- Microsoft patched 129 vulnerabilities this month, making this the seventh month in a row of more than 100.
- This is the fourth consecutive month of more than 120 vulnerabilities.
- Thirty two of the vulnerabilities patched can be attacked remotely and 20 of those 32 are rated as critical.
Microsoft patched at least 120 vulnerabilities this month, at least 17 were classified [by Microsoft] as CRITICAL with the remaining rated important, moderate or low.
Two of the bugs patched this month address zero day vulnerabilities (CVE-2020-1380 and CVE-2020-1464) and at least one of those vulnerabilities is being actively exploited (though no proof of concept code has been made available, as of the time of this writing).
CVE-2020-1472 is a vulnerability in the Netlogon RPC that is being patched in a phased approach this month (initial deployment) and February 2021 (enforcement). We have updated our monitoring for MyIT clients to detect affected endpoints and work with clients to mitigate their specific situation. Additional information is available from Microsoft here.
As always, don’t be be the low hanging fruit and remember, all the cool kids update!
Additional details on this month’s Patch Tuesday are available on the sites below:
Adobe has so far released 2 patches this month. A patch to Lightroom that’s rated Important and an update to Adobe Acrobat that’s rated Critical.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.