October Patch Tuesday is here. While the next two weeks are going to be busy for system administrators as they hustle to test and deploy updates, once the cyberthreats are handled, we can all enjoy the fall festivities in peace. This Patch Tuesday has Microsoft releasing security fixes to address 87 vulnerabilities, out of which 12 are classified as Critical, 74 as Important, and one as Moderate.

After an initial discussion about the updates released, we’ll offer our advice for devising a plan to handle patch management for remote devices.

What is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of every month. It is on this day that Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins are well-informed and have time to gear up for the new updates.

Why is Patch Tuesday important?

The most important security updates and the patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually, zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.

Highlights of October Patch Tuesday

Security updates were released for the following lineup of products:

  • Microsoft Windows

  • Microsoft Office and Microsoft Office Services and Web Apps

  • Microsoft JET Database Engine

  • Azure Functions

  • Azure Sphere

  • Open Source Software

  • Microsoft Exchange Server

  • Visual Studio

  • PowerShellGet

  • Microsoft .NET Framework

  • Microsoft Dynamics

  • Adobe Flash Player

  • Microsoft Windows Codecs Library

Zero-day vulnerabilities and public disclosures 

No zero-day vulnerabilities were patched this month, but Microsoft did release patches for six publicly disclosed vulnerabilities. Fortunately, none of them have been exploited. Here is the list:

  • CVE-2020-16938 – Windows Kernel Information Disclosure Vulnerability

  • CVE-2020-16885 – Windows Storage VSP Driver Elevation of Privilege Vulnerability

  • CVE-2020-16901 – Windows Kernel Information Disclosure Vulnerability

  • CVE-2020-16908 – Windows Setup Elevation of Privilege Vulnerability

  • CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability

  • CVE-2020-16937 – .NET Framework Information Disclosure Vulnerability

Critical and noteworthy updates

Though there are no zero-days today, there are a few noteworthy remotely executable vulnerabilities that have been patched:

The critical vulnerabilities patched have the following CVE IDs:

CVE-2020-16911, CVE-2020-16923, CVE-2020-16947, CVE-2020-17003, CVE-2020-16951, CVE-2020-16952, CVE-2020-16898, CVE-2020-16967, CVE-2020-16968, CVE-2020-16891, and CVE-2020-16915 

Adobe updates

Adobe has released updates for Adobe Flash Player, fixing a critical remote code execution vulnerability in the product. The vulnerability is tracked as CVE-2020-9746. When successfully exploited, the vulnerability could lead to a crash that will then allow attackers to execute commands on the target computers remotely. This vulnerability can be fixed by installing Adobe Flash Player as soon as possible. 

Best practices to handle patch management in the current work-from-home scenario

In the wake of COVID-19, most organizations have opted to completely shift to remote work. This decision poses various challenges to IT admins, especially in terms of managing and securing endpoints. Here are a few pointers to ease the process of remote patching.

  • Disable automatic updates, as one faulty patch might bring down the whole system. IT admins can educate end-users on how to disable automatic updates on their machines. Patch Manager Plus and Desktop Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.

  • Create a restore point, a backup or image that captures the state of the machines, before deploying big updates like those from Patch Tuesday.

  • Establish a patching schedule and keep end-users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end-users know what has to be done from their end—for instance, that they need to connect to the VPN for three hours from 6pm to 9pm.

  • Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.

  • Since most users are working from home, they might not adhere to strict timings; therefore, allow end-users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience, thereby not disrupting their work. Our patch management products come with options for user-defined deployment and reboot.

  • Most organizations are patching using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical and security updates first. You might want to hold off on deploying feature packs and cumulative updates, as they are bulky updates and consume too much bandwidth.

  • Schedule the non-security updates, as well as security updates that are not rated Critical, to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.

  • Run patch reports to get a detailed view of the health status of your endpoints.

With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor the patch tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure. 

Having a robust patch management solution will only help if you have a clear strategy for dealing with the vulnerabilities in your network. Check out our e-book on the 7 essential vulnerability management questions answered to get a clear idea of how to patch a complex, diverse network. 

Want to learn about the Patch Tuesday updates in detail? Join our experts as they break down the Patch Tuesday updates and offer in-depth analysis. You can also ask our experts questions and have them answered right away. Register for our free Patch Tuesday webinar!

The post October Patch Tuesday fixes 87 vulnerabilities, 6 of them publicly disclosed appeared first on ManageEngine Blog.

*** This is a Security Bloggers Network syndicated blog from ManageEngine Blog authored by Karthika Surendran. Read the original post at: https://blogs.manageengine.com/desktop-mobile/patch-manager-plus/2020/10/14/october-patch-tuesday-fixes-87-vulnerabilities-6-of-them-publicly-disclosed.html

Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884