Are you ready for October’s Patch Tuesday? We here at Automox are monitoring all the major services and feeds to make sure we are up to date with the latest information and released. In an effort to keep the myriad of patches released today together, we are providing an index of the major patches as they become available. This patch index will be live throughout the day so be sure to check back often to make sure you are up to date with the latest information. We will publish a recap and breakdown blog tomorrow and you can register for our Patch Tuesday Webinar, hosted Thursday, here.
Updated Live. Last Update 11:44 AM Oct. 8 2019.
 Microsoft |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Latest Servicing Stack Updates | ADV990001 | Critical |
| Internet Explorer 9, 10, 11 and Microsoft Edge | Microsoft Browser Spoofing Vulnerability | CVE-2019-0608 | Important |
| Windows 8, 10 and Server 2012, 2016, 2019 | MS XML Remote Code Execution Vulnerability | CVE-2019-1060 | Critical |
| Microsoft SharePoint 2013 and 2016 | Microsoft Office SharePoint XSS Vulnerability | CVE-2019-1070 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows NTLM Tampering Vulnerability | CVE-2019-1166 | Important |
| Windows 10 and Server 2019 | Hyper-V Information Disclosure Vulnerability | CVE-2019-1230 | Important |
| Internet Explorer 9, 10, 11 | VBScript Remote Code Execution Vulnerability | CVE-2019-1238 | Critical |
| Internet Explorer 11 | VBScript Remote Code Execution Vulnerability | CVE-2019-1239 | Critical |
| Microsoft Edge | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2019-1307 | Critical |
| Microsoft Edge | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2019-1308 | Critical |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Imaging API Remote Code Execution Vulnerability | CVE-2019-1311 | Important |
| SQL Server Management Studio | SQL Server Management Studio Information Disclosure Vulnerability | CVE-2019-1313 | Important |
| Windows 10 Mobile | Windows 10 Mobile Security Feature Bypass Vulnerability | CVE-2019-1314 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2019-1315 | Important |
| Windows 10 and Server 2016, 2019 | Microsoft Windows Setup Elevation of Privilege Vulnerability | CVE-2019-1316 | Important |
| Windows 10 and Server 2016, 2019 | Microsoft Windows Denial of Service Vulnerability | CVE-2019-1317 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Microsoft Windows Transport Layer Security Spoofing Vulnerability | CVE-2019-1318 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2019-1319 | Important |
| Windows 10 and Server 2019 | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2019-1320 | Important |
| Windows 10 and Server 2019 | Microsoft Windows CloudStore Elevation of Privilege Vulnerability | CVE-2019-1321 | Important |
| Windows 10 and Server 2019 | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2019-1322 | Important |
| Windows 10 and Server 2019 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | CVE-2019-1323 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows redirected Drive Buffering System Elevation of Privilege Vulnerability | CVE-2019-1325 | Moderate |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | CVE-2019-1326 | Important |
| Microsoft Excel 2010, 2013, 2016, 2019 and Office 365 ProPlus | Microsoft Excel Remote Code Execution Vulnerability | CVE-2019-1327 | Important |
| Microsoft SharePoint 2010, 2013, 2016 | Microsoft SharePoint Spoofing Vulnerability | CVE-2019-1328 | Important |
| Microsoft SharePoint 2010, 2013, 2016 | Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2019-1329 | Important |
| Microsoft SharePoint 2010, 2013, 2016 | Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2019-1330 | Important |
| Microsoft Excel 2010, 2013, 2016, 2019 | Microsoft Excel Remote Code Execution Vulnerability | CVE-2019-1331 | Important |
| Windows 7, 8 10 and Server 2008, 2012, 2016, 2019 | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2019-1333 | Critical |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Kernel Information Disclosure Vulnerability | CVE-2019-1334 | Important |
| Microsoft Edge | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2019-1335 | Critical |
| Windows 10 and Server 2019 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | CVE-2019-1336 | Important |
| Windows 10 and Server 2019 | Windows Update Client Information Disclosure Vulnerability | CVE-2019-1337 | Important |
| Windows 7 and Server 2008 | Windows NTLM Security Feature Bypass Vulnerability | CVE-2019-1338 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2019-1339 | Important |
| Windows 10 and Server 2019 | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2019-1340 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Power Service Elevation of Privilege Vulnerability | CVE-2019-1341 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2019-1342 | Important |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Denial of Service Vulnerability | CVE-2019-1343 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Microsoft Code Integrity Module Information Disclosure Vulnerability | CVE-2019-1344 | Important |
| Windows 10 and Server 2016, 2019 | Windows Kernel Information Disclosure Vulnerability | CVE-2019-1345 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Denial of Service Vulnerability | CVE-2019-1346 | Important |
| Windows 7, 8, 10 and Server 2012, 2016, 2019 | Windows Denial of Service Vulnerability | CVE-2019-1347 | Important |
| Microsoft Edge | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | CVE-2019-1356 | Important |
| Internet Explorer 10, 11 and Edge | Microsoft browser Spoofing Vulnerability | CVE-2019-1357 | Important |
| Windows 8, 10 and Server 2012, 2016, 2019 | Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-1358 | Important |
| Windows 8, 10 and Server 2012, 2016, 2019 | Jet Database Engine Remote Code Execution Vulnerability | CVE-2019-1359 | Important |
| Windows 7 and Server 2008 | Microsoft Graphics Components Information Disclosure Vulnerability | CVE-2019-1361 | Important |
| Windows 7 and Server 2008 | Win32k Elevation of Privilege Vulnerability | CVE-2019-1362 | Critical |
| Windows 7 and Server 2008 | Windows GDI Information Disclosure Vulnerability | CVE-2019-1363 | Important |
| Windows 7 and Server 2008 | Win32k Elevation of Privilege Vulnerability | CVE-2019-1364 | Important |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Microsoft IIS Server Elevation of Privilege Vulnerability | CVE-2019-1365 | Important |
| Microsoft Edge | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2019-1366 | Critical |
| Windows 10 and Server 2019 | Windows Secure Booth Security Feature Bypass Vulnerability | CVE-2019-1368 | Important |
| Open Enclave SDK | Open Enclave SDK Information Disclosure Vulnerability | CVE-2019-1369 | Important |
| Internet Explorer 9, 10, 11 | Internet Explorer Memory Corruption Vulnerability | CVE-2019-1371 | Important |
| Azure App Service | Azure App Service Remote Code Execution Vulnerability | CVE-2019-1372 | Critical |
| Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2019-1375 | Important |
| SQL Server Management Studio | SQL Server Management Studio Information Disclosure Vulnerability | CVE-2019-1376 | Important |
 Apple |
|||
| Product |
Title
|
Identifier
|
Severity
|
|
iTunes
|
iTunes 12.10.1 for Windows
|
N/A | |
|
iCloud
|
iCloud for Windows 7.14
|
N/A | |
|
iCloud
|
iCloud for Windows 10.7
|
N/A | |
| macOS |
macOS Catalina 10.15
|
N/A | |
Want a more in-depth discussion about this month's Patch Tuesday releases? Join Richard Melick on Thursday, October 10th, at 1:00 pm EST for Automox's Automating Patch Tuesday Webinar. Even if you can't make it, we'll send you a recording to watch at your leisure. Sign up below!
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
