On Patch Tuesday in August 2020, Microsoft released patches for 120 vulnerabilities as scheduled, 17 of which are serious vulnerabilities. Since most employees use remote work, IT administrators will face challenges when planning and installing the updates released this time.
After a brief introduction to the released updates, we will provide some suggestions on remote device patch management plans.
What is Patch Tuesday?
Patch Tuesday is the second Tuesday of every month. On this day, Microsoft will release security and non-security updates for its operating system and other related applications. Because Microsoft's updates are released regularly, IT administrators can arrange time in advance to prepare for new updates.
Why is Patch Tuesday important?
The most important security updates and patches to fix serious vulnerabilities will be released on Patch Tuesday. Usually zero-day vulnerabilities will also be fixed during Patch Tuesday, unless it is a serious vulnerability or a highly exploited vulnerability. In this case, an emergency security update will be issued to fix this particular vulnerability.
Highlights of August Patch Tuesday
Security updates for the following products have been released:
Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge (Chromium-based)
Microsoft ChakraCore
Internet Explorer
Microsoft Scripting Engine
SQL Server
Microsoft JET Database Engine
.NET Framework
ASP.NET Core
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Windows Codecs Library
Microsoft Dynamics
zero-day vulnerability and public disclosure
Microsoft fixed two zero-day vulnerabilities that were actively exploited. The CVE IDs are CVE-2020-1380 and CVE-2020-1464.
CVE-2020-1380 is a remote code execution vulnerability caused by memory corruption of the script engine. This vulnerability is actively used in phishing activities.
Another publicly disclosed zero-day vulnerability is CVE-2020-1464. This is a Windows spoofing vulnerability that allows attackers to bypass security features.
Serious and noteworthy update
The patches released on Patch Tuesday include 17 critical updates and 103 important updates. Microsoft also released an update to the Windows 10 service stack.
It is recommended to fix serious vulnerabilities first, and then fix other important vulnerabilities.
Non-security update
Microsoft has released cumulative updates for Windows 10, including non-security updates KB4566782 and KB4565351.
Adobe and Chrome updates
Adobe has released security updates for Acrobat and Reader. Google Chrome also released a stable version update, 84.0.4147.125, which fixes 15 security vulnerabilities.
Best practices for patch management in home office mode
After the COVID-19 outbreak, most companies chose to switch to telecommuting entirely. This shift has brought various challenges to IT administrators, especially in terms of managing and protecting terminal security. Here are some practical guidelines to help simplify remote patching.
Disable automatic updates, because an incorrect patch update may cause the entire system to crash. IT administrators can instruct end users how to disable automatic updates on their machines. Patch Manager Plus and Desktop Central also have a special patch, 105427, which can be deployed to the terminal to ensure that automatic updates are disabled.
Before deploying important updates such as those from Patch Tuesday, create a restore point, a backup, or a mirror of the machine state.
Establish a patch schedule and notify end users. It is recommended to set the time for deploying the patch and restarting the system. Let end users know what they need to do—for example, they need to connect to the VPN for 3 hours from 6 to 9 pm.
Before deploying the patch to the production environment, test it on a set of pilot systems. This will ensure that the patch does not interfere with the work of other applications.
Since most users work from home, they may not adhere to strict schedules; therefore, options that allow end users to skip deployment and scheduled restarts need to be provided. This way they can install updates at their convenience without interrupting their work. Our patch management products provide user-defined deployment and restart functions.
Most companies are using VPNs to deploy patches. To prevent patching tasks from occupying too much VPN bandwidth, please install critical and security updates first. Postpone the deployment of feature packs and cumulative updates because they are heavy workloads and consume too much bandwidth.
Plan non-security updates and non-critical security updates to be deployed after Patch Tuesday, for example, in the third or fourth week of the month. If certain updates are not needed in your environment, you can also choose to ignore them.
Generate patch reports to get a detailed view of the terminal's health status.
Using Desktop Central or Patch Manager Plus, you can fully automate the entire patch management process from testing patches to deployment. You can also customize the patch task according to your own situation. If you want to experience these two products yourself, you can download a 30-day free trial version that provides patch management and security guarantees for thousands of applications.