⚡ TL;DR - Go Straight to the October 2019 Patch Tuesday Audit Report.
'Quiet' October 2019 Patch Tuesday Without Zero-Days
Microsoft released its October Patch Tuesday 2019 software updates and two advisories to address a total of 59 vulnerabilities in its Windows operating systems and other products. Including 9 classified as critical.
Microsoft has been patching actively exploited zero-day vulnerabilities on a monthly basis, but none of the security vulnerabilities patched this month is being listed as publicly known or under active attack. That's a change of pace compared to previous Patch Tuesday updates and the emergency Internet Explorer patch that was published to mitigate a critical Zero-Day Vulnerability in September.
Microsoft has also put up a reminder for Windows 7 and Windows Server 2008 R2 users, warning them that the extended support for Windows 7 and Windows Server 2008 R2 is about to end as of January 14, 2020.
Two NTLM Authentication Vulnerabilities Patched
Two New Technology LAN Manager (NTLM) authentication vulnerabilities were fixed today that bypass protections put in place by Microsoft to prevent NTLM relay attacks. These vulnerabilities were assigned CVE IDs CVE-2019-1166 and CVE-2019-1338 and allow attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication.
If exploited, this vulnerability could cause all Active Directory (AD) customers with default configurations to be vulnerable to a MIC bypass that allows for an NTLM relay attack.
Other interesting vulnerabilities found in the October 2019 Patch Tuesday are two RCE bugs in the VBScript Engine, while the other resides in the Remote Desktop client.
- CVE-2019-1238 - VBScript Remote Code Execution Vulnerability
- CVE-2019-1239 - VBScript Remote Code Execution Vulnerability
- CVE-2019-1333 - Remote Desktop Client Remote Code Execution Vulnerability
Run the October Patch Tuesday Audit Report
Similar to previous months, we've created an audit report which checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.