Skip to main content

Post-Patch Tuesday Roundup: October 2018

Post-Patch Tuesday Roundup: October 2018

Networking & security Software Licensing

security patch blog 01

Tim Lovegrove

Security Analyst

Welcome to the October 2018 Patch Roundup, where we look at the latest updates from the main vendors released on Patch Tuesday, and dissect a few of the key releases. If you missed September’s updates, you can give them a read, here. Let’s get started…

49 Updates for Microsoft

A bit of a nightmare for Microsoft this month, with rollout of the 1809 semi-annual update to Windows 10 being halted after users reported files being deleted from their documents folder. Expect it to be repaired and re-released shortly, providing a slew of new features including Windows Autopilot zero-touch provisioning, wireless projection and integration with Android photos, amongst other enhancements. Hold off pushing this out until it gets the all clear though!

Alongside the 1809 release comes the usual batch of Patch Tuesday security updates: 49 in total, 12 rated critical. Remote Code Execution (RCE) flaws in Office, Hyper-V, Edge/Internet Explorer, the Chakra scripting engine and the MS XML parser are all dealt with, along with privilege escalation and RCE bugs in Exchange. As always, with the monthly Microsoft updates, user endpoints should be first in line, after which servers can be prioritised based on their network locations and business criticality. As the 1809 faff shows, careful testing before releasing updates to Production is still important.

Finally, whilst not really an update, we're looking forward to playing with Windows Server 2019, which came out on the 2nd October. With 2019 versions of SQL and Exchange also due to drop imminently, sysadmins will no doubt be prepping for a big update cycle in the coming months.

Adobe Fixes A Lot Of Issues

Acrobat and Reader were updated outside Adobe’s usual schedule, with a huge update released on the 2nd October that fixed 85 separate issues, including RCEs and privilege escalations. This is definitely one to prioritise given the prevalence of PDF-delivered malware at the moment. As a result, there’s no Patch Tuesday update for Reader, Acrobat or Flash, but updates have been issued for; Digital Editions, Experience Manager, Framemaker and the Technical Communications Suite.

VMware Updates

With ESXi 6.7 released earlier in the year, Update 1 for the platform is expected to drop around the end of October. This release finalises the move to the HTML5 web client (at last!), adds HCI and vSAN enhancements as well as vMotion for NVIDIA vGPUs.

Apple Drop iOS 12

Apple dropped iOS 12 at the tail-end of September, alongside their new iPhone models. Plenty of fun features (we can’t stop measuring things for a start), but it also adds some nice security features such as integration with 3rd party password managers (LastPass, 1Password), USB Restricted Mode which locks-out connected peripherals after an hour, and some nifty enhancements to passcodes and two-factor logins. Encourage your users to update or start prepping to push it from your MDM.

Browsers and Certificates

As we reported last month, Chrome and Firefox will be dropping support for Symantec certificates in their forthcoming versions, v70 and v63 respectively. Apple and Microsoft have also now announced that Safari, Edge and IE will follow suit very shortly but haven’t given an exact date for the cut off. Consider it your last chance to get those certs changed to a new provider.

Get in Touch

If you'd like advice on any of the updates mentioned above, please get in touch with your Softcat Account Manager or send us a message using the button below.