Welcome to February’s Automox Patch Tuesday breakdown. This month’s patch Tuesday is larger than normal, with a total of 78 vulnerabilities covered for both Microsoft and Adobe products. This month, a total of 20 of these vulnerabilities are deemed critical by Microsoft.
It’s also important to note that this time around at least two of the vulnerabilities, while not deemed critical by Microsoft, have been publicly disclosed and at least one has been publicly exploited in the wild. It’s more important than ever to ensure that you get your systems patched in a timely manner.
First, we’ll summarize this month’s 20 critical vulnerabilities. All 20 of these vulnerabilities allow for remote code execution if an attacker properly utilizes them. They are found across a range of products from browsers (Edge and Explorer) to Adobe Flash Player, MS Sharepoint, and multiple operating systems (Windows 8.1, Windows Server 2008, 2012, and 2016, Windows 7, and Windows 10).
Next, there are at least two vulnerabilities that have been publicly disclosed, which means that exploitation may be more likely than normal:
- CVE-2019-0636 Windows Information Disclosure Vulnerability
- CVE-2019-0686 Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2019-0676 Internet Explorer Information Disclosure Vulnerability
Aside from the vulnerabilities outlined above, Microsoft issued over 2,500 distinct patches for over 70 different vulnerabilities this month alone, highlighting the difficulty that system administrators face in confidently and consistently keeping their operating systems and applications patched in order to mitigate unknown security risks in their environments.
Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any of these vulnerabilities. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, Mac, and Linux operating systems.
Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month (see video below). Alternatively, you may contact our support team for any technical assistance at firstname.lastname@example.org.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.