Microsoft as well as other 3rd party vendors have not slowed their cadence the week after Patch Tuesday. With a high profile stability fix for Windows alongside multiple software titles getting new security releases, there’s plenty to cover.

Security Releases

VLC released version 3.0.8 this week with 13 new CVEs. According to VLC’s security bulletin, the assorted vulnerabilities could be exploited through a malicious file or website. The two highest profile vulnerabilities are CVE-2019-13602 and CVE-2019-13962 with a very controversial severity. NIST considers these CVEs at a High (8.8) and Critical (9.8) severity while VLC disputes the claim, saying that the metrics point to a more benign base score of 4.3. Regardless of perceived impact, be sure to get this software update out in your next patching cycle.

Node.JS also released a series of security updates for their supported versions with 8 CVEs that were discovered by Netflix. All CVEs detail flaws in the implementation of HTTP/2 where an attacker can execute a denial of service against the target. In line with Netflix’s security bulletin, Microsoft has already remediated these vulnerabilities, but keep an eye out for other vendors in the future to cover these CVEs.

Microsoft Non-Securities

On an earlier than normal cadence, Microsoft released non-security updates for all supported platforms as early as last Saturday. These emergency updates resolve the widespread Visual Basic errors caused by August’s Patch Tuesday release. It appears that this issue is widespread enough that Microsoft also released a one-off standalone fix for those that implement the security-only bundle as opposed to the rollup. If you have been holding off for this release, this will give you the opportunity to patch the high-profile wormable vulnerabilities announced last week. See the table below to reference the needed patches for your environment:

Standalone

Rollup/Cumulative

Server 2008

KB4517301

KB4512499

Windows 7/Server 2008 R2

KB4517297

KB4512514

Server 2012

KB4517302

KB4512512

Windows 8.1/Server 2012 R2

KB4517298

KB4512478

Windows 10 LTSB 2015

KB4517276

Windows 10 LTSB 2016/Server 2016

KB4512495

Windows 10 1703

KB4512474

Windows 10 1709

KB4512494

Windows 10 1803

KB4512509

Windows 10 1809/Server 2019

KB4512534

Third-Party Updates

As always, our other supported third-party vendors have been releasing non-security updates for their respective products. While these updates might not have CVEs, they may also contain valuable stability updates for your end users: 

Software Title

Ivanti ID

Ivanti KB

AIMP 4.60.0.2144

AIMP-015

QAIMP4602144

Apache Tomcat 8.5.45

TOMCAT-142

QTOMCAT8545

Apache Tomcat 9.0.24

TOMCAT-141

QTOMCAT9024

BlueJeans 2.15.279.0

JEANS-023

QBJN2152790

CCleaner 5.61.7392

CCLEAN-083

QCCLEAN5617392

CoreFTP LE 2.2.1935

COREFTP-038

QCFTP221935

GoodSync 10.10.6.6

GOODSYNC-128

QGS101066

GoTo Opener 1.0.527

GOTOO-003

QGTO10527

Microsoft Power BI Desktop 2.72.5556.801

PBID-063

QBI2725556801

Node.JS 12.9.0 (Current)

NOJSC-021

QNODEJSC1290

Opera 63.0.3368.35

OPERA-224

QOP630336835

Opera 63.0.3368.43

OPERA-225

QOP630336843

PeaZip 6.9.0

PZIP-017

QPZIP690

Plex Media Player 2.40.0

PLXP-044

QPLXP2400

Plex Media Server 1.16.5.1488

PLXS-042

QPLXS11651488

Skype 8.51.0.86

SKYPE-165

QSKY851086

Slack Machine-Wide Installer 4.0.2

SMWI-034

QSLACK402

TeamViewer 14.5.1691

TVIEW-051

QTVIEW1451691

Visual Studio Code 1.37.1

MSNS19-0815-CODE

QVSCODE1371

Zoom Outlook Plugin 4.8.2721.0811

ZOOMOUT-011

QZOOMO482721

Free Whitepaper: What to do BEFORE all hell breaks loose