January Patch Tuesday: New Year, New Patches

January Patch Tuesday: New Year, New Patches

January Patch Tuesday: New Year, New Patches

The holidays are over. Our batteries are recharged and we’re ready to tackle 2019! The second Tuesday has arrived which means it’s time to get patching…

After last month’s Zero Day challenges (Zero Day being where a new found vulnerability was already being exploited by attackers in the wild), everyone should be comforted to hear Microsoft are advising of no Zero Day vulnerabilities this month. Although, we aren’t completely off the hook as they have addressed a host of vulnerabilities in this month’s release.

Operating System Updates from Windows:

Microsoft resolve a total of 51 vulnerabilities in the Windows Operating System this month (more details here). These span multiple products including Internet Explorer, Edge, Exchange, .NET and more. 7 of these have been rated as ‘Critical’ with the rest rated as ‘Important’.

There is one particularly notable vulnerability this month which affects all Windows operating systems. The ‘CVE-2019-0579 | Jet Database Engine Vulnerability’ could allow an attacker to run code remotely on a victim’s system. The good news is that it still requires a user to open a specially crafted file before it will work so, as always, be wary of opening unknown files.

3rd Party Updates and other news

A very quiet month so far for 3rd Party vendors with Adobe being the only company to release any patches. Acrobat resolves 2 critical vulnerabilities. Other than that, Java are set to release their quarterly update later in the month. This will be the last public update to Java SE 8 as it reaches End of Life. The recommendation from Java is to upgrade to Java JDK 11.

As always, Options are actively patching any and all vulnerabilities highlighted above. Although this month’s Patch Tuesday is lighter than usual, the critical nature of this month’s release means it is imperative that operating systems and 3rd party software products are kept up to date.

– Patrick Collins, Vulnerability Management

Leave a Reply

Your email address will not be published. Required fields are marked *