Needless to say, Monday blues are the worst. Well, how does “Tuesday blues” sound to you? Of course it’s yet another Patch Tuesday, or that time of the month when Windows administrators take one for the team.
This month, Microsoft has released fixes for 129 vulnerabilities, tying with June 2020 for the most patches released on any Patch Tuesday to date. Of these 129 fixes, 23 are classified as Critical, 105 as Important, and one as Moderate.
With today’s workforce being a mix of teleworkers and on-site employees, scheduling and installing this fresh set of patches undoubtedly sounds like a big challenge for IT administrators.
This blog will cover the updates released in this month’s Patch Tuesday, as well as a couple of best practices that we recommend for simplifying remote patch management.
What is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of every month. It is on this day that Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins are well-prepared and have time to gear up for the new updates.
Why is Patch Tuesday important?
The most important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.
What does Patch Tuesday September 2020 have in store for you?
Here are the products for which Microsoft has released security updates.
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Microsoft ChakraCore
- Internet Explorer
- SQL Server
- Microsoft JET Database Engine
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Dynamics
- Visual Studio
- Microsoft Exchange Server
- SQL Server
- ASP.NET
- Microsoft OneDrive
- Azure DevOps
Zero-day vulnerabilities
Despite being tied for the largest Patch Tuesday yet, there are no zero-day vulnerabilities or known unpatched vulnerabilities this month. However, there are quite a few interesting vulnerabilities that can be remotely exploited.
- CVE-2020-16875: Microsoft Exchange memory corruption vulnerability
- CVE-2020-0922: Microsoft COM for Windows remote code execution vulnerability
- CVE-2020-0908: Windows Text Service Module remote code execution vulnerability
Non-security updates
Microsoft has released cumulative updates for Windows 10 that include the non-security updates KB4571756 and KB4574727.
Security updates from other vendors
Adobe has released security updates for Adobe Acrobat, Reader, and Lightstream, whereas Google Chrome 85.0.4183.83 was released with 20 security fixes.
Best practices to handle patch management in the current scenario
The ongoing pandemic has indeed redefined how businesses around the globe operate. Most organizations have completely transitioned to telework, whereas a few organizations are functioning with a mixed bag of employees working on-site as well as from remote locations. These are unforeseen situations that pose various challenges for IT admins, especially in terms of managing and securing endpoints. Here are some pointers that can help simplify remote patching in your organization.
- Disable automatic updates, as one faulty patch might bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Desktop Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.
- Create a restore point, a backup or image that captures the state of the machines, before deploying big updates like those from Patch Tuesday.
- Establish a patching schedule and keep end users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end users know what has to be done from their end—for instance, that they need to connect to the VPN for three hours from 6pm to 9pm.
- Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.
- Since most users are working from home, they might not adhere to strict timings; therefore, allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience, thereby not disrupting their work. Our patch management products come with options for user-defined deployment and reboot.
- Most organizations are patching using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical and security updates first. You might want to hold off on deploying feature packs and cumulative updates, as they are bulky updates and consume too much bandwidth.
- Schedule the non-security updates, as well as security updates that are not rated Critical, to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
- Run patch reports to get a detailed view of the health status of your endpoints.
With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor the patch tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure.
** Optrics Inc. is a ManageEngine partner
The original article can be found here: