Patch Tuesday, August 2019 Edition — Krebs on Security. Aug 13, 2019. Microsoft today released patches to fix some 93 vulnerabilities in Windows. Gives us a predictable schedule when it's going to release patches. This entry was posted on Tuesday, August 13th, 2019 at 5:57 pm and is. Sep 10, 2019  This article is intended for use by administrators of Windows Server Update Services (WSUS), Windows Update, and Microsoft Update services. This article contains a list of content changes that have been made available on the second Tuesday of every month for WSUS, Windows Update, and Microsoft Update.

I've tried my servers and they don't see the patches that Microsoft has released. Usually Windows Update automatically installs them on Wednesday, so it must be something late in the day -- yet I can't find this info anywhere on either the Wikipedia page or on Microsoft's site for Patch Tuesday. Anyone have authoritative source for the time of day they are released?

The wiki discussion page for Patch Tuesday laments this as well:

'What time exactly are the updates released? I never seem to notice them till wednesday, and I see nothing as of yet (14:03 UTC) today. --Zilog Jones 13:03, 11 July 2006 (UTC)')

jscottMatt RogishMatt Rogish

4 Answers

According to this page, they release them at approximately 10 AM Pacific time.

There is no scheduled time. If you are worried about missing them, Microsoft does have various security advisory notifcation methods available:http://technet.microsoft.com/en-us/security/dd252948.aspx

MattBMattB

It's usually before 11:00 PST/PDT, but I've seen them released as late as 15:00 MST.

Microsoft Tuesday Patch Schedule

IzzyIzzy

if you are looking to determine when packages are installed in on a domain, look at WSUS and control it from the server level.

KeithKeith

Microsoft Patch Tuesday Schedule August 2019

Not the answer you're looking for? Browse other questions tagged securitywindows-updatepatch-management or ask your own question.

Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.

The updates released Tuesday affect Windows, Internet Explorer and Edge, Office, Sharepoint, .NET Framework and Exchange. Patches are available for all client and server versions of Windows, but none of the “critical” flaws — those that can lead to a remote system compromise without any help from users — apply to Windows 7 or Windows 8.1, according to Martin Brinkmann at Ghacks.net.

Mercifully, none of the vulnerabilities fixed in Tuesday’s bundle are being actively exploited, although one (CVE-2019-0579) was publicly disclosed prior to the patch release, meaning attackers may have had a head start figuring out how to exploit it. This bug is one of 11 that Microsoft fixed in its Jet Database Engine.

Among the more eyebrow-raising flaws fixed this week is CVE-2019-0547, a weakness in the Windows component responsible for assigning Internet addresses to host computers (a.k.a. “Windows DHCP client”). According to security vendor Tenable, this is the most severe bug of the entire patch batch.

“In order to exploit the vulnerability, an attacker would need to be able to send a specially crafted DHCP response to its target, allowing them to run arbitrary code on the client machine,” said Satnam Narang, senior research engineer at Tenable.

Tuesday’s update bundle also includes a fix that Microsoft released late last month as an emergency patch to plug a zero-day flaw in Internet Explorer (CVE-2018-8653) that attackers are already exploiting. Experts at Recorded Future say that vulnerability continues to be exploited in the wild, with several exploit kits now including the publicly released proof-of-concept code into their platforms.

“If you have not patched this vulnerability yet, it should be the number one priority,” writes Allan Liska, senior solutions architect at Recorded Future.

It generally can’t hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

Case in point: Computerworld’s Woody Leonhard notes that multiple organizations are reporting problems with their file-sharing operations after installing this month’s patch rollup.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. Also, it’s a good idea to get in the habit of backing up your data before installing Windows updates.

Adobe released an update for its Flash Player plugin, but alas there don’t appear to be any security fixes in it. However, the company last Thursday did release new versions of its Adobe Acrobat and Reader that correct at least two critical vulnerabilities in each.

If you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: Allan Liska, CVE-2018-8653, CVE-2019-0547, CVE-2019-0579, Ghacks.net, Martin Brinkmann, Patch Tuesday January 2019, Recorded Future, Satnam Narang, Tenable, Woody Leonhard