This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.
This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns.
This month’s Patch Tuesday is medium in size, with 47 vulnerabilities covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Critical apply to Hyper-V and could lead to RCE on the host system.
To ease up the process of patch management, the Patch Management filter head, under View Definitions, lets you further refine a machine ID / machine group filter based on different patch status attributes/conditions, as seen below:
View filtering can be applied under allfunction pages by selecting a specific View from the drop-down list or Create New.
This month’s Patch Tuesday is medium in weight, with 54 CVEs containing 17 Critical. All but two of the Critical vulnerabilities are in Microsoft’s browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well.