsoft Intune
-
Microsoft Office
-
Microsoft Scripting Engine
-
Microsoft Windows Codecs Library
-
Windows Defender
-
Windows Kernel
-
Windows NTFS
-
Windows Remote Desktop
One publicly disclosed and 6 actively exploited zero-day vulnerabilities patched
Six actively exploited zero-day vulnerabilities were patched this month. Here is the list
|
CVE IDs |
Component |
Impact |
Status |
|
Windows Kernel |
Information disclosure |
Actively exploited |
|
|
Windows NTFS |
Elevation of privilege |
Actively exploited |
|
|
Microsoft DWM Core Library |
Elevation of privilege |
Actively exploited |
|
|
Windows MSHTML Platform |
Remote code execution |
Actively exploited |
|
|
Microsoft Enhanced Cryptographic Provider |
Elevation of privilege |
Actively exploited |
|
|
Microsoft Enhanced Cryptographic Provider |
Elevation of privilege |
Actively exploited |
|
|
Windows Remote Desktop Services |
Denial of service |
Publicly disclosed but not actively exploited |
Critical updates released
There are five Critical updates released this Patch Tuesday, the details of which can be found in the table below:
|
CVE ID |
Product |
Title |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|
|
Microsoft Scripting Engine |
Scripting Engine Memory Corruption Vulnerability |
|
|
Microsoft Windows Codecs Library |
VP9 Video Extensions Remote Code Execution Vulnerability |
|
|
Windows Defender |
Microsoft Defender Remote Code Execution Vulnerability |
|
|
Windows MSHTML Platform |
Windows MSHTML Platform Remote Code Execution Vulnerability |
Best practices to handle patch management in a hybrid work environment
Many organizations have opted to embrace remote work even after they were cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints. Here are a few pointers to help simplify the process of remote patching.
-
Disable automatic updates, because all it takes is one faulty patch to bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Desktop Central also have a dedicated patch that can be deployed to endpoints to ensure that automatic updates are disabled.
-
Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.
-
Establish a schedule for patching and keep end users informed about it. Let end users know what needs to be done on their end—for instance, connecting to the VPN during a specified time.
-
Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches don’t interfere with the workings of other applications.
-
Allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience so it doesn’t disrupt their work. ManageEngine’s patch management products come with user-defined deployment and rebooting options.
-
Some organizations use a VPN to deploy patches. To stop patch deployment tasks from eating up your VPN bandwidth, install Critical and zero-day updates first.
-
Schedule non-security updates and security updates that are not rated Critical to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
-
Run patch reports to get a detailed view of the health status of your endpoints.
-
For back-to-the-office machines, check if they are compliant with your security policies. If not, quarantine them.
-
Install the latest updates and feature packs before deeming your back-to-the-office machines fit for production.
-
Take inventory of applications and remove any that are now obsolete for your back-to-the-office machines, like remote collaboration software.
With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor patch tasks according to your current situation. For a hands-on experience with either of these products, you can try a free, 30-day trial and keep all your applications and operating systems patched and secure.
Want to learn about the Patch Tuesday updates? Join our experts as they break down Patch Tuesday. Have questions you’d like to ask? Our experts are ready to answer them. Register for our free Patch Tuesday webinar!
Im not seeing these CVEs in our desktop central “Zero Day vulnerability’s” or in “Detected CVE’s”
Hi David,
You can find the CVE IDs under the ‘Critical Vulnerabilities’ tab.