You know the deal: October 2019. Pwned by a spreadsheet. Patch your Microsoft stuff


Pumpkin, image via Shutterstock

Patch Tuesday October brings a relatively light patch load for admins and users, thanks to Adobe’s decision to sit out this month’s update bonanza.

Cloudy patch bundle from Microsoft

For Microsoft, the Patch Tuesday update is a manageable 59 CVE-listed bugs for Windows, Edge, Office, and Azure.

Among the nine critical issues patched this month is CVE-2019-1372, a flaw in Azure that allows end-users running on virtual machines to send and execute code on the host machines.

This is particularly bad because it is, in essence, both an elevation of privilege bug and a remote code execution vulnerability.

Read more…