Automox Patch Tuesday Rapid Response Center.

So you can eliminate your emerging endpoint vulnerabilities before they’re exploited.

SAVE YOUR SPOT: November Action Plan

Every Patch Tuesday, speed is your biggest advantage for ensuring the security of your infrastructure. It’s a race to harden your endpoints before adversaries exploit these new vulnerabilities.

Automox is here for you. Our experts analyze Patch Tuesday announcements from Microsoft, Adobe, and more to give you strategies for acting now. Turn here for intelligence alerts, recommended remediation strategies for current vulnerabilities and exploits, and a live webinar that breaks down these new threats.

HAPPENING NOW

date

October 2020

Patch Tuesday Action Plan

11
critical
76
high
2
medium
0
low
1
critical
0
high
0
medium
0
low
90
Vulnerabilities
12
Critical
0
Zero-days
details

While October’s Patch Tuesday presents us with a lighter load than what we’ve grown accustomed to over the course of 2020, we still have 89 Microsoft patches and a bevy of critical RCE vulnerabilities to contend with this month.

The number of vulnerabilities patched by Microsoft is a bit lighter this month than the last few months, but the number of RCEs still stays somewhat steady. This presents a challenge to IT Ops and Sec Ops teams to patch these RCEs as soon as possible.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Thank you! The latest vulnerability news and insights will be delivered right to your inbox!

Previous Action Plans

date

September 2020

Patch Tuesday Action Plan

23
critical
106
high
0
medium
0
low
12
critical
6
high
0
medium
0
low
0
critical
4
high
3
medium
3
low
157
Vulnerabilities
35
Critical
0
Zero-days
details

This month, Microsoft has released fixes for 129 vulnerabilities. Of these, 23 patches are rated as critical and seven as important. Windows admins are going to have their hands full this month, especially given the trend of 100-plus patching updates we’ve seen for the last several months.

For September, Adobe and Mozilla have also released a number of patches with critical and high severity ratings. As the remote work trend continues to grow, many organizations are finding that managing endpoints with legacy, on-premise solutions is an inefficient approach. And with such heavy patching loads coming out every month, the need for speed and efficiency is becoming even more pronounced.

date

August 2020

Patch Tuesday Action Plan

17
critical
103
high
0
medium
0
low
25
critical
19
high
0
medium
0
low
0
critical
6
high
5
medium
4
low
179
Vulnerabilities
42
Critical
1
Zero-days
details

Microsoft has released 120 vulnerabilities, 17 of which are deemed Critical. There is one zero-day, CVE-2020-1380, and one publicly disclosed vulnerability, CVE-2020-1464. However, this month’s patch update showcases that CVSS rating isn’t the end-all, be-all of patching, as one of this month’s exploited vulnerabilities is rated important. Any vulnerability can be exploited, regardless of its rating.

For August, Adobe has also released fixes for Lightroom, Acrobat and Reader. Additionally, Adobe released a number of out-of-band patches throughout July, highlighting the importance of keeping a close eye on your patch status.

date

July 2020

Patch Tuesday Action Plan

18
critical
105
high
0
medium
0
low
4
critical
9
high
0
medium
0
low
1
critical
7
high
5
medium
2
low
151
Vulnerabilities
23
Critical
0
Zero-days
details

Microsoft has released 123 new security vulnerabilities, 18 of which are deemed Critical. One vulnerability is particularly concerning. CVE-2020-1350 is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server and is classified as a ‘wormable’ vulnerability with a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

Previous to Patch Tuesday, Microsoft released 2 out-of-band patches addressing two remote code execution (RCE) vulnerabilities. Adobe released multiple security vulnerabilities for a variety of products while Mozilla released a number of patches for Firefox, Firefox ESR, and Thunderbird. More updates to come throughout the day.

date

June 2020

Patch Tuesday Action Plan

11
critical
109
high
7
medium
2
low
4
critical
6
high
0
medium
0
low
0
critical
6
high
1
medium
2
low
148
Vulnerabilities
15
Critical
0
Zero-days
details

Microsoft continues on their trend of triple-digit vulnerabilities with 129 in June. Of these, 11 are rated critical. The June Patch Tuesday is not short of updates for the Microsoft ecosystem. From Windows OS to browsers, Sharepoint to SMBv3, the release of these patches goes to show that an organization needs to have a proactive approach to endpoint hardening as these can add up month after month if left unaddressed.

Adobe released three updates addressing a number of vulnerabilities. These updates include three critical vulnerabilities in Adobe Framemaker and one critical vulnerability in Adobe Flash Player. Mozilla also released updates earlier in the month for Firefox, Firefox ESR, and Thunderbird. View our Patch Index for further details about the latest patch updates.

date

May 2020

Patch Tuesday Action Plan

16
critical
95
high
0
medium
0
low
41
critical
27
high
3
medium
0
low
3
critical
3
high
5
medium
2
low
195
Vulnerabilities
60
Critical
0
Zero-days
details

Microsoft released patches to address 111 new vulnerabilities, with 16 critical vulnerabilities. Notable vulnerabilities include CVE-2020-1023, CVE-2020-1102, and CVE-2020-1135. May continues the “New Normal” of triple-digit vulnerabilities!

We've included security updates released between last Patch Tuesday and this one, including advisories for Adobe Bridge, Illustrator, Magento, Acrobat and Reader, and DNG Software Development Kit. Mozilla released three critical security advisories for Firefox 76, Firefox ESR 68.8, and Thunderbird 68.8.0 as well as one moderate advisory for Firefox for iOS 25. View our May Patch Index for more info.

date

April 2020

Patch Tuesday Action Plan

15
critical
98
high
0
medium
0
low
30
critical
17
high
0
medium
0
low
2
critical
5
high
3
medium
0
low
170
Vulnerabilities
47
Critical
5
Zero-days
details

Mozilla Firefox and Adobe both released security updates between last Patch Tuesday and this one, so we've included their fixes here. Firefox had 2 notable zero-days that you'll want to fix.

This month, Microsoft is rolling out security fixes for a total of 113 vulnerabilities, 15 of which are rated critical. April’s Patch Tuesday rollout also features patches for three actively exploited zero-day vulnerabilities and two publicly disclosed vulnerabilities. Earlier in the month, an out-of-band patch for a Windows 10 Internet connectivity issue was also released.

Due to current events, many organizations have seen their remote workforce expand dramatically, seemingly overnight. Patching remote devices with legacy technology can be cumbersome in the modern tech landscape, for both IT staff and remote workers. Regardless, deploying security updates quickly remains as important as ever.

date

March 2020

Patch Tuesday Action Plan

26
critical
88
high
1
medium
0
low
0
critical
5
high
6
medium
1
low
127
Vulnerabilities
26
Critical
0
Zero-days
details

With a record month for CVEs last month, we expected March to be a light release. Boy were we wrong! Microsoft dropped off 115 CVEs, 26 of which were deemed critical. To add on, Firefox released 12 vulnerabilities for Firefox 74 and Firefox ESR68.6. View our Patch Index below for full details.

View the Automox Automating Patch Tuesday Webinar: March 2020 with Patch Tuesday expert Jay Goodman. During the webinar, we highlighted key vulnerability dislcosures that may require immediate action within your environment.

date

February 2020

Patch Tuesday Action Plan

12
critical
87
high
0
medium
0
low
35
critical
5
high
2
medium
0
low
0
critical
3
high
6
medium
1
low
151
Vulnerabilities
47
Critical
1
Zero-days
details

Microsoft released fixes for 99 security vulnerabilities this month, 12 of which are rated critical -- nearly double the number of patches we saw in January. February’s update also includes a fix for a zero-day vulnerability in Internet Explorer that’s being actively exploited in the wild. Microsoft suggests patching for these vulnerabilities as soon as possible.

Adobe released patches to 35 critical security vulnerabilities, with 21 in Framemaker, 12 in Acrobat and Reader, one in Digital Editions, and one in Flash Player. Mozilla also released updates for Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5.

date

January 2020

Patch Tuesday Action Plan

8
critical
41
high
0
medium
0
low
5
critical
3
high
1
medium
0
low
1
critical
5
high
5
medium
1
low
70
Vulnerabilities
14
Critical
1
Zero-days
details

The first Patch Tuesday of 2020 brought 49 Microsoft vulnerabilities, 8 of which were deemed critical. This Patch Tuesday also marks the Windows 7 and Server 2008 End-of-Lives, which explains the 23 security fixes for those two products.

View the Automox Automating Patch Tuesday webinar below for insight around the dangerous vulnerability discovered by the NSA, multiple new remote code execution vulnerabilities, and in-depth discussion around the latest Microsoft and third-party patches.

date

December 2019

Patch Tuesday Action Plan

7
critical
28
high
1
medium
0
low
2
critical
2
high
0
medium
0
low
0
critical
6
high
5
medium
0
low
52
Vulnerabilities
9
Critical
1
Zero-days
details

December's Patch Tuesday gave us 60 total vulnerabilities, 9 of which were critical. Microsoft dropped off 36 vulnerabilities with 7 of those being critical and CVE-2019-1458 being the lone zero-day. Check out the Automox patch index for all the patches released in one easy location. That includes Microsoft, Adobe, Apple, and Mozilla Firefox.

Make your holidays brighter by checking out our Patch Tuesday webinar. Richard Melick, Automox Technology Raconteur, covers December's patches and their security impact, big releases in the OS space and third-party software patches, and showcases how Automox can help tackle your Patch Tuesdays.

date

November 2019

Patch Tuesday Action Plan

13
critical
60
high
0
medium
1
low
3
critical
8
high
0
medium
0
low
0
critical
5
high
0
medium
0
low
100
Vulnerabilities
16
Critical
1
Zero-days
details

For November 2019, we're looking at 74 vulnerability fixes from Microsoft, over a dozen of which are rated “critical.” This includes resolving a zero-day vulnerability in Internet Explorer that was actively being exploited in the wild, as well as a patch for a publicly disclosed vulnerability. With patching, time is truly of the essence – but especially when it comes to zero days.

Adobe has also released three critical security updates related to memory corruption vulnerabilities that can lead to remote code execution.

date

October 2019

Patch Tuesday Action Plan

0
critical
49
high
1
medium
0
low
2
critical
22
high
0
medium
0
low
83
Vulnerabilities
11
Critical
0
Zero-days
details

October was a relatively quiet month in terms of patching. Microsoft released fixes for 59 vulnerabilities, nine of which were Critical. Apple released security updates for select versions of iCloud, iTunes and Catalina macOS. A patch was made available to address a major zero-day vulnerability for Android devices. While Google normally rolls out patches for its own devices, multiple Android carriers released their own patches to address this potential threat.

In a rare update at the end of September, Microsoft released out-of-band updates for all versions of Windows. These patches addressed critical Internet Explorer and Windows Defender bugs. Adobe also released an emergency patch to address a series of critical vulnerabilities for ColdFusion.

date

September 2019

Patch Tuesday Action Plan

17
critical
62
high
1
medium
0
low
2
critical
1
high
0
medium
0
low
83
Vulnerabilities
19
Critical
2
Zero-days
details

In September, Microsoft released 80 updates, 17 of which were Critical. Three of the vulnerabilities addressed were publicly disclosed – and two had known exploits. Microsoft recommended users apply available updates as soon as possible to safeguard against potential threats. A majority of the patches released from Microsoft focused on Windows 10, but some addressed bugs in the Windows 7 ecosystem.

Security updates from Adobe for Flash Player and Application Manager were also available. Adobe recommends that users patch Flash Player immediately due to critically rated vulnerabilities.