The latest software updates have been issued by Microsoft to fix close to 60 security problems in both Windows and software developed to work on top of the operating system. For the most part, the October edition of Patch Tuesday is ‘light’ but does contain some fixes considered critical by Microsoft.
Critical rating fixes
Around 15% of problems patches this week have been designated a critical rating. “Critical” ratings are used for bugs Microsoft believes are in serious need of attention; these are often areas that can be exploited by malware and cybercriminals to take control of a system left vulnerable without assistance from a user.
Included in the October edition is a patch Microsoft originally supplied in late September as an update for an emergency fix to a zero-day flaw in Internet Explorer (CVE-2019-1367) that has been identified as being exploited.
An expert on Windows updates, Woody Leonhard, stated that Microsoft users who used the emergency update on release reported the security update for Internet Explorer had been the cause of printer errors. A fix to address these problems is included in October’s roundup.
The patch for the Internet Explorer zero-day flaw has been available before Patch Tuesday in Windows 10 via cumulative updates, according to security specialists Ivanti, but they noted that a browser roll-up for any systems before Windows 10 will require a manual download and installation.
Vulnerabilities and dangerous bugs
The Windows feature remote Desktop Client, which enables users to interact with a desktop remotely as though they were in front of the chosen personal computer, has also been given Microsoft’s attention. Dangerous bugs have been fixed and on a positive note a bug with critical status can only be used by an attacker if it successfully fools a user into connection to Remote Desktop server being used maliciously, which is a relatively unlikely circumstance.
Additional vulnerabilities addressed by the patch comprised two security holes discovered in versions of Microsoft Excel from between 2010 and 2019 for both Windows and Mac, and also in O365. The weak spots left unfixed could potentially allow the installation of malware if an attacker was successful in convincing a user to click on a rigged Office file.
As a rule, if using Windows 10, users will find it prefers to install all patches in one go then reboot your personal computer according to its own specific schedule. Staying on top of and implementing Windows patches is a sensible working practice to get into, but ensuring you back-up all your essential files before carrying out an update is to be advised. If something should go wrong and you experience a problem with a patch, you won’t need to worry about your data being lost.
As experts in Microsoft technology including Office 365 and SharePoint, at WM Reply we’re uniquely placed to assist you with your business problems. We know each company has its own unique intranet needs, which is why we craft bespoke solutions using the most updated versions of Microsoft products. For help and advice contact our friendly team of professionals.