• October 2019 Patch Tuesday – watch out

    Posted on October 8, 2019 at 12:12 CDT by Comment in the Forums

    The patches just hit. I count 132 new patches in the Update Catalog — added to the 50 that were released on Oct. 3rd (and updated on the 4th).

    Dustin Childs, in his usual thorough overview for the Zero Day Initiative, pegs it at 59 separately identified security holes (CVEs). No new advisories. There are no new “Public” or “Exploited” patches. Our old friend CVE-2019-1367, the infamous IE zero-day isn’t on the list of new patches. Childs says:

    –       CVE-2019-1367 – Scripting Engine Memory Corruption Vulnerability
    This patch was actually released on September 23 to address active attacks reported on IE. However, this initial patch was only available via manual download and wasn’t on Windows Update or Automatic Update. On October 3, they updated and re-released the patch on all platforms. They also noted the updated patch addresses some quality issues introduced by the first patch. It seems the rush to create the update to stop the attacks had a bumpy start, and some reports indicate printing issues continue. If you’re worried about the risk, restricting access to jscript.dll is a good alternative to applying the patch. 

    Which is certainly giving Microsoft the benefit of the doubt. 🙂 I continue to recommend not using IE and setting your default browser to something – anything – else.

    Martin Brinkmann has his full listing on the Ghacks.net site.

    I’m happy to report that, after a five day absence, the official list of Servicing Stack Updates, ADV990001, is now up and working. Almost all of the SSUs are new this month. (Servicing Stack Updates fix Windows Update itself. Normally, Windows Update installs them automatically; you only need to worry about them if you’re manually downloading and installing updates.)

    It looks like the latest cumulative updates for all Win10 versions include the changes made for the October 3 out-of-band patch. Bugs and all, I would assume.

     

    Günter Born has posted several descriptions of RDP bugs in the last cumulative update to Win10 version 1903, KB 4524147. Betcha bucks to buckaroos that we’ll see the same bugs (along with all of the printer bugs and Start menu bugs and … ) in the latest cumulative update, KB 4517389.

    We’re still at MS-DEFCON 1: Don’t patch. For any reason, real or imagined.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.