Automox Patch Tuesday Breakdown: February 2019

Welcome to February’s Automox Patch Tuesday breakdown. This month’s patch Tuesday is larger than normal, with a total of 78 vulnerabilities covered for both Microsoft and Adobe products. This month, a total of 20 of these vulnerabilities are deemed critical by Microsoft.

It’s also important to note that this time around at least two of the vulnerabilities, while not deemed critical by Microsoft, have been publicly disclosed and at least one has been publicly exploited in the wild. It’s more important than ever to ensure that you get your systems patched in a timely manner.

First, we’ll summarize this month’s 20 critical vulnerabilities. All 20 of these vulnerabilities allow for remote code execution if an attacker properly utilizes them. They are found across a range of products from browsers (Edge and Explorer) to Adobe Flash Player, MS Sharepoint, and multiple operating systems (Windows 8.1, Windows Server 2008, 2012, and 2016, Windows 7, and Windows 10).

Next, there are at least two vulnerabilities that have been publicly disclosed, which means that exploitation may be more likely than normal:

  • CVE-2019-0636 Windows Information Disclosure Vulnerability
  • CVE-2019-0686 Microsoft Exchange Server Elevation of Privilege Vulnerability
    Publicly exploited:
  • CVE-2019-0676 Internet Explorer Information Disclosure Vulnerability

Aside from the vulnerabilities outlined above, Microsoft issued over 2,500 distinct patches for over 70 different vulnerabilities this month alone, highlighting the difficulty that system administrators face in confidently and consistently keeping their operating systems and applications patched in order to mitigate unknown security risks in their environments.

Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any of these vulnerabilities. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, Mac, and Linux operating systems.

Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month (see video below). Alternatively, you may contact our support team for any technical assistance at support@automox.com.

If you are not currently an Automox customer, we invite you to sign up for a free 15-day trial of our cloud-based, automated patch management solution. Visit www.automox.com/signup to get started.

 

Subscribe to Our Newsletter

Stay up to date on all things patch management

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.