More Related Content Similar to 2023 February Patch Tuesday (20) 2023 February Patch Tuesday4. Copyright © 2023 Ivanti. All rights reserved.
February Patch Tuesday 2023
February 2023 Patch Tuesday includes fixes for 76 CVEs from Microsoft, 3 of which are zero-day vulnerabilities, and
updates from Mozilla for Firefox and Firefox ESR. Also check on recent updates from Google, Apple, Oracle, and other
third-party updates released since January Patch Tuesday.
6. Copyright © 2023 Ivanti. All rights reserved.
In the News
▪ iOS and iPadOS Zero Day (CVE-2023-23529)
▪ https://techcrunch.com/2023/02/13/apple-releases-new-fix-for-iphone-zero-day-exploited-by-
hackers/
▪ https://www.pcmag.com/news/update-now-apple-ships-fix-for-zero-day-vulnerability-mac-iphone-ipad
▪ GoAnywhere MFT under attack by Clop Ransomware
▪ https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-
goanywhere-zero-day/
▪ https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-exploited-goanywhere-mft-
zero-day/
▪ VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware
Spree
▪ https://thehackernews.com/2023/02/vmware-finds-no-evidence-of-0-day-flaw.html
▪ Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for
peanuts’
▪ https://portswigger.net/daily-swig/researcher-drops-lexmark-rce-zero-day-rather-than-sell-vuln-for-peanuts
7. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerabilities
▪ CVE-2023-21715 Microsoft Publisher Security Features Bypass
Vulnerability
▪ CVSS 3.1 Scores: 7.3 / 6.4
▪ Severity: Important
▪ Microsoft 365 Applications for Enterprise (32- and 64-bit systems)
▪ An attacker who successfully exploited this vulnerability could bypass Office macro policies
used to block untrusted or malicious files.
▪ CVE-2023-21823 Windows Graphics Component Remote Code Execution
Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 7.5
▪ Severity: Important
▪ Impacts all Windows workstation and server operating systems
▪ An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
8. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerabilities
▪ CVE-2023-23376 Windows Common Log File System Driver Elevation of
Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 6.8
▪ Severity: Important
▪ Impacts all Windows workstation and server operating systems
▪ An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
9. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
▪ Advisory 990001 Latest Servicing Stack Updates (SSU)
▪ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
▪ Windows Server 2012
▪ Azure and Development Tool Updates
▪ .NET 6.0
▪ .NET 7.0
▪ Azure Data Box Gateway
▪ Azure DevOps Servers
▪ Azure Machine Learning
▪ Azure Stack Edge
▪ Visual Studio 2017 (multiple)
▪ Visual Studio 2019 (multiple)
▪ Visual Studio 2022 (multiple)
Source: Microsoft
10. Copyright © 2023 Ivanti. All rights reserved.
Server 2012/2012 R2 EOL is Coming
▪ Lifecycle Fact Sheet
▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft
11. Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 5/13/2025
21H2 11/16/2021 6/11/2024
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 5/14/2024
21H2 11/16/2021 6/13/2023
Windows Server
Version Release Date End of Support Date
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
Version Release Date End of Support Date
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
▪ Lifecycle Fact Sheet
▪ https://docs.microsoft.com/en-us/lifecycle/faq/windows
12. Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
▪ Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
14. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-05: Security Update Firefox 110
▪ Maximum Severity: Critical (High)
▪ Affected Products: Security Update Firefox
▪ Description: This update from Mozilla addresses security vulnerabilities in the Firefox
browser on multiple platforms.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing and Information Disclosure
▪ Fixes 19 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ for complete details.
▪ Restart Required: Requires application restart
▪ Known Issues: None
15. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-06: Security Update Firefox ESR 102.8
▪ Maximum Severity: Critical (High)
▪ Affected Products: Security Update Firefox ESR
▪ Description: This update from Mozilla addresses security vulnerabilities in the Firefox
ESR browser on multiple platforms.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing and Information Disclosure
▪ Fixes 14 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/ for complete details.
▪ Restart Required: Requires application restart
▪ Known Issues: None
16. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-W11: Windows 11 Update
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
▪ Description: This bulletin references KB 5022836 (21H2) and KB 5022845 (22H2).
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege,
Information Disclosure
▪ Fixes 33 Vulnerabilities: CVE-2023-21823 and CVE-2023-23376 are known
exploited. See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
17. Copyright © 2023 Ivanti. All rights reserved.
February Known Issues for Windows 11
▪ KB 5022845 – Windows 11 version 22H2
▪ [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
▪ [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than
expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools
that do not use cache manager (buffered I/O). See KB for multiple mitigations.
Microsoft is working on a resolution.
▪ [Missing UUP] Updates released February 14, 2023 or later might download to WSUS
but not propagate further to client devices. Affected WSUS servers are only those
running Windows Server 2022 which have been upgraded and are missing the Unified
Update Platform (UUP) MIME types Microsoft Configuration Manager is not affected
by this issue. Workaround: See KB on how to add the UUP file types to the WSUS
systems. Microsoft is working on a resolution.
18. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-W10: Windows 10 Update
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
▪ Description: This bulletin references 5 KB articles. See KBs for the list of changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, Information Disclosure
▪ Fixes 36 Vulnerabilities: CVE-2023-21823 and CVE-2023-23376 are known
exploited. See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
19. Copyright © 2023 Ivanti. All rights reserved.
February Known Issues for Windows 10
▪ KB 5022840 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
▪ [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
▪ KB 5022842 – Windows Server 2022
▪ [Missing UUP]
20. Copyright © 2023 Ivanti. All rights reserved.
February Known Issues for Windows 10 (cont)
▪ KB 5022834 – Windows 10 Enterprise and Education version 20H2,
Windows 10 IoT Enterprise version 20H2, Windows 10 on Surface Hub
Windows 10 version 21H1, Windows 10 version 21H2, Windows 10
version 22H2
▪ [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the custom
offline media or ISO image before slipstreaming the LCU. Or install Microsoft Edge
if you have encountered affected media. See KB for details.
21. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-MR8: Monthly Rollup for Server 2012
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows Server 2012 and IE
▪ Description: This cumulative security update contains improvements that are part of update
KB 5022348 (released January 10, 2023). Bulletin is based on KB 5022903.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
▪ Fixes 33 Vulnerabilities : CVE-2023-21823 and CVE-2023-23376 are known exploited.
See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
22. Copyright © 2023 Ivanti. All rights reserved.
February Known Issues for Server 2012
▪ KB 5022903 – Windows Server 2012 (Monthly Rollup)
▪ [Domain Join] After this update or a later Windows update is installed, domain join
operations might be unsuccessful and error "0xaac (2732):
NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An
account with the same name exists in Active Directory. Re-using the account was
blocked by security policy" might be displayed. Workaround: Microsoft has added
guidance to KB 5020276 and is evaluating whether optimizations can be made in a
future Windows Update.
▪ KB 5022895 – Windows Server 2012 (Security-only Update)
▪ [Domain Join]
23. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-SO8: Security-only Update for Windows Server 2012
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows Server 2012
▪ Description: Bulletin is based on KB 5022895.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege,
Information Disclosure
▪ Fixes 32 Vulnerabilities : CVE-2023-21823 and CVE-2023-23376 are known
exploited. See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: [Domain Join]
24. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-MR81: Monthly Rollup for Server 2012 R2
▪ Maximum Severity: Critical
▪ Affected Products: Server 2012 R2 and IE
▪ Description: This cumulative security update includes improvements that are part of update
KB 5022352 (released January 10, 2023). Bulletin is based on KB 5022899.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
▪ Fixes 33 Vulnerabilities: CVE-2023-21823 and CVE-2023-23376 are known exploited. See
the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: [Domain Join]
NOTE: Windows 8.1 reached EOS on January 10, 2023.
25. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-SO81: Security-only for Server 2012 R2
▪ Maximum Severity: Critical
▪ Affected Products: Server 2012 R2
▪ Description: Bulletin is based on KB 5022894.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
▪ Fixes 32 Vulnerabilities: CVE-2023-21823 and CVE-2023-23376 are known exploited.
See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: [Domain Join]
NOTE: Windows 8.1 reached EOS on January 10, 2023.
26. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-SPT: Security Updates for SharePoint Server
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves remote code and elevation of privilege
vulnerabilities. This bulletin is based on 9 KB articles.
▪ Impact: Remote Code Execution, Elevation of Privilege
▪ Fixes 2 Vulnerabilities: CVE-2023-21716 and CVE-2023-21717 are not publicly
disclosed or known exploited.
▪ Restart Required: Requires restart
▪ Known Issues: None reported
27. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
▪ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution, Information Disclosure
▪ Fixes 3 Vulnerabilities: CVE-2023-21714, CVE-2023-21715, and CVE-2023-
21716. CVE-2023-21715 is known exploited.
▪ Restart Required: Requires application restart
▪ Known Issues: None reported
28. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-OFF: Security Updates for Microsoft Office
▪ Maximum Severity: Critical
▪ Affected Products: Office 2019 for Mac, Office LTSC 2021 for Mac, Office Online
Server and Word 2013 & 2016
▪ Description: This security update resolves a security issue in Microsoft Word
whereby a malicious RTF file can exploit the Preview Pane. This bulletin references 4
KB articles, and release notes for the Mac updates.
▪ Impact: Remote Code Execution
▪ Fixes 1 Vulnerability: CVE-2023-21716 is not publicly disclosed or known
exploited.
▪ Restart Required: Requires application restart
▪ Known Issues: None reported
29. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-SQL: Security Updates for SQL Server
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft SQL Server 2014 SP3, SQL Server 2016 SP3, SQL
Server 2017, SQL Server 2019, SQL Server 2022
▪ Description: This security update fixes several remote code execution
vulnerabilities which are present in varying numbers in all versions of Microsoft SQL
Server. This bulletin is based on 9 KB articles. Please consult the appropriate KB
article to see which CVEs were addressed in each SQL server release.
▪ Impact: Remote Code Execution
▪ Fixes 6 Vulnerabilities: CVE-2023-21528, CVE-2023-21568, CVE-2023-21704,
CVE-2023-21705, CVE-2023-21713, and CVE-2023-21718 are not publicly disclosed
or known exploited.
▪ Restart Required: Requires restart
▪ Known Issues: None reported
30. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-EXCH: Security Updates for Exchange Server
▪ Maximum Severity: Important
▪ Affected Products: Microsoft Exchange Server 2013 CU23, Exchange
Server 2016 CU23, and Exchange Server 2019 CU11 & CU12.
▪ Description: This security update rollup resolves remote code execution
issues in Microsoft Exchange Server. This bulletin is based on KB 5023038.
▪ Impact: Remote Code Execution
▪ Fixes 4 Vulnerabilities: CVE-2023-21529, CVE-2023-21706, CVE-2023-
21707 and CVE-2023-21710 are not publicly disclosed or known exploited.
▪ Restart Required: Requires restart
▪ Known Issues: None reported
31. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-IE: Security Updates for Internet Explorer
▪ Maximum Severity: Important
▪ Affected Products: Internet Explorer 11
▪ Description: The improvements that are included in this update are also included in
the February 2023 Security Monthly Quality Rollup for Server 2012 and Server 2012
R2. Installing either this update or the Security Monthly Quality Rollup installs the
same improvements. Internet Explorer 11 has reached the end of servicing as of June
15, 2022 for certain operating systems. This bulletin references KB 5022835.
▪ Impact: Remote Code Execution
▪ Fixes 1 Vulnerability: CVE-2023-21805 is not publicly disclosed or known
exploited.
▪ Restart Required: Requires browser restart
▪ Known Issues: None reported
32. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-MRNET: Monthly Rollup for Microsoft .NET
▪ Maximum Severity: Important
▪ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
▪ Description: This security update addresses a vulnerability in the MSDIA SDK where
an untrusted pointer dereference can cause memory corruption and a vulnerability
where the Visual Studio WMI Setup Provider Installer can be used by a low level, local
attacker to corrupt local files. This bulletin references 18 KB articles.
▪ Impact: Remote Code Execution, Denial of Service
▪ Fixes 2 Vulnerabilities: CVE-2023-21722 and CVE-2023-21808 are not publicly
disclosed or known exploited.
▪ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
▪ Known Issues: After installing this update, WPF apps may have a change in
behavior. For more information about this issue, see KB 5022083.
33. Copyright © 2023 Ivanti. All rights reserved.
MS23-02-SONET: Security-only Update for Microsoft .NET
▪ Maximum Severity: Important
▪ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
▪ Description: This security update addresses a vulnerability in the MSDIA SDK where
an untrusted pointer dereference can cause memory corruption and a vulnerability
where the Visual Studio WMI Setup Provider Installer can be used by a low level, local
attacker to corrupt local files. This bulletin references 18 KB articles.
▪ Impact: Remote Code Execution, Denial of Service
▪ Fixes 2 Vulnerabilities: CVE-2023-21722 and CVE-2023-21808 are not publicly
disclosed or known exploited.
▪ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
▪ Known Issues: After installing this update, WPF apps may have a change in
behavior. For more information about this issue, see KB 5022083.
35. Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
▪ Security Updates (with CVEs): Google Chrome (2), Azul Zulu (3), Corretto (3), Eclipse Adoptium
(3), Firefox (1), Firefox ESR (1), GIT for windows (1), Java 8 Update (1), Java Development Kit 11 (1), Java
Development Kit 17 (1), VirtualBox (2), VMware Workstation Player (1), VMware Workstation Pro (1)
▪ Security (w/o CVEs): Adobe Acrobat and Reader 2022 Classic (1), Adobe Acrobat DC and Acrobat
Reader DC (1), Apache Tomcat (2), CCleaner (1), ClickShare App Machine-Wide Installer (2), Falcon Sensor
for Windows (1), Citrix Workspace App (1), Docker for Windows (3), Dropbox (2), Evernote (2), Firefox (1),
FileZilla Client (1), GoodSync (1), LibreOffice (1), Malwarebytes (2), Node.JS (Current) (2), Node.JS (LTS
Upper) (1), Notepad++ (1), Opera (3), Paint.net (1), Plantronics Hub (1), Plex Media Server (1), Python (2),
PeaZip (1), Royal TS (2), SeaMonkey (1), Snagit (1), Tableau Desktop (4), Tableau Prep Builder (2),
Thunderbird (3), TortoiseGit (1), TeamViewer (2), UltraVNC (2), VMware Horizon Client (1), WinSCP (1),
Wireshark (2), WinRAR (1), Zoom Client (2), Zoom Outlook Plugin (1), Zoom Rooms Client (1)
▪ Non-Security Updates: AIMP (2), Amazon WorkSpaces (1), Beyond Compare (1), Box Drive (1),
Camtasia (1), Google Drive File Stream (2), GeoGebra Classic (3), BlueJeans (1), KeePass Pro (1),
NextCloud Desktop Client (4), Plantronics Hub (1), Password Safe (1), RingCentral App (Machine-Wide
Installer) (2), RealVNC Server (2), TreeSize Free (1), RealVNC Viewer (2), Cisco WebEx Teams (1),
WinMerge (1), XnView (1)
36. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information
▪ Google Chrome 109.0.5414.120
▪ CHROME-230124, QGC10905414120
▪ Fixes 4 Vulnerabilities: CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-
2023-0474
▪ Google Chrome 110.0.5481.78
▪ CHROME-230207, QGC1100548178
▪ Fixes 10 Vulnerabilities: CVE-2023-0696, CVE-2023-0697, CVE-2023-0698, CVE-
2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703,
CVE-2023-0704, CVE-2023-0705
▪ GIT for Windows 2.39.1.1
▪ GIT-230117, QGIT23911
▪ Fixes 3 Vulnerabilities: CVE-2022-23521, CVE-2022-41903, CVE-2022-41953
37. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ Java Development Kit 17 Update 17.0.6
▪ JDK17-230117, QJDK1706
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Java Development Kit 11 Update 11.0.18
▪ JDK11-230117, QJDK11018
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Java 8 Update 361 – JRE and JDK
▪ JAVA8-230117, QJDK8U361
▪ Fixes 2 Vulnerabilities: CVE-2023-21830, CVE-2023-21843
38. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ Azul Zulu 17.40.19 (17.0.6)
▪ ZULU17-230214, QZULUJDK174019
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Azul Zulu 11.62.17 (11.0.18)
▪ ZULU11-230118, QZULUJDK116217
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Azul Zulu 8.64.0.15 (8u342) – JRE and JDK
▪ ZULU8-230118, QZULUJDK868019
▪ ZULU8-230118, QZULUJDK868019
▪ Fixes 2 Vulnerabilities: CVE-2023-21830, CVE-2023-21843
39. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ Eclipse Adoptium 17.0.6.10
▪ ECL17-230120, QECLJDK170610
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Eclipse Adoptium 11.0.18.10
▪ ECL11-230120, QECLJDK1101810
▪ Fixes 2 Vulnerabilities: CVE-2023-21835, CVE-2023-21843
▪ Eclipse Adoptium 8.0.362.9 – JRE and JDK
▪ ECL8-230123, QECLJRE803629
▪ ECL8-230123, QECLJDK803629
▪ Fixes 2 Vulnerabilities: CVE-2023-21830, CVE-2023-21843
40. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ VirtualBox 6.1.42
▪ OVB61-230117, QOVB6142
▪ Fixes 6 Vulnerabilities: CVE-2023-21884, CVE-2023-21885, CVE-2023-21886, CVE-
2023-21889, CVE-2023-21898, CVE-2023-21899
▪ VirtualBox 7.0.6
▪ OVB70-230117, QOVB706
▪ Fixes 6 Vulnerabilities: CVE-2023-21884, CVE-2023-21885, CVE-2023-21886, CVE-
2023-21889, CVE-2023-21898, CVE-2023-21899
▪ VMware Workstation Player 17.0.1
▪ VMWP17-230206, QVMWP1701
▪ Fixes 1 Vulnerability: CVE-2023-20854
▪ VMware Workstation 17.0.1 Pro
▪ VMWW17-230206, QVMWW1701
▪ Fixes 1 Vulnerability: CVE-2023-20854
41. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ Corretto 17.0.6.1
▪ CRTO17-230214, QCRTOJDK1706
▪ Fixes 3 Vulnerabilities: CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
▪ Corretto 11.0.18.10.1
▪ CRTO11-230118, QCRTOJDK11018
▪ Fixes 3 Vulnerabilities: CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
▪ Corretto 8.362.08.1 – JRE and JDK
▪ CRTO8-230118, QCRTOJRE8362
▪ CRTO8-230118, QCRTOJDK8362
▪ Fixes 3 Vulnerabilities: CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
42. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
▪ Firefox 109.0
▪ FF-230117, QFF1090
▪ Fixes 10 Vulnerabilities: CVE-2023-23597, CVE-2023-23598, CVE-2023-23599, CVE-
2023-23600, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-
23604, CVE-2023-23605, CVE-2023-23606
▪ Firefox ESR 102.7.0
▪ FFE-230117, QFFE10270
▪ Fixes 8 Vulnerabilities: CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-
2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-
23605
43. Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
▪ Security Updates (with CVEs): Google Chrome (2), Firefox (1), Firefox ESR (1), Safari (1), macOS
Big Sur (1), macOS Monterey (1), Microsoft Edge (4), SeaMonkey (1), Thunderbird (2)
▪ Non-Security Updates: 1Password (1), Adobe Acrobat DC and Acrobat Reader DC (1), BBEdit (1),
BetterTouchTool (2), Calendar 366 II (1), Dropbox (3), Firefox (1), Google Drive (1), HandBrake (1),
LibreOffice (3), Opera (1), Skype (2), Thunderbird (1), Microsoft Teams (1), Visual Studio Code (1), Zoom
Client (3)
44. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information
▪ macOS Big Sur 11.7.3
▪ HT213603
▪ Fixes 8 Vulnerabilities: CVE-2022-35252, CVE-2023-23497, CVE-2023-23499, CVE-
2023-23505, CVE-2023-23508, CVE-2023-23513, CVE-2023-23517, CVE-2023-
23518
▪ macOS Monterey 12.6.3
▪ HT213604
▪ Fixes 18 Vulnerabilities: CVE-2022-32221, CVE-2022-32915, CVE-2022-35252, CVE-
2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-
23497, CVE-2023-23499, CVE-2023-23502, CVE-2023-23504, CVE-2023-23505,
CVE-2023-23507, CVE-2023-23508, CVE-2023-23511, CVE-2023-23513, CVE-2023-
23517, CVE-2023-23518
▪ Safari 16.3
▪ HT213600
▪ Fixes 3 Vulnerabilities: CVE-2023-23496, CVE-2023-23517, CVE-2023-23518
45. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information
▪ Google Chrome 109.0.5414.119
▪ CHROMEMAC-230124
▪ Fixes 4 Vulnerabilities: CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-
2023-0474
▪ Microsoft Edge 109.0.1518.70
▪ MEDGEMAC-230126
▪ Fixes 4 Vulnerabilities: CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-
2023-0474
▪ Google Chrome 110.0.5481.77
▪ CHROMEMAC-230207
▪ Fixes 10 Vulnerabilities: CVE-2023-0696, CVE-2023-0697, CVE-2023-0698, CVE-
2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703,
CVE-2023-0704, CVE-2023-0705
46. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
▪ Firefox 109.0
▪ FF-230117
▪ Fixes 10 Vulnerabilities: CVE-2023-23597, CVE-2023-23598, CVE-2023-23599, CVE-
2023-23600, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-
23604, CVE-2023-23605, CVE-2023-23606
▪ Firefox ESR 102.7.0
▪ FFE-230117
▪ Fixes 8 Vulnerabilities: CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-
2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-
23605
47. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
▪ SeaMonkey 2.53.15
▪ SM-230124
▪ Fixes 30 Vulnerabilities: CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-
2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-
11729, CVE-2019-11730, CVE-2019-9811, CVE-2022-45403, CVE-2022-45404, CVE-
2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-
45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418,
CVE-2022-45420, CVE-2022-45421, CVE-2022-46872, CVE-2022-46874, CVE-2022-
46875, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
▪ Thunderbird 102.7.0
▪ TB-230124
▪ Fixes 8 Vulnerabilities: CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-
2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-
23605