Automox Patch Tuesday Rapid Response Center.

So you can eliminate your emerging endpoint vulnerabilities before they’re exploited.

SAVE YOUR SPOT: October Action Plan

Every Patch Tuesday, speed is your biggest advantage for ensuring the security of your infrastructure. It’s a race to harden your endpoints before adversaries exploit these new vulnerabilities.

Automox is here for you. Our experts analyze Patch Tuesday announcements from Microsoft, Adobe, and more to give you strategies for acting now. Turn here for intelligence alerts, recommended remediation strategies for current vulnerabilities and exploits, and a live webinar that breaks down these new threats.

HAPPENING NOW

date

September 2020

Patch Tuesday Action Plan

23 critical
106 high
0 medium
0 low
12 critical
6 high
0 medium
0 low
0 critical
4 high
3 medium
3 low
157
Vulnerabilities
35
Critical
0
Zero-days
details

This month, Microsoft has released fixes for 129 vulnerabilities. Of these, 23 patches are rated as critical and seven as important. Windows admins are going to have their hands full this month, especially given the trend of 100-plus patching updates we’ve seen for the last several months.

For September, Adobe and Mozilla have also released a number of patches with critical and high severity ratings. As the remote work trend continues to grow, many organizations are finding that managing endpoints with legacy, on-premise solutions is an inefficient approach. And with such heavy patching loads coming out every month, the need for speed and efficiency is becoming even more pronounced.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

PREVIOUS ACTION PLANS

date

August 2020

Patch Tuesday Action Plan

17 critical
103 high
0 medium
0 low
25 critical
19 high
0 medium
0 low
0 critical
6 high
5 medium
4 low
179
Vulnerabilities
42
Critical
1
Zero-days
details

Microsoft has released 120 vulnerabilities, 17 of which are deemed Critical. There is one zero-day, CVE-2020-1380, and one publicly disclosed vulnerability, CVE-2020-1464. However, this month’s patch update showcases that CVSS rating isn’t the end-all, be-all of patching, as one of this month’s exploited vulnerabilities is rated important. Any vulnerability can be exploited, regardless of its rating.

For August, Adobe has also released fixes for Lightroom, Acrobat and Reader. Additionally, Adobe released a number of out-of-band patches throughout July, highlighting the importance of keeping a close eye on your patch status.

date

July 2020

Patch Tuesday Action Plan

18 critical
105 high
0 medium
0 low
4 critical
9 high
0 medium
0 low
1 critical
7 high
5 medium
2 low
151
Vulnerabilities
23
Critical
0
Zero-days
details

Microsoft has released 123 new security vulnerabilities, 18 of which are deemed Critical. One vulnerability is particularly concerning. CVE-2020-1350 is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server and is classified as a ‘wormable’ vulnerability with a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

Previous to Patch Tuesday, Microsoft released 2 out-of-band patches addressing two remote code execution (RCE) vulnerabilities. Adobe released multiple security vulnerabilities for a variety of products while Mozilla released a number of patches for Firefox, Firefox ESR, and Thunderbird. More updates to come throughout the day.

date

June 2020

Patch Tuesday Action Plan

11 critical
109 high
7 medium
2 low
4 critical
6 high
0 medium
0 low
0 critical
6 high
1 medium
2 low
148
Vulnerabilities
15
Critical
0
Zero-days
details

Microsoft continues on their trend of triple-digit vulnerabilities with 129 in June. Of these, 11 are rated critical. The June Patch Tuesday is not short of updates for the Microsoft ecosystem. From Windows OS to browsers, Sharepoint to SMBv3, the release of these patches goes to show that an organization needs to have a proactive approach to endpoint hardening as these can add up month after month if left unaddressed.

Adobe released three updates addressing a number of vulnerabilities. These updates include three critical vulnerabilities in Adobe Framemaker and one critical vulnerability in Adobe Flash Player. Mozilla also released updates earlier in the month for Firefox, Firefox ESR, and Thunderbird. View our Patch Index for further details about the latest patch updates.

date

May 2020

Patch Tuesday Action Plan

16 critical
95 high
0 medium
0 low
41 critical
27 high
3 medium
0 low
3 critical
3 high
5 medium
2 low
195
Vulnerabilities
60
Critical
0
Zero-days
details

Microsoft released patches to address 111 new vulnerabilities, with 16 critical vulnerabilities. Notable vulnerabilities include CVE-2020-1023, CVE-2020-1102, and CVE-2020-1135. May continues the “New Normal” of triple-digit vulnerabilities!

We've included security updates released between last Patch Tuesday and this one, including advisories for Adobe Bridge, Illustrator, Magento, Acrobat and Reader, and DNG Software Development Kit. Mozilla released three critical security advisories for Firefox 76, Firefox ESR 68.8, and Thunderbird 68.8.0 as well as one moderate advisory for Firefox for iOS 25. View our May Patch Index for more info.

date

April 2020

Patch Tuesday Action Plan

15 critical
98 high
0 medium
0 low
30 critical
17 high
0 medium
0 low
2 critical
5 high
3 medium
0 low
170
Vulnerabilities
47
Critical
5
Zero-days
details

Mozilla Firefox and Adobe both released security updates between last Patch Tuesday and this one, so we've included their fixes here. Firefox had 2 notable zero-days that you'll want to fix.

This month, Microsoft is rolling out security fixes for a total of 113 vulnerabilities, 15 of which are rated critical. April’s Patch Tuesday rollout also features patches for three actively exploited zero-day vulnerabilities and two publicly disclosed vulnerabilities. Earlier in the month, an out-of-band patch for a Windows 10 Internet connectivity issue was also released.

Due to current events, many organizations have seen their remote workforce expand dramatically, seemingly overnight. Patching remote devices with legacy technology can be cumbersome in the modern tech landscape, for both IT staff and remote workers. Regardless, deploying security updates quickly remains as important as ever.

date

March 2020

Patch Tuesday Action Plan

26 critical
88 high
1 medium
0 low
0 critical
5 high
6 medium
1 low
127
Vulnerabilities
26
Critical
0
Zero-days
details

With a record month for CVEs last month, we expected March to be a light release. Boy were we wrong! Microsoft dropped off 115 CVEs, 26 of which were deemed critical. To add on, Firefox released 12 vulnerabilities for Firefox 74 and Firefox ESR68.6. View our Patch Index below for full details.

View the Automox Automating Patch Tuesday Webinar: March 2020 with Patch Tuesday expert Jay Goodman. During the webinar, we highlighted key vulnerability dislcosures that may require immediate action within your environment.

date

February 2020

Patch Tuesday Action Plan

12 critical
87 high
0 medium
0 low
35 critical
5 high
2 medium
0 low
0 critical
3 high
6 medium
1 low
151
Vulnerabilities
47
Critical
1
Zero-days
details

Microsoft released fixes for 99 security vulnerabilities this month, 12 of which are rated critical -- nearly double the number of patches we saw in January. February’s update also includes a fix for a zero-day vulnerability in Internet Explorer that’s being actively exploited in the wild. Microsoft suggests patching for these vulnerabilities as soon as possible.

Adobe released patches to 35 critical security vulnerabilities, with 21 in Framemaker, 12 in Acrobat and Reader, one in Digital Editions, and one in Flash Player. Mozilla also released updates for Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5.

date

January 2020

Patch Tuesday Action Plan

8 critical
41 high
0 medium
0 low
5 critical
3 high
1 medium
0 low
1 critical
5 high
5 medium
1 low
70
Vulnerabilities
14
Critical
1
Zero-days
details

The first Patch Tuesday of 2020 brought 49 Microsoft vulnerabilities, 8 of which were deemed critical. This Patch Tuesday also marks the Windows 7 and Server 2008 End-of-Lives, which explains the 23 security fixes for those two products.

View the Automox Automating Patch Tuesday webinar below for insight around the dangerous vulnerability discovered by the NSA, multiple new remote code execution vulnerabilities, and in-depth discussion around the latest Microsoft and third-party patches.

date

December 2019

Patch Tuesday Action Plan

7 critical
28 high
1 medium
0 low
2 critical
2 high
0 medium
0 low
0 critical
8 high
0 medium
0 low
0 critical
6 high
5 medium
0 low
60
Vulnerabilities
9
Critical
1
Zero-days
details

December's Patch Tuesday gave us 60 total vulnerabilities, 9 of which were critical. Microsoft dropped off 36 vulnerabilities with 7 of those being critical and CVE-2019-1458 being the lone zero-day. Check out the Automox patch index for all the patches released in one easy location. That includes Microsoft, Adobe, Apple, and Mozilla Firefox.

Make your holidays brighter by checking out our Patch Tuesday webinar. Richard Melick, Automox Technology Raconteur, covers December's patches and their security impact, big releases in the OS space and third-party software patches, and showcases how Automox can help tackle your Patch Tuesdays.

date

November 2019

Patch Tuesday Action Plan

13 critical
60 high
0 medium
1 low
3 critical
8 high
0 medium
0 low
0 critical
5 high
0 medium
0 low
0 critical
31 high
0 medium
0 low
0 critical
5 high
0 medium
0 low
136
Vulnerabilities
16
Critical
1
Zero-days
details

For November 2019, we're looking at 74 vulnerability fixes from Microsoft, over a dozen of which are rated “critical.” This includes resolving a zero-day vulnerability in Internet Explorer that was actively being exploited in the wild, as well as a patch for a publicly disclosed vulnerability. With patching, time is truly of the essence – but especially when it comes to zero days.

Adobe has also released three critical security updates related to memory corruption vulnerabilities that can lead to remote code execution.

date

October 2019

Patch Tuesday Action Plan

9 critical
49 high
1 medium
0 low
2 critical
22 high
0 medium
0 low
83
Vulnerabilities
11
Critical
0
Zero-days
details

October was a relatively quiet month in terms of patching. Microsoft released fixes for 59 vulnerabilities, nine of which were Critical. Apple released security updates for select versions of iCloud, iTunes and Catalina macOS. A patch was made available to address a major zero-day vulnerability for Android devices. While Google normally rolls out patches for its own devices, multiple Android carriers released their own patches to address this potential threat.

In a rare update at the end of September, Microsoft released out-of-band updates for all versions of Windows. These patches addressed critical Internet Explorer and Windows Defender bugs. Adobe also released an emergency patch to address a series of critical vulnerabilities for ColdFusion.

date

September 2019

Patch Tuesday Action Plan

2 critical
1 high
0 medium
0 low
17 critical
62 high
1 medium
0 low
83
Vulnerabilities
19
Critical
2
Zero-days
details

In September, Microsoft released 80 updates, 17 of which were Critical. Three of the vulnerabilities addressed were publicly disclosed – and two had known exploits. Microsoft recommended users apply available updates as soon as possible to safeguard against potential threats. A majority of the patches released from Microsoft focused on Windows 10, but some addressed bugs in the Windows 7 ecosystem.

Security updates from Adobe for Flash Player and Application Manager were also available. Adobe recommends that users patch Flash Player immediately due to critically rated vulnerabilities.