2021 October Patch Tuesday

1. Patch Tuesday Webinar Wednesday, October 13, 2021 Hosted by Chris Goettl and Todd Schell

2. Agenda October 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A

3. Overview

4. Copyright © 2021 Ivanti. All rights reserved. October Patch Tuesday 2021 October is cyber security awareness month. It is a great time to evaluate your vulnerability management prioritization process. Vulnerability management is always an area of concern as new vulnerabilities are constantly being discovered. Vendor severity and CVSS scores often do not account for real world risk. This month has some good examples including a Zero Day vulnerability that is actively being exploited but is only rated as Important. Patch Tuesday is a specific event each month that helps companies focus on resolving Microsoft operating systems and vulnerabilities. The challenge is the other software in your environment receives updates on a different release cycle, so you need to account for this all month. Microsoft has resolved 76 unique CVEs this month. Adobe has released an update for Acrobat and Reader resolving four CVEs, Foxit Reader has resolved 13 CVEs, and next week Oracle will be releasing their Quarterly CPU.

5. In the News

6. Copyright © 2021 Ivanti. All rights reserved. In the News  Apache is Critical to your Web Site Security  https://www.bankinfosecurity.com/apache-issues-another- emergency-patch-for-exploited-flaws-a-17697  https://us-cert.cisa.gov/ncas/current- activity/2021/10/06/apache-releases-security-update-apache- http-server  https://nvd.nist.gov/vuln/detail/CVE-2021-40438  Atlassian Confluence  https://www.zdnet.com/article/us-cybercom-says-mass- exploitation-of-atlassian-confluence-vulnerability-ongoing-and- expected-to-accelerate/

7. Copyright © 2021 Ivanti. All rights reserved. In the News  Apple fixes 17th Zero Day in iOS  https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and- ipad.html?m=1  Oracle CPU  Quarterly release of all updates for Oracle products  October 19  https://www.oracle.com/security-alerts/

8. Copyright © 2021 Ivanti. All rights reserved. Exploited Vulnerability  CVE-2021-40449 Win32k Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 7.8 / 7.2  Severity: Important  Impacts all Microsoft workstation and server operating systems  https://www.bleepingcomputer.com/news/security/chinese-hackers-use-windows-zero- day-to-attack-defense-it-firms/

9. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-33781 Azure AD Security Feature Bypass Vulnerability  Vulnerability fix originally released Jul 13  Security updates released for all supported versions of Windows 10 and 11, and associated Server versions  CVSS 3.0 Scores: 8.1 / 7.1  Severity: Important  CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability  CVSS 3.0 Scores: 7.2 / 6.5  Severity: Important  Impacts all Server operating systems

10. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 7.8 / 7.0  Severity: Important  Impacts all Workstation and Server versions from Server 2008 R2 through Windows Server 21H2  CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability  CVSS 3.0 Scores: 5.5 / 5.0  Severity: Important  Impacts Windows 10, Windows 11, and associated Server versions

12. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Development Tool and Other Updates  .NET 5.0  Intune Management Extension  Visual Studio 2017 version 15.9  Visual Studio 2019 versions 16.0 through 16.10

13. Copyright © 2021 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 Windows 10 Pro and Pro Workstation Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows

15. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)

16. Bulletins and Releases

17. Copyright © 2021 Ivanti. All rights reserved. APSB21-104: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 4 vulnerabilities, 2 of which are critical. Successful exploitation could lead to arbitrary code execution in the context of the current user. See https://helpx.adobe.com/security/products/acrobat/apsb21-55.html for more details.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 4 Vulnerabilities: CVE-2021-40728, CVE-2021-40729, CVE-2021-40730, CVE-2021-40731  Restart Required: Requires application restart

18. Copyright © 2021 Ivanti. All rights reserved. FPDFE-211012: Security Update Foxit PDF Reader and Editor  Maximum Severity: Critical  Affected Products: Foxit PDF Reader 11.1 and Foxit PDF Editor 11.1  Description: Foxit has released security updates for PDF Reader and Editor for Windows and macOS. These updates address 13 vulnerabilities. See https://www.foxit.com/support/security-bulletins.html for more details.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and Information Disclosure  Restart Required: Requires application restart

19. Copyright © 2021 Ivanti. All rights reserved. MS21-10-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5006674.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 39 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-41338 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported

20. Copyright © 2021 Ivanti. All rights reserved. MS21-10-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 47 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469, CVE-2021-41335, and CVE-2021-41338 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides

21. Copyright © 2021 Ivanti. All rights reserved. October Known Issues for Windows 10  KB 5006672 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.

22. Copyright © 2021 Ivanti. All rights reserved. October Known Issues for Windows 10 (cont)  KB 5006670 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.

23. Copyright © 2021 Ivanti. All rights reserved. MS21-10-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft SharePoint Enterprise Server 2013, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 6 KBs.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-40482, CVE-2021-40483, CVE-2021-40484, CVE-2021-40485, CVE-2021-40486, CVE-2021-40487, and CVE-2021-41344 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported

24. Copyright © 2021 Ivanti. All rights reserved. MS21-10-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 and LTSC 2021 for macOS, Office Online Server, Office Web Apps Server 2013 and Word 2013 & 2016  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution and Information Disclosure  Fixes 8 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-40454, CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485, and CVE-2021-40486 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported

25. Copyright © 2021 Ivanti. All rights reserved. MS21-10-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Information Disclosure  Fixes 10 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-40454, CVE-2021-40471, CVE-2021-40472, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40480, CVE-2021-40481, CVE-2021- 40485, and CVE-2021-40486 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported

26. Copyright © 2021 Ivanti. All rights reserved. MS21-10-IE: Security Updates for Internet Explorer  Maximum Severity: Important  Affected Products: Internet Explorer 9 and 11  Description: The fixes that are included in this update are also included in the October 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes. This bulletin references KB 5006671.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2021-41342 is fixed in this update.  Restart Required: Requires browser restart  Known Issues: None reported

27. Copyright © 2021 Ivanti. All rights reserved. MS21-10-EXCH: Security Updates for Exchange Server  Maximum Severity: Important  Affected Products: Microsoft Exchange Server 2013 - 2019  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5007011 and KB 5007012.  Impact: Remote Code Execution, Denial of Service, Spoofing, and Elevation of Privilege  Fixes 4 Vulnerabilities: None are publicly disclosed or known exploited. CVE-2021-26427, CVE-2021-34453, CVE-2021-41348, and CVE-2021-41350 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide

28. Copyright © 2021 Ivanti. All rights reserved. October Known Issues for Exchange Server  KB 5007011 and KB 5007012 – Exchange Server 2013, 2016 and 2019  [Issue 1] If the update is run it in Normal mode (that is, not as an administrator), some files are not correctly updated and there are no error messages. This occurs because UAC prevents the security update from correctly stopping certain Exchange-related services. Workaround: Run as administrator in manual mode. See KB for more details.  [Issue 2] Exchange services might remain in a disabled state after you install this security update. Workaround: Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt.  [Issue 3] When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. Workaround: Enable third-party cookies for the domain that's hosting OWA or Office Online Server in the browser settings. See KB for more details.

29. Copyright © 2021 Ivanti. All rights reserved. October Known Issues for Exchange Server (cont)  [Issue 4] When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a "(400) Bad Request" error message. Workaround: See Microsoft help article "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology for guidance.

30. Copyright © 2021 Ivanti. All rights reserved. MS21-10-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5005606 (released September 14, 2021). This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5006736.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 18 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.

31. Copyright © 2021 Ivanti. All rights reserved. October Known Issues for Server 2008  KB 5006736 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5006715 – Windows Server 2008 (Security-only Update)  [File Rename]

32. Copyright © 2021 Ivanti. All rights reserved. MS21-10-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5006715. This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 17 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.

33. Copyright © 2021 Ivanti. All rights reserved. MS21-10-MR7-ESU: Monthly Rollup for Win 7 MS21-10-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB 5005633 (released September 14, 2021). This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5006743.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 20 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE-2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

34. Copyright © 2021 Ivanti. All rights reserved. MS21-10-SO7-ESU: Security-only Update for Win 7 MS21-10-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5006728. This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 19 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE-2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

35. Copyright © 2021 Ivanti. All rights reserved. MS21-10-MR8: Monthly Rollup for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 5005623 (released September 14, 2021). This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5006739.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 28 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE-2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

36. Copyright © 2021 Ivanti. All rights reserved. MS21-10-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5006732. This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 27 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE-2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

37. Copyright © 2021 Ivanti. All rights reserved. MS21-10-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5005623 (released September 14, 2021). This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5006714.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 28 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE- 2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

38. Copyright © 2021 Ivanti. All rights reserved. MS21-10-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5006729. This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 27 Vulnerabilities: CVE-2021-40449 is known exploited. CVE-2021-40469 and CVE-2021-41335 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]

39. Between Patch Tuesdays

40. Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): iTunes (1), Google Chrome (4), Firefox (1), Firefox ESR (2), Apache OpenOffice (1)  Security (w/o CVEs): iTunes (1), Apple Mobile Device Support (1), Adobe Acrobat DC and Acrobat (1), Box Edit (1), Camtasia (2), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (2), Dropbox (1), Evernote (3), Firefox (1), GoodSync (4), GIMP (1), GIT for Windows (1), Jabra Direct (1), LibreOffice (1), Malwarebytes (2), Node.JS (2), Notepad++ (1), Opera (5), Pidgin (1), Plex Media Server (1), Royal TS (1), Skype (1), Slack Machine-Wide Installer (1), Snagit (1), Tableau Desktop (5), Tableau Reader (1), Thunderbird (3), Apache Tomcat (1), TeamViewer (1), UltraVNC (1), VMware Tools (1), Wireshark (2), Zoom Client (1), Zoom Outlook Plugin (1)  Non-Security Updates: Box Drive (1), Box Sync (1), Docker for Windows Stable (2), Google Drive File Stream (1), Inkscape (1), BlueJeans (2), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (4), TightVNC (1), Cisco WebEx Teams (1), XnView (1)

41. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  iTunes 12.12.0.6  AI-210920, QAI121206  Fixes 2 Vulnerabilities: CVE-2021-30835, CVE-2021-30847  Google Chrome 94.0.4606.54  CHROME-210921, QGC940460654  Fixes 17 Vulnerabilities: CVE-2021-37956, CVE-2021-37957, CVE-2021-37958, CVE-2021-37959, CVE-2021-37960, CVE-2021-37961, CVE-2021-37962, CVE- 2021-37963, CVE-2021-37964, CVE-2021-37965, CVE-2021-37966, CVE-2021- 37967, CVE-2021-37968, CVE-2021-37969, CVE-2021-37970, CVE-2021-37971, CVE-2021-37972

42. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 94.0.4606.61  CHROME-210924, QGC940460661  Fixes 1 Vulnerability: CVE-2021-37973  Google Chrome 94.0.4606.71  CHROME-210930, QGC940460671  Fixes 3 Vulnerabilities: CVE-2021-37974, CVE-2021-37975, CVE-2021-37976  Google Chrome 94.0.4606.81  CHROME-211007, QGC940460681  Fixes 4 Vulnerabilities: CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980

43. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox ESR 93.0  FFE-211005, QFF93  Fixes 7 Vulnerabilities: CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38499, CVE-2021-38500, CVE-2021-38501  Firefox ESR 91.2.0  FFE-211004, QFFE9120  Fixes 6 Vulnerabilities: CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501  Firefox ESR 78.15.0  FFE-211005, QFFE78150  Fixes 2 Vulnerabilities: CVE-2021-38496, CVE-2021-38500

44. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Apache OpenOffice 4.1.11  OROO-211006, QOROO4111  Fixes 3 Vulnerabilities: CVE-2021-28129, CVE-2021-33035, CVE-2021-40439

45. Q & A

2021 October Patch Tuesday

You are reading a preview.

Check these out next

2021 October Patch Tuesday

More Related Content

Slideshows for you (20)

Similar to 2021 October Patch Tuesday (20)

Recently uploaded (20)

2021 October Patch Tuesday