Successfully reported this slideshow.
Your SlideShare is downloading. ×

2022 March Patch Tuesday

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 43 Ad

2022 March Patch Tuesday

Download to read offline

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Advertisement
Advertisement

More Related Content

Advertisement

Recently uploaded (20)

Advertisement

2022 March Patch Tuesday

  1. 1. Patch Tuesday Webinar Wednesday, March 9, 2022 Hosted by Chris Goettl and Todd Schell
  2. 2. Agenda March 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  3. 3. Overview
  4. 4. Copyright © 2022 Ivanti. All rights reserved. March Patch Tuesday 2022 March Patch Tuesday got off to an early start this month with CISA adding 95 vulnerabilities to their Known Exploited Vulnerabilities Catalog. Yesterday another 11 vulnerabilities were added including two Zero Day vulnerabilities in Mozilla Firefox that were resolved in a release on Friday, March 4th. This brings the CISA catalog up to 489 total CVEs that organizations should be ensuring get mitigated or remediated as quickly as possible. With the invasion of Ukraine by Russia a heightened awareness around cybersecurity threats has also brought more attention to the vulnerabilities being used by known Russian threat actors. Ivanti Neurons for Risk Based Vulnerability Management is currently tracking a total of 60 CVEs that have been identified as being used by Russian-backed threat actors. Many of these have been tied to Ransomware.
  5. 5. In the News
  6. 6. Copyright © 2022 Ivanti. All rights reserved. In the News  CISA Adds 11 Known Exploited Vulnerabilities to Catalog (Mar 7)  https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisa-adds-11- known-exploited-vulnerabilities-catalog  Includes 2 Zero Day vulns for Mozilla Firefox  CISA Adds 95 Known Exploited Vulnerabilities to Catalog (Mar 3)  https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/cisa-adds-95- known-exploited-vulnerabilities-catalog  2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!  https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs- under.html
  7. 7. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability  CVSS 3.1 Scores: 8.8 / 7.9  Severity: Important  Impacts all Windows workstation and server operating systems.  CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 7.0  Severity: Important  Impacts all Windows workstation and server operating systems.
  8. 8. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities (cont)  CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability  CVSS 3.1 Scores: 6.3 / 5.5  Severity: Important  Impacts:  Visual Studio 2019 versions 16.7, 16.9 and 16.11  Visual Studio 2022 version 17  .NET Core 3.1, .NET 5.0 and .NET 6.0
  9. 9. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 7/Server 2008/2008 R2  Windows Server 2012  Windows 10 (as shown)  Development Tool and Other Updates  .NET Core 3.1  .NET 5.0  .NET 6.0  Visual Studio 2022 version 17.0  Visual Studio 2019 version 16.11  Visual Studio 2019 version 16.9  Visual Studio Code Source: Microsoft
  10. 10. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 1909 11/12/2019 5/10/2022 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 20H2 10/20/2020 5/10/2022 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  11. 11. Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
  12. 12. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  13. 13. Bulletins and Releases
  14. 14. Copyright © 2022 Ivanti. All rights reserved. MFSA-2022-10: Security Update Firefox 98  Maximum Severity: Critical (High)  Affected Products: Firefox  Description: This security update from Mozilla addresses critical vulnerabilities in the Firefox application on multiple platforms. Of the 7 reported vulnerabilities, 4 are rated as High. See https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/ for complete details.  Impact: Security Feature Bypass, Elevation of Privilege and Information Disclosure  Fixes 7 Vulnerabilities: See link to Mozilla bulletin  Restart Required: Requires application restart  Known Issues: None NOTE: Two critical Zero Day vulnerabilities were announced in MFSA-2022-09 on March 5.
  15. 15. Copyright © 2022 Ivanti. All rights reserved. MFSA-2022-11: Security Update Firefox ESR 91.7  Maximum Severity: Critical (High)  Affected Products: Firefox ESR  Description: This security update from Mozilla addresses critical vulnerabilities in the Firefox ESR application on multiple platforms. Of the 5 reported vulnerabilities, 4 are rated as High. See https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/ for complete details.  Impact: Security Feature Bypass, Elevation of Privilege and Information Disclosure  Fixes 5 Vulnerabilities: See link to Mozilla bulletin  Restart Required: Requires application restart  Known Issues: None NOTE: Two critical Zero Day vulnerabilities were announced in MFSA-2022-09 on March 5.
  16. 16. Copyright © 2022 Ivanti. All rights reserved. MS22-03-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU21 & CU22, and Exchange Server 2019 CU10 & CU11  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KBs 5012698 and 5010324.  Impact: Remote Code Execution and Spoofing  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-23277 and CVE-2022-24463 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  17. 17. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Exchange Server  KB 5012698 & 5010324 – Exchange Server 2013, 2016 and 2019  [Issue 1] If the update is run it in Normal mode (that is, not as an administrator), some files are not correctly updated and there are no error messages. This occurs because UAC prevents the security update from correctly stopping certain Exchange-related services. Workaround: Run as administrator in manual mode. See KB for more details.  [Issue 2] Exchange services might remain in a disabled state after you install this security update. Workaround: Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt.  [Issue 3] When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. Workaround: Enable third-party cookies for the domain that's hosting OWA or Office Online Server in the browser settings. See KB for more details.
  18. 18. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Exchange Server (cont)  [Issue 4] When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a "(400) Bad Request" error message. Workaround: See Microsoft help article "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology for guidance.
  19. 19. Copyright © 2022 Ivanti. All rights reserved. MS22-03-W11: Windows 11 Update  Maximum Severity: Important  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5010386.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 27 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  20. 20. Copyright © 2022 Ivanti. All rights reserved. MS22-03-W10: Windows 10 Update  Maximum Severity: Important  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 7 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 31 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  21. 21. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Windows 10  KB 5011495 – Windows 10, version 1607, Windows Server 2016  [AD Forest Trust] After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. See KB for a list of .NET links.
  22. 22. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont)  KB 5011503 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [AD Forest Trust]
  23. 23. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont)  KB 5011487 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
  24. 24. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont)  KB 5011487 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 (cont)  [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details.  KB 5011497 – Server 2022  [Smart Card Failure]  [AD Forest Trust]
  25. 25. Copyright © 2022 Ivanti. All rights reserved. MS22-03-IE: Security Updates for Internet Explorer  Maximum Severity: Important  Affected Products: Internet Explorer 9 and 11  Description: The fixes that are included in this update are also included in the March 2022 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes. This bulletin references KB 5011486.  Impact: Security Feature Bypass  Fixes 1 Vulnerability: No CVEs are known exploited. CVE-2022-24502 is fixed in this update.  Restart Required: Requires browser restart  Known Issues: None reported
  26. 26. Copyright © 2022 Ivanti. All rights reserved. MS22-03-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5010384 (released February 8, 2022). Addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011534.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and Information Disclosure  Fixes 11 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
  27. 27. Copyright © 2022 Ivanti. All rights reserved. March Known Issues for Server 2008  KB 5011534 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5011525 – Windows Server 2008 (Security-only Update)  [File Rename]
  28. 28. Copyright © 2022 Ivanti. All rights reserved. MS22-03-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011525.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and Information Disclosure  Fixes 11 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
  29. 29. Copyright © 2022 Ivanti. All rights reserved. MS22-03-MR7-ESU: Monthly Rollup for Win 7 MS22-03-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: Completes final transition from SHA1 to SHA2 on embedded versions and addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. This security update includes improvements and fixes that were a part of KB 5010404 (released February 8, 2022). Bulletin is based on KB 5011552.  Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE- 2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  30. 30. Copyright © 2022 Ivanti. All rights reserved. MS22-03-SO7-ESU: Security-only Update for Win 7 MS22-03-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011529.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  31. 31. Copyright © 2022 Ivanti. All rights reserved. MS22-03-MR8: Monthly Rollup for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 5010392 (released previous February 8, 2022). Addresses an issue in which Windows might go into BitLocker recovery after a servicing update and an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011535.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 20 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022- 24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  32. 32. Copyright © 2022 Ivanti. All rights reserved. MS22-03-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012  Description: Addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011527.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 20 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  33. 33. Copyright © 2022 Ivanti. All rights reserved. MS22-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5010419 (released February 8, 2022). This update addresses an issue when writing a service principal name (SPN) alias (such as www/contoso) and HOST/NAME which already exists on another object causes an error. It also addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011564.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE-2022- 24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  34. 34. Copyright © 2022 Ivanti. All rights reserved. MS22-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: This update addresses an issue when writing a service principal name (SPN) alias (such as www/contoso) and HOST/NAME which already exists on another object causes an error. It also addresses an issue in which after the January 2022 Windows update is installed on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing may result in an error. Bulletin is based on KB 5011560.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2022-21990 and CVE- 2022-24459 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [AD Forest Trust]
  35. 35. Copyright © 2022 Ivanti. All rights reserved. MS22-03-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Office 2019 & LTSC 2021 for macOS, Skype Extension for Chrome, and Word 2013 & 2016  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Tampering and Information Disclosure  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24511 and CVE-2022-24522 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  36. 36. Copyright © 2022 Ivanti. All rights reserved. MS22-03-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution, Security Feature Bypass and Tampering  Fixes 5 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-24461, CVE-2022-24462, CVE-2022-24509, CVE-2022-24510 and CVE-2022-24511 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  37. 37. Between Patch Tuesdays
  38. 38. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Foxit PhantomPDF (1), Snagit (1), Thunderbird (1), VMware Horizon Client (1), VMware Tools (1), Zoom Client (1)  Security (w/o CVEs): Camtasia (2), CCleaner (1), Corretto (1), Falcon Sensor for Windows (1), Docker for Windows Stable (2), Dropbox (2), Eclipse Adoptium JDK 11 (1), Eclipse Adoptium JDK 17 (1), Eclipse Adoptium JRE 17 (1), Evernote (2), Firefox (1), FileZilla Client (1), GoodSync (4), LibreOffice (1), LogMeIn (1), Malwarebytes (2), Node.JS 17 (Current) (2), Node.JS 16 (LTS Upper) (1), Notepad++ (2), Opera (5), Paint.net (1), Plex Media Server (1), PeaZip (1), RedHat OpenJDK JDK 17 (1), RedHat OpenJDK JRE 17 (1), Skype (1), SeaMonkey (1), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1), Tableau Desktop (4), Tableau Reader (1), Apache Tomcat (3), TeamViewer (1), WinSCP (1), Wireshark (2), Azul Zulu JDK 11 (1), Azul Zulu JRE 11 (1)  Non-Security Updates: AIMP (2), Box Drive (1), Google Drive File Stream (1), BlueJeans (1), NextCloud Desktop Client (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), Snagit (1), Cisco WebEx Teams (2)
  39. 39. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 98.0.4758.102  CHROME-220214, QGC9804758102  Fixes 8 Vulnerabilities: CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE- 2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610  Google Chrome 99.0.4844.51  CHROME-220301, QGC990484451  Fixes 21 Vulnerabilities: CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE- 2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022- 0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE- 2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809
  40. 40. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PhantomPDF 10.1.7.37777  FIP-220303, QFIP101737777  Fixes 25 Vulnerabilities: CVE-2018-1285, CVE-2021-40420, CVE-2021-44708, CVE-2021-44709, CVE-2021-44740, CVE-2021-44741, CVE-2022-22150, CVE- 2022-24357, CVE-2022-24358, CVE-2022-24359, CVE-2022-24360, CVE-2022- 24361, CVE-2022-24362, CVE-2022-24363, CVE-2022-24364, CVE-2022-24365, CVE-2022-24366, CVE-2022-24367, CVE-2022-24368, CVE-2022-24369, CVE- 2022-24907, CVE-2022-24908, CVE-2022-24954, CVE-2022-24955, CVE-2022- 24971  Snagit 2022.0.2  SNAG22-220222, QSNAG2202  Fixes 1 Vulnerability: CVE-2018-1285
  41. 41. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 91.6.1  TB-220215, QTB9161  Fixes 1 Vulnerability: CVE-2022-0566  VMware Horizon Client 5.5.3  VMWH5-220119, QVMWP1622  Fixes 1 Vulnerability: CVE-2022-22938  VMware Tools 12.0.0  VMWT12-220301, QVMWT1200  Fixes 1 Vulnerability: CVE-2022-22943  Zoom Client 5.9.6.3799  ZOOM-220228, QZOOM593799  Fixes 1 Vulnerability: CVE-2022-22780
  42. 42. Q & A
  43. 43. Copyright © 2022 Ivanti. All rights reserved. Thank You!

×