The Patch Tuesday in October 2019 was smaller than the previous ones. This time not a single zero-day vulnerability has been fixed.
October 9 – Comss.ru, Operating Systems. Microsoft has released regular security updates, which this time turned out to be relatively minor. For more than a year, the company fixed monthly zero-day exploits and 80-90 vulnerabilities each month.
However, not a single zero-day vulnerability has been fixed this month. Microsoft introduced a small set of fixes for 59 security issues, only 9 of which were critical. Theoretically, this means that the likelihood of encountering potential functional impairments and stability issues after installing these updates is minimal.
- Cumulative update KB4517389 for Windows 10, version 1903
- Cumulative update KB4519338 for Windows 10, version 1809
- Cumulative Update KB4520008 for Windows 10, Version 1803
- Security Update KB4520005 for Windows 8.1, October 2019
- Security update KB4519976 for Windows 7, October 2019
Below we provide a brief summary of the key points of the current Tuesday Patches. The list includes information from security bulletins published by other companies. It is well known that many vendors prefer to synchronize the release of their own security updates with Patch Tuesday, so that system administrators can update the system and software called “in one go”.
- All security updates are presented in a table with the ability to sort on the official portal Security Update Guide от Microsoft.
- Additional analysis of Tuesday Patches conducted Cisco Talos, SANS ISC, Tenable и Trend Micro.
- Microsoft fixed a zero-day vulnerability in Internet Explorer during an extraordinary update last month. At first, the patch was available for manual download, but later it began to be distributed through Windows Update.
- This month another issue related to the RDP protocol has been fixed. However, it does not pose such a high risk as BlueKeep and DejaBlue, which could be used to automatically spread malware and exploits like Internet worms.
- This month, Microsoft fixed 4 memory problems in the Chakra Scripting Engine (shipped with Microsoft Edge) that could lead to arbitrary code execution remotely.
- No security updates from Adobe have been submitted this month.
- Also been published Android Security Bulletin. A fix for the recently discovered zero-day vulnerability in Samsung, Huawei, and Xiaomi devices has not yet been submitted.