Microsoft's October 2019 Patch Tuesday is a go and now rolling out to Windows users around the world. Perhaps the most interesting thing about this month's patch event is that it is relatively light.
Certainly, compared to Patch Tuesday rollouts over the last year, October 2019 is small. Over previous events, Microsoft has patched between 80 and 100 vulnerabilities each month, alongside active zero-day vulnerabilities.
For October 2019 Patch Tuesday, Microsoft says there were no zero-days. Additionally, the number of normal patches was also reduced, with only 59 bugs handled. Of those bugs, only nine were deemed “critical” by Microsoft's vulnerability threat rating.
You can check out the list of patches at the bottom of this page.
Patch Problems
With a reduced sized Patch Tuesday, hopefully Microsoft can avoid problems that have persisted with larger patches. Namely the company has been rolling out bulky updates which solve bugs but usually create all new ones.
Last month, Microsoft confirmed its Patch Tuesday cumulative updates caused issues with audio. Gamers had reported inconsistent audio performance across games on Windows 10 1903 since September 10. Microsoft acknowledged the issue in a support page. Redmond said KB4515384 was caused by a “compatibility” change with some audio partners.
Yesterday we reported on the company's recent October 3 patch. This required patch was sent out by Microsoft to squash a bug between Internet Explorer and printers. It looks like this update is now causing all new problems for Windows users. Indeed, Microsoft was forced to reissue KB4524147.
October 2019 Patch Tuesday
Service | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure | CVE-2019-1372 | Azure App Service Remote Code Execution Vulnerability | Critical |
Internet Explorer | CVE-2019-1371 | Internet Explorer Memory Corruption Vulnerability | Important |
Microsoft Browsers | CVE-2019-0608 | Microsoft Browser Spoofing Vulnerability | Important |
Microsoft Browsers | CVE-2019-1357 | Microsoft Browser Spoofing Vulnerability | Important |
Microsoft Devices | CVE-2019-1314 | Windows 10 Mobile Security Feature Bypass Vulnerability | Important |
Microsoft Dynamics | CVE-2019-1375 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
Microsoft Edge | CVE-2019-1356 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1361 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1362 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1364 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1363 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1358 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1359 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1331 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1327 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1330 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1329 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1328 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1070 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-1366 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1060 | MS XML Remote Code Execution Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1307 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1308 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1335 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-1239 | VBScript Remote Code Execution Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1238 | VBScript Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-1325 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | Moderate |
Microsoft Windows | CVE-2019-1340 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1338 | Windows NTLM Security Feature Bypass Vulnerability | Important |
Microsoft Windows | CVE-2019-1339 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1342 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1311 | Windows Imaging API Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2019-1344 | Windows Code Integrity Module Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-1347 | Windows Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1315 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1346 | Windows Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1317 | Microsoft Windows Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1321 | Microsoft Windows CloudStore Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1322 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1341 | Windows Power Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1319 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1318 | Microsoft Windows Transport Layer Security Spoofing Vulnerability | Important |
Microsoft Windows | CVE-2019-1320 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
Open Source Software | CVE-2019-1369 | Open Enclave SDK Information Disclosure Vulnerability | Important |
Secure Boot | CVE-2019-1368 | Windows Secure Boot Security Feature Bypass Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
SQL Server | CVE-2019-1376 | SQL Server Management Studio Information Disclosure Vulnerability | Important |
SQL Server | CVE-2019-1313 | SQL Server Management Studio Information Disclosure Vulnerability | Important |
Windows Hyper-V | CVE-2019-1230 | Hyper-V Information Disclosure Vulnerability | Important |
Windows IIS | CVE-2019-1365 | Microsoft IIS Server Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1343 | Windows Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2019-1334 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-1345 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows NTLM | CVE-2019-1166 | Windows NTLM Tampering Vulnerability | Important |
Windows RDP | CVE-2019-1326 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
Windows RDP | CVE-2019-1333 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Windows Update Stack | CVE-2019-1323 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2019-1337 | Windows Update Client Information Disclosure Vulnerability | Important |
Windows Update Stack | CVE-2019-1336 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important |