⚡ TL;DR - Go Straight to the October 2019 Patch Tuesday Audit Report.

'Quiet' October 2019 Patch Tuesday Without Zero-Days

Microsoft released its October Patch Tuesday 2019 software updates and two advisories to address a total of 59 vulnerabilities in its Windows operating systems and other products. Including 9 classified as critical.

Microsoft has been patching actively exploited zero-day vulnerabilities on a monthly basis, but none of the security vulnerabilities patched this month is being listed as publicly known or under active attack. That's a change of pace compared to previous Patch Tuesday updates and the emergency Internet Explorer patch that was published to mitigate a critical Zero-Day Vulnerability in September.

Microsoft has also put up a reminder for Windows 7 and Windows Server 2008 R2 users, warning them that the extended support for Windows 7 and Windows Server 2008 R2 is about to end as of January 14, 2020.

Run the Windows 7 End of Life Audit Report

The October 2019 security updates are now available.

For more details, see https://t.co/sqNJoxQvH5.



As a reminder, as of 1/14/2020 Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving security updates. Please update your OS! — Security Response (@msftsecresponse) October 8, 2019

Two NTLM Authentication Vulnerabilities Patched

Two New Technology LAN Manager (NTLM) authentication vulnerabilities were fixed today that bypass protections put in place by Microsoft to prevent NTLM relay attacks. These vulnerabilities were assigned CVE IDs CVE-2019-1166 and CVE-2019-1338 and allow attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication.

If exploited, this vulnerability could cause all Active Directory (AD) customers with default configurations to be vulnerable to a MIC bypass that allows for an NTLM relay attack.

Other interesting vulnerabilities found in the October 2019 Patch Tuesday are two RCE bugs in the VBScript Engine, while the other resides in the Remote Desktop client.

CVE-2019-1238 - VBScript Remote Code Execution Vulnerability

- VBScript Remote Code Execution Vulnerability CVE-2019-1239 - VBScript Remote Code Execution Vulnerability

- VBScript Remote Code Execution Vulnerability CVE-2019-1333 - Remote Desktop Client Remote Code Execution Vulnerability

Run the October Patch Tuesday Audit Report

Similar to previous months, we've created an audit report which checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Run the October 2019 Patch Tuesday Audit

October 2019 Patch Tuesday Audit - Click to Enlarge

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.