SlideShare a Scribd company logo

August Patch Tuesday Webinar Summary

Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Technology
1 of 49
Download to read offline
Patch Tuesday Webinar Wednesday, August 9, 2023 Hosted by Chris Goettl and Todd Schell
Agenda August 2023 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2023 Ivanti. All rights reserved. August Patch Tuesday 2023 Microsoft has released updates resolving 74 new CVEs this month, one of which is confirmed exploited and six are rated by Microsoft as Critical. Microsoft also updated CVE-2023-36884 released in July to split the Office products out into a separate Defense in Depth Advisory (ADV230003). Besides the OS and Office updates, Microsoft has updates for Exchange Server, .NET, Azure, SQL Server, and Teams making for a significant lineup this August. Additional updates from Google Chrome released on August 3 and Microsoft Edge (Chromium) updated on August 7 along with Adobe Acrobat and Reader should also be included in your update activities this month.
In the News
Copyright © 2023 Ivanti. All rights reserved. In the News § iPhone Users Urged to Update to Patch 2 Zero-Days § https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days- under-attack/180448/ § Apple Users See Big Mac Attack, Says Accenture § https://www.darkreading.com/attacks-breaches/accenture-sees-big-mac- attacks § Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised § https://www.darkreading.com/vulnerabilities-threats/citrix-zero-day-update- 7000-instances-exposed-460-compromised § Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits § https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as- threat-actors-pivot-to-zero-day-exploits
Copyright © 2023 Ivanti. All rights reserved. Ivanti Endpoint Manager Mobile (Core) § Exploited vulnerabilities CVE-2023-35078 and CVE-2023-35081 § Publicly Disclosed CVE-2023-35082 § Remediation § Update to latest version to resolve CVE-2023-35078 and CVE-2023-35081 Upgrade EPMM with patch releases (11.8.1.2, 11.9.1.2 and 11.10.0.3) from system manager portal § Run RPM Script to resolve CVE-2023-35082 § EPMM Unsupported Releases (<11.8.1.1) Upgrade to the latest version of EPMM to ensure you have the latest security and stability fixes. More information about upgrading can be found here: https://help.ivanti.com/mi/help/en_us/core/11.x/rn/CoreConnectorReleaseNot es/Support_and_compatibility.htm
Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-36884 Windows Search Remote Code Execution Vulnerability § This CVE was re-issued from July 2023 § CVSS 3.1 Scores: 7.5 / 7.0 § Severity: Important § All currently supported operating systems § Per Microsoft - Updated affected software to include just Windows products with links to August 2023 security updates. Adjusted information in the FAQs. The Office updates are documented in ADV230003.
Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability § CVE-2023-38180 .NET and Visual Studio Denial of Service Vulnerability § CVSS 3.1 Scores: 7.5 / 6.7 § Severity: Important § Microsoft Visual Studio 2022 versions 17.2, 17.4 and 17.6 § .NET 6.0 and 7.0 § ASP.NET Core 2.1
Copyright © 2023 Ivanti. All rights reserved. Microsoft Security Advisories § Advisory 190023 – Guidance for Enabling LDAP Channel Binding and LDAP Signing § Notice that updates are available for Windows Server 2022 and Windows Server 2022 (Server Core installation) to audit client machines that cannot utilize LDAP channel binding tokens via events on Active Directory domain controllers. The updates add the capability to enable CBT events 3074 & 3075 with event source Microsoft-Windows-ActiveDirectory_DomainService in the Directory Service event log. § Advisory 230001 - Guidance on Microsoft Signed Drivers Being Used Maliciously § Notice of additional untrusted drivers and driver signing certificates added to the Windows Driver.STL revocation list.
Copyright © 2023 Ivanti. All rights reserved. Microsoft Security Advisories (cont) § Advisory 230003 – Microsoft Office Defense in Depth Update § This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023. § Advisory 230004 - Memory Integrity System Readiness Scan Tool Defense in Depth Update § The Memory Integrity System Readiness Scan Tool (hvciscan_amd64.exe and hvciscan_arm64.exe) is used to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity (HVCI). The original version was published without a RSRC section, which contains resource information for a module. The new version addresses this issue. Please see Driver compatibility with memory integrity and VBS for more information.
Copyright © 2023 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest § Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 § Windows Server 2012 and 2012 R2 § Azure and Development Tool Updates § .NET 6.0 § .NET 7.0 § ASP.NET Core 2.1 § Azure DevOps Server 2019 § Azure DevOps Server 2022 § Azure HDInsights § Visual Studio 2017 v15.9 § Visual Studio 2019 v16.11 § Visual Studio 2022 (multiple) Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 21H2 11/16/2021 6/11/2024 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 2019 11/13/2019 1/9/2024 Windows 11 Home and Pro Version Release Date End of Support Date 22H2 9/20/2022 10/8/2024 21H2 10/4/2021 10/10/2023 § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2023 Ivanti. All rights reserved. Patch Content Announcements § Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2023 Ivanti. All rights reserved. APSB23-30: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020) § Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 30 vulnerabilities, 16 of which are rated critical. Successful exploitation could lead to arbitrary code execution in the context of the current user among other impacts. See https://helpx.adobe.com/security/products/acrobat/apsb23-30.html for more details. § Impact: Successful exploitation could lead to arbitrary code execution, application denial of service, security feature bypass and memory leak according to Adobe. § Fixes 30 Vulnerabilities: See Adobe site for details § Restart Required: Requires application restart
Copyright © 2023 Ivanti. All rights reserved. MS23-08-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium § Description: This bulletin references KB 5029253 (21H2) and KB 5029263 (22H2). § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 33 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 11 § KB 5029263 – Windows 11 version 22H2 § [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution.
Copyright © 2023 Ivanti. All rights reserved. MS23-08-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 6 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 33 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 10 § KB 5029247 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont) § KB 5029250 – Windows Server 2022 § [ESXi Fail] After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to mitigate this issue. Microsoft and VMware are investigating this issue and will provide more information when it is available.
Copyright © 2023 Ivanti. All rights reserved. MS23-08-MR8: Monthly Rollup for Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 and IE § Description: This cumulative security update contains improvements that are part of update KB 5028232 (released July 11, 2023). Bulletin is based on KB 5029295. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 24 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-SO8: Security-only Update for Windows Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 § Description: This security update is based on KB 5029308. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 24 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-MR81: Monthly Rollup for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 and IE § Description: This cumulative security update includes improvements that are part of update KB 5028228 (released July 11, 2023). . Bulletin is based on KB 5029312. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 25 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved. MS23-08-SO81: Security-only for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 § Description: This security update is based on KB 5029304. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing Elevation of Privilege, and Information Disclosure § Fixes 25 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved. MS23-08-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Maximum Severity: Critical § Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Spoofing, Defense in Depth § Fixes 8 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. Advisory 230003 Microsoft Office Defense in Depth Update identifies updates required to stop chain attacks which can exploit CVE-2023-36884. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-OFF: Security Updates for Microsoft Office § Maximum Severity: Critical § Affected Products: Excel, Office, Outlook, Powerpoint, Project, Publisher, Visio, and Word (all 2103 & 2016), Office Online Server, Office 2019 & LTSC 2021 for Mac, and Teams § Description: This security update resolves multiple security issues in Microsoft Office suite. This bulletin references 17 KB articles and release notes for the Mac updates. § Impact: Remote Code Execution, Spoofing, Defense in Depth § Fixes 6 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. Advisory 230003 Microsoft Office Defense in Depth Update identifies updates required to stop chain attacks which can exploit CVE-2023-36884. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-IE: Security Updates for Internet Explorer § Maximum Severity: Important § Affected Products: Internet Explorer 11 § Description: The improvements that are included in this Internet Explorer update are also included in the August 2023 Security Monthly Quality Rollup. Installing either this Internet Explorer update or the Security Monthly Quality Rollup installs the same improvements. This bulletin references KB 5029243. § Impact: Security Feature Bypass § Fixes 1 Vulnerability: CVE-2023-35384 is fixed in this update and is not known exploited or publicly disclosed. § Restart Required: Requires browser restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-SPT: Security Updates for SharePoint Server § Maximum Severity: Important § Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This update corrects an issue where an attacker could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. This bulletin is based on 5 KB articles. § Impact: Spoofing, Information Disclosure § Fixes 4 Vulnerabilities: This update addresses CVE-2023-36890, CVE-2023- 36891, CVE-2023-36892 and CVE-2023-36894 which are not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-EXCH: Security Updates for Exchange Server § Maximum Severity: Important § Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU11 & CU12. § Description: This security update rollup resolves multiple security issues in Microsoft Exchange Server. This bulletin is based on KB 5029388. § Impact: Remote Code Execution, Spoofing, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2023-21709, CVE-2023-35368, CVE-2023- 35388, CVE-2023-38181, CVE-2023-38182, and CVE-2023-38185 are not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: After this update is installed, webpage previews for URLs that are shared in Outlook on the web (OWA) are not rendered correctly.
Copyright © 2023 Ivanti. All rights reserved. MS23-08-SQL: Security Updates for SQL Server § Maximum Severity: Important § Affected Products: Microsoft SQL Server 2019 CU21 and SQL Server 2022 CU5 § Description: This security update fixes an issue whereby an attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely. This bulletin is based on 2 KB articles. § Impact: Remote Code Execution § Fixes 1 Vulnerability: CVE-2023-38169 is not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-MRNET: Monthly Rollup for Microsoft .NET § Maximum Severity: Important § Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1 § Description: This security update addresses a vulnerability in applications on IIS using their parent application’s Application Pool which can lead to privilege escalation or other security bypasses. It also addresses a vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. This bulletin references 17 KB articles. § Impact: Spoofing, Elevation of Privilege § Fixes 2 Vulnerabilities: CVE-2023-36873 and CVE-2023-36899 are not publicly disclosed or known exploited. § Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-08-SONET: Security-only Update for Microsoft .NET § Maximum Severity: Important § Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1 § Description: This security update addresses a vulnerability in applications on IIS using their parent application’s Application Pool which can lead to privilege escalation or other security bypasses. It also addresses a vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. This bulletin references 17 KB articles. § Impact: Spoofing, Elevation of Privilege § Fixes 2 Vulnerabilities: CVE-2023-36873 and CVE-2023-36899 are not publicly disclosed or known exploited. § Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. § Known Issues: None reported
Between Patch Tuesdays
Copyright © 2023 Ivanti. All rights reserved. Windows Release Summary § Security Updates (with CVEs): Azul Zulu (3), Google Chrome (2), Corretto (3), Firefox (1), Firefox ESR (2), Java 8 Update (1), Java Development Kit 11 (1), Java Development Kit (1), Nitro Pro (1), Nitro Pro Enterprise (1), RedHat OpenJDK (3), SeaMonkey (1), Thunderbird (1) § Security Updates (w/o CVEs): CCleaner (1), Google Chrome (2), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Eclipse Adoptium 8 (1), Eclipse Adoptium 11 (1), Eclipse Adoptium 17 (1), Evernote (1), Firefox (2), Firefox ESR (1), Foxit PDF Reader Consumer (1), GoodSync (2), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Node.JS (Current) (1), Node.JS (LTS Upper) (1), Opera (3), VirtualBox (2), Paint.net (1), Pulse Secure VPN Desktop Client (1), Royal TS (2), Skype (1), Slack Machine-Wide Installer (1), Tableau Desktop (4), Thunderbird (1), TeamViewer (3), WinRAR (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom Rooms Client (1), Zoom VDI (1) § Non-Security Updates: AIMP (1), BlueBeam Revu (1), Box Drive (1), Bitwarden (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (2), Inkscape (1), BlueJeans (2), NextCloud Desktop Client (1), PDF24 Creator (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), WeCom (2), WinMerge (1)
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information § Google Chrome 115.0.5790.99 § CHROME-230719, QGC1150579099 § Fixes 11 Vulnerabilities: CVE-2023-3727, CVE-2023-3728, CVE-2023-3730, CVE- 2023-3736, CVE-2023-3732, CVE-2023-3738, CVE-2023-3733, CVE-2023-3734, CVE-2023-3735, CVE-2023-3737, CVE-2023-3740 § Google Chrome 115.0.5790.171 § CHROME-230803, QGC11505790171 § Fixes 11 Vulnerabilities: CVE-2023-4068, CVE-2023-4071, CVE-2023-4069, CVE- 2023-4072, CVE-2023-4070, CVE-2023-4073, CVE-2023-4078, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Java Development Kit 17 Update 17.0.8 § JDK17-230718, QJDK1708 § Fixes 8 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22044, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22051, CVE-2023-25193 § Java Development Kit 11 Update 11.0.20 § JDK11-230718, QJDK11020 § Fixes 6 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193 § Java 8 Update 381 – JRE and JDK § JAVA8-230718, QJDK8U381 and QJRE8U381 § Fixes 5 Vulnerabilities: CVE-2023-22043, CVE-2023-22041, CVE-2023-22044, CVE-2023-22049, CVE-2023-22045
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Azul Zulu 17.44.15 (17.0.8) Note: FX version of JDK also now supported § ZULU11-230719, QZULUJDK174415 and QZULUJRE174415 § Fixes 9 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE- 2023-22049, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023- 22051, CVE-2023-25193 § Azul Zulu 11.66.15 (11.0.20) Note: FX version of JDK also now supported § ZULU11-230719, QZULUJDK116615 and QZULUJRE116615 § Fixes 8 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22043, CVE- 2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22051, CVE-2023-25193 § Azul Zulu 8.72.0.17 (8u382) Note: FX version of JDK also now supported § ZULU8-230719, QZULUJDK872017 and QZULUJRE872017 § Fixes 3 Vulnerabilities: CVE-2023-22043, CVE-2023-22045, CVE-2023-22049
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Corretto 17.0.8.7.1 § CRTO17-230719, QCRTOJDK1708 § Fixes 7 Vulnerabilities: CVE-2023-22006, CVE-2023-22041, CVE-2023-22036, CVE- 2023-22049, CVE-2023-22044, CVE-2023-25193, CVE-2023-22045 § Corretto 11.0.20.8.1 § CRTO11-230719, QCRTOJDK11020 § Fixes 6 Vulnerabilities: CVE-2023-22041, CVE-2023-22006, CVE-2023-22049, CVE- 2023-22036, CVE-2023-22045, CVE-2023-25193 § Corretto 8.382.05.1 – JRE and JDK § CRTO8-230719, QCRTOJRE8382 § CRTO8-230719, QCRTOJDK8382 § Fixes 3 Vulnerabilities: CVE-2023-22043, CVE-2023-22045, CVE-2023-22049
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § RedHat OpenJDK 17.0.8.0 – JRE and JDK § RHTJDK17-230721, QRHTJDK170807 § RHTJDK17-230721, QRHTJRE170807 § Fixes 7 Vulnerabilities: CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE- 2023-22044, CVE-2023-22049, CVE-2023-22045, CVE-2023-25193 § RedHat OpenJDK 11.0.20.8 – JRE and JDK § RHTJDK11-230721, QRHTJDK110208 § RHTJDK11-230721, QRHTJRE110208 § Fixes 6 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22045, CVE- 2023-22041, CVE-2023-22049, CVE-2023-25193 § RedHat OpenJDK 8.0.382 § RHTJDK8-230721, QRHTJDK180382 § Fixes 2 Vulnerabilities: CVE-2023-22045, CVE-2023-22049
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Firefox 116.0 § FF-230801, QFF1160 § Fixes 14 Vulnerabilities: CVE-2023-4047, CVE-2023-4051, CVE-2023-4053, CVE- 2023-4054, CVE-2023-4045, CVE-2023-4057, CVE-2023-4046, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023- 4056, CVE-2023-4058 § Firefox ESR 115.1.0 § FFE115-230801, QFFE11510 § Fixes 11 Vulnerabilities: CVE-2023-4047, CVE-2023-4049, CVE-2023-4045, CVE- 2023-4054, CVE-2023-4046, CVE-2023-4057, CVE-2023-4048, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023-4056 § Firefox ESR 102.14.0 § FFE-230801, QFFE102140 § Fixes 9 Vulnerabilities: CVE-2023-4045, CVE-2023-4047, CVE-2023-4054, CVE- 2023-4046, CVE-2023-4055, CVE-2023-4048, CVE-2023-4056, CVE-2023-4049, CVE-2023-4050
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Nitro Pro 13.70.7.60 § NITRO-230801, QNITRO1370760 § Fixes 1 Vulnerability: CVE-2023-36664 § Nitro Pro Enterprise 13.70.7.60 § NITROE-230801, QNITROE1370760 § Fixes 1 Vulnerability: CVE-2023-36664 § SeaMonkey 2.53.17 § SM-230804, QSM25317 § Fixes 10 Vulnerabilities: CVE-2023-11709, CVE-2023-11712, CVE-2023-11711, CVE- 2023-11729, CVE-2023-11713, CVE-2023-11730, CVE-2023-11715, CVE-2023- 11717, CVE-2023-11719, CVE-2023-9811 § Thunderbird 115.0.1 § TB-230720, QTB11501 § Fixes 2 Vulnerabilities: CVE-2023-3417, CVE-2023-3600
Copyright © 2023 Ivanti. All rights reserved. Apple Release Summary § Security Updates (with CVEs): Apple Venture macOS (1), Apple Big Sur macOS (1), Apple Monterey macOS (1), Apple Safari (1), Google Chrome (2), Microsoft Edge (1), Firefox (1), Firefox ESR (1), Thunderbird (1) § Security Updates (w/o CVEs): Google Chrome (1), Firefox ESR (1), Slack (1), SeaMonkey (1) § Non-Security Updates: 1Password (1), Alfred (1), aText (1), Google Chrome (1), Data Rescue (1), Docker Desktop for Mac (2), Dropbox (2), Evernote (1), Firefox (2), Firefox ESR (1), Google Drive (1), Grammarly (4), Inkscape (1), LibreOffice (1), Microsoft Edge (1), Skype (1), Spotify (2), Sublime Text Build (1), Thunderbird (1), Visual Studio Code (2), Zoom Client for Mac (1)
Copyright © 2023 Ivanti. All rights reserved. Apple Updates CVE Information § macOS Ventura 13.5 § HT213843 § Fixes 42 Vulnerabilities: See https://support.apple.com/en-us/HT213843 for details. § macOS Monterey 12.6.8 § HT213844 § Fixes 93 Vulnerabilities: See https://support.apple.com/en-us/HT213844 for details. § macOS Big Sur 11.7.9 § HT213845 § Fixes 120 Vulnerabilities: See https://support.apple.com/en-us/HT213845 for details. § Safari 16.6 § HT213847 § Fixes 7 Vulnerabilities: See https://support.apple.com/en-us/HT213847 for details.
Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information § Google Chrome 115.0.5790.98 § CHROMEMAC-230718 § Fixes 11 Vulnerabilities: CVE-2023-3727, CVE-2023-3728, CVE-2023-3730, CVE- 2023-3736, CVE-2023-3732, CVE-2023-3738, CVE-2023-3733, CVE-2023-3734, CVE-2023-3735, CVE-2023-3737, CVE-2023-3740 § Google Chrome 115.0.5790.170 § CHROMEMAC-230802 § Fixes 11 Vulnerabilities: CVE-2023-4068, CVE-2023-4071, CVE-2023-4069, CVE- 2023-4072, CVE-2023-4070, CVE-2023-4073, CVE-2023-4078, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077 § Microsoft Edge 115.0.1901.183 § MEDGEMAC-230721 § Fixes 3 Vulnerabilities: CVE-2023-32387, CVE-2023-35392, CVE-2023-38173
Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information (cont) § Firefox 116.0 § FF-230801 § Fixes 14 Vulnerabilities: CVE-2023-4047, CVE-2023-4051, CVE-2023-4053, CVE- 2023-4054, CVE-2023-4045, CVE-2023-4057, CVE-2023-4046, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023- 4056, CVE-2023-4058 § Firefox ESR 102.14.0 § FFE-230801, QFFE102140 § Fixes 9 Vulnerabilities: CVE-2023-4045, CVE-2023-4047, CVE-2023-4054, CVE- 2023-4046, CVE-2023-4055, CVE-2023-4048, CVE-2023-4056, CVE-2023-4049, CVE-2023-4050 § Thunderbird 115.0.1 § TB-230720 § Fixes 2 Vulnerabilities: CVE-2023-3417, CVE-2023-3600
Q & A
Copyright © 2023 Ivanti. All rights reserved. Thank You!

Recommended

June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch TuesdayIvanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 

Recommended

June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch TuesdayIvanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch TuesdayIvanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch TuesdayIvanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19ShapeBlue
 
A/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureA/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureLeon Anavi
 
Android Automotive
Android AutomotiveAndroid Automotive
Android AutomotiveOpersys inc.
 
Jenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-PipelinesJenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-PipelinesChristian Münch
 
Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de JulioIvanti
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletIvanti
 

More Related Content

What's hot

2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch TuesdayIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch TuesdayIvanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch TuesdayIvanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch TuesdayIvanti
 
What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19ShapeBlue
 
A/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureA/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureLeon Anavi
 
Android Automotive
Android AutomotiveAndroid Automotive
Android AutomotiveOpersys inc.
 
Jenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-PipelinesJenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-PipelinesChristian Münch
 

What's hot (20)

2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch Tuesday
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
 
A/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureA/B Linux updates with RAUC and meta-rauc-community: now & in the future
A/B Linux updates with RAUC and meta-rauc-community: now & in the future
 
Android Automotive
Android AutomotiveAndroid Automotive
Android Automotive
 
Jenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-PipelinesJenkins to Gitlab - Intelligent Build-Pipelines
Jenkins to Gitlab - Intelligent Build-Pipelines
 

Similar to August Patch Tuesday Webinar Summary

Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de JulioIvanti
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletIvanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch TuesdayIvanti
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de NoviembreIvanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia NovembreIvanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch TuesdayIvanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – NovembreIvanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxIvanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - maiIvanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juinIvanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayIvanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch TuesdayIvanti
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – OctobreIvanti
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch TuesdayIvanti
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayIvanti
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de OctubreIvanti
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch TuesdayIvanti
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch TuesdayShazia464689
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 

Similar to August Patch Tuesday Webinar Summary (20)

Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de Julio
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - Juillet
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de Noviembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch Tuesday
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 

More from Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia DicembreIvanti
 

More from Ivanti (16)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

August Patch Tuesday Webinar Summary

  • 1. Patch Tuesday Webinar Wednesday, August 9, 2023 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda August 2023 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2023 Ivanti. All rights reserved. August Patch Tuesday 2023 Microsoft has released updates resolving 74 new CVEs this month, one of which is confirmed exploited and six are rated by Microsoft as Critical. Microsoft also updated CVE-2023-36884 released in July to split the Office products out into a separate Defense in Depth Advisory (ADV230003). Besides the OS and Office updates, Microsoft has updates for Exchange Server, .NET, Azure, SQL Server, and Teams making for a significant lineup this August. Additional updates from Google Chrome released on August 3 and Microsoft Edge (Chromium) updated on August 7 along with Adobe Acrobat and Reader should also be included in your update activities this month.
  • 6. Copyright © 2023 Ivanti. All rights reserved. In the News § iPhone Users Urged to Update to Patch 2 Zero-Days § https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days- under-attack/180448/ § Apple Users See Big Mac Attack, Says Accenture § https://www.darkreading.com/attacks-breaches/accenture-sees-big-mac- attacks § Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised § https://www.darkreading.com/vulnerabilities-threats/citrix-zero-day-update- 7000-instances-exposed-460-compromised § Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits § https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as- threat-actors-pivot-to-zero-day-exploits
  • 7. Copyright © 2023 Ivanti. All rights reserved. Ivanti Endpoint Manager Mobile (Core) § Exploited vulnerabilities CVE-2023-35078 and CVE-2023-35081 § Publicly Disclosed CVE-2023-35082 § Remediation § Update to latest version to resolve CVE-2023-35078 and CVE-2023-35081 Upgrade EPMM with patch releases (11.8.1.2, 11.9.1.2 and 11.10.0.3) from system manager portal § Run RPM Script to resolve CVE-2023-35082 § EPMM Unsupported Releases (<11.8.1.1) Upgrade to the latest version of EPMM to ensure you have the latest security and stability fixes. More information about upgrading can be found here: https://help.ivanti.com/mi/help/en_us/core/11.x/rn/CoreConnectorReleaseNot es/Support_and_compatibility.htm
  • 8. Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-36884 Windows Search Remote Code Execution Vulnerability § This CVE was re-issued from July 2023 § CVSS 3.1 Scores: 7.5 / 7.0 § Severity: Important § All currently supported operating systems § Per Microsoft - Updated affected software to include just Windows products with links to August 2023 security updates. Adjusted information in the FAQs. The Office updates are documented in ADV230003.
  • 9. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability § CVE-2023-38180 .NET and Visual Studio Denial of Service Vulnerability § CVSS 3.1 Scores: 7.5 / 6.7 § Severity: Important § Microsoft Visual Studio 2022 versions 17.2, 17.4 and 17.6 § .NET 6.0 and 7.0 § ASP.NET Core 2.1
  • 10. Copyright © 2023 Ivanti. All rights reserved. Microsoft Security Advisories § Advisory 190023 – Guidance for Enabling LDAP Channel Binding and LDAP Signing § Notice that updates are available for Windows Server 2022 and Windows Server 2022 (Server Core installation) to audit client machines that cannot utilize LDAP channel binding tokens via events on Active Directory domain controllers. The updates add the capability to enable CBT events 3074 & 3075 with event source Microsoft-Windows-ActiveDirectory_DomainService in the Directory Service event log. § Advisory 230001 - Guidance on Microsoft Signed Drivers Being Used Maliciously § Notice of additional untrusted drivers and driver signing certificates added to the Windows Driver.STL revocation list.
  • 11. Copyright © 2023 Ivanti. All rights reserved. Microsoft Security Advisories (cont) § Advisory 230003 – Microsoft Office Defense in Depth Update § This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023. § Advisory 230004 - Memory Integrity System Readiness Scan Tool Defense in Depth Update § The Memory Integrity System Readiness Scan Tool (hvciscan_amd64.exe and hvciscan_arm64.exe) is used to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity (HVCI). The original version was published without a RSRC section, which contains resource information for a module. The new version addresses this issue. Please see Driver compatibility with memory integrity and VBS for more information.
  • 12. Copyright © 2023 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest § Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 § Windows Server 2012 and 2012 R2 § Azure and Development Tool Updates § .NET 6.0 § .NET 7.0 § ASP.NET Core 2.1 § Azure DevOps Server 2019 § Azure DevOps Server 2022 § Azure HDInsights § Visual Studio 2017 v15.9 § Visual Studio 2019 v16.11 § Visual Studio 2022 (multiple) Source: Microsoft
  • 13. Copyright © 2023 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 14. Copyright © 2023 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 21H2 11/16/2021 6/11/2024 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 2019 11/13/2019 1/9/2024 Windows 11 Home and Pro Version Release Date End of Support Date 22H2 9/20/2022 10/8/2024 21H2 10/4/2021 10/10/2023 § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 15. Copyright © 2023 Ivanti. All rights reserved. Patch Content Announcements § Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s)
  • 17. Copyright © 2023 Ivanti. All rights reserved. APSB23-30: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020) § Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 30 vulnerabilities, 16 of which are rated critical. Successful exploitation could lead to arbitrary code execution in the context of the current user among other impacts. See https://helpx.adobe.com/security/products/acrobat/apsb23-30.html for more details. § Impact: Successful exploitation could lead to arbitrary code execution, application denial of service, security feature bypass and memory leak according to Adobe. § Fixes 30 Vulnerabilities: See Adobe site for details § Restart Required: Requires application restart
  • 18. Copyright © 2023 Ivanti. All rights reserved. MS23-08-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium § Description: This bulletin references KB 5029253 (21H2) and KB 5029263 (22H2). § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 33 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 19. Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 11 § KB 5029263 – Windows 11 version 22H2 § [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution.
  • 20. Copyright © 2023 Ivanti. All rights reserved. MS23-08-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 6 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 33 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 21. Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 10 § KB 5029247 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  • 22. Copyright © 2023 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont) § KB 5029250 – Windows Server 2022 § [ESXi Fail] After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to mitigate this issue. Microsoft and VMware are investigating this issue and will provide more information when it is available.
  • 23. Copyright © 2023 Ivanti. All rights reserved. MS23-08-MR8: Monthly Rollup for Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 and IE § Description: This cumulative security update contains improvements that are part of update KB 5028232 (released July 11, 2023). Bulletin is based on KB 5029295. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 24 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
  • 24. Copyright © 2023 Ivanti. All rights reserved. MS23-08-SO8: Security-only Update for Windows Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 § Description: This security update is based on KB 5029308. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 24 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
  • 25. Copyright © 2023 Ivanti. All rights reserved. MS23-08-MR81: Monthly Rollup for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 and IE § Description: This cumulative security update includes improvements that are part of update KB 5028228 (released July 11, 2023). . Bulletin is based on KB 5029312. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 25 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 26. Copyright © 2023 Ivanti. All rights reserved. MS23-08-SO81: Security-only for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 § Description: This security update is based on KB 5029304. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing Elevation of Privilege, and Information Disclosure § Fixes 25 Vulnerabilities: CVE-2023-36884 (re-issued) is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 27. Copyright © 2023 Ivanti. All rights reserved. MS23-08-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Maximum Severity: Critical § Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Spoofing, Defense in Depth § Fixes 8 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. Advisory 230003 Microsoft Office Defense in Depth Update identifies updates required to stop chain attacks which can exploit CVE-2023-36884. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
  • 28. Copyright © 2023 Ivanti. All rights reserved. MS23-08-OFF: Security Updates for Microsoft Office § Maximum Severity: Critical § Affected Products: Excel, Office, Outlook, Powerpoint, Project, Publisher, Visio, and Word (all 2103 & 2016), Office Online Server, Office 2019 & LTSC 2021 for Mac, and Teams § Description: This security update resolves multiple security issues in Microsoft Office suite. This bulletin references 17 KB articles and release notes for the Mac updates. § Impact: Remote Code Execution, Spoofing, Defense in Depth § Fixes 6 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. Advisory 230003 Microsoft Office Defense in Depth Update identifies updates required to stop chain attacks which can exploit CVE-2023-36884. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
  • 29. Copyright © 2023 Ivanti. All rights reserved. MS23-08-IE: Security Updates for Internet Explorer § Maximum Severity: Important § Affected Products: Internet Explorer 11 § Description: The improvements that are included in this Internet Explorer update are also included in the August 2023 Security Monthly Quality Rollup. Installing either this Internet Explorer update or the Security Monthly Quality Rollup installs the same improvements. This bulletin references KB 5029243. § Impact: Security Feature Bypass § Fixes 1 Vulnerability: CVE-2023-35384 is fixed in this update and is not known exploited or publicly disclosed. § Restart Required: Requires browser restart § Known Issues: None reported
  • 30. Copyright © 2023 Ivanti. All rights reserved. MS23-08-SPT: Security Updates for SharePoint Server § Maximum Severity: Important § Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This update corrects an issue where an attacker could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. This bulletin is based on 5 KB articles. § Impact: Spoofing, Information Disclosure § Fixes 4 Vulnerabilities: This update addresses CVE-2023-36890, CVE-2023- 36891, CVE-2023-36892 and CVE-2023-36894 which are not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
  • 31. Copyright © 2023 Ivanti. All rights reserved. MS23-08-EXCH: Security Updates for Exchange Server § Maximum Severity: Important § Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU11 & CU12. § Description: This security update rollup resolves multiple security issues in Microsoft Exchange Server. This bulletin is based on KB 5029388. § Impact: Remote Code Execution, Spoofing, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2023-21709, CVE-2023-35368, CVE-2023- 35388, CVE-2023-38181, CVE-2023-38182, and CVE-2023-38185 are not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: After this update is installed, webpage previews for URLs that are shared in Outlook on the web (OWA) are not rendered correctly.
  • 32. Copyright © 2023 Ivanti. All rights reserved. MS23-08-SQL: Security Updates for SQL Server § Maximum Severity: Important § Affected Products: Microsoft SQL Server 2019 CU21 and SQL Server 2022 CU5 § Description: This security update fixes an issue whereby an attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely. This bulletin is based on 2 KB articles. § Impact: Remote Code Execution § Fixes 1 Vulnerability: CVE-2023-38169 is not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
  • 33. Copyright © 2023 Ivanti. All rights reserved. MS23-08-MRNET: Monthly Rollup for Microsoft .NET § Maximum Severity: Important § Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1 § Description: This security update addresses a vulnerability in applications on IIS using their parent application’s Application Pool which can lead to privilege escalation or other security bypasses. It also addresses a vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. This bulletin references 17 KB articles. § Impact: Spoofing, Elevation of Privilege § Fixes 2 Vulnerabilities: CVE-2023-36873 and CVE-2023-36899 are not publicly disclosed or known exploited. § Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. § Known Issues: None reported
  • 34. Copyright © 2023 Ivanti. All rights reserved. MS23-08-SONET: Security-only Update for Microsoft .NET § Maximum Severity: Important § Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1 § Description: This security update addresses a vulnerability in applications on IIS using their parent application’s Application Pool which can lead to privilege escalation or other security bypasses. It also addresses a vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. This bulletin references 17 KB articles. § Impact: Spoofing, Elevation of Privilege § Fixes 2 Vulnerabilities: CVE-2023-36873 and CVE-2023-36899 are not publicly disclosed or known exploited. § Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used. § Known Issues: None reported
  • 36. Copyright © 2023 Ivanti. All rights reserved. Windows Release Summary § Security Updates (with CVEs): Azul Zulu (3), Google Chrome (2), Corretto (3), Firefox (1), Firefox ESR (2), Java 8 Update (1), Java Development Kit 11 (1), Java Development Kit (1), Nitro Pro (1), Nitro Pro Enterprise (1), RedHat OpenJDK (3), SeaMonkey (1), Thunderbird (1) § Security Updates (w/o CVEs): CCleaner (1), Google Chrome (2), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Eclipse Adoptium 8 (1), Eclipse Adoptium 11 (1), Eclipse Adoptium 17 (1), Evernote (1), Firefox (2), Firefox ESR (1), Foxit PDF Reader Consumer (1), GoodSync (2), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Node.JS (Current) (1), Node.JS (LTS Upper) (1), Opera (3), VirtualBox (2), Paint.net (1), Pulse Secure VPN Desktop Client (1), Royal TS (2), Skype (1), Slack Machine-Wide Installer (1), Tableau Desktop (4), Thunderbird (1), TeamViewer (3), WinRAR (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom Rooms Client (1), Zoom VDI (1) § Non-Security Updates: AIMP (1), BlueBeam Revu (1), Box Drive (1), Bitwarden (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (2), Inkscape (1), BlueJeans (2), NextCloud Desktop Client (1), PDF24 Creator (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), WeCom (2), WinMerge (1)
  • 37. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information § Google Chrome 115.0.5790.99 § CHROME-230719, QGC1150579099 § Fixes 11 Vulnerabilities: CVE-2023-3727, CVE-2023-3728, CVE-2023-3730, CVE- 2023-3736, CVE-2023-3732, CVE-2023-3738, CVE-2023-3733, CVE-2023-3734, CVE-2023-3735, CVE-2023-3737, CVE-2023-3740 § Google Chrome 115.0.5790.171 § CHROME-230803, QGC11505790171 § Fixes 11 Vulnerabilities: CVE-2023-4068, CVE-2023-4071, CVE-2023-4069, CVE- 2023-4072, CVE-2023-4070, CVE-2023-4073, CVE-2023-4078, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077
  • 38. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Java Development Kit 17 Update 17.0.8 § JDK17-230718, QJDK1708 § Fixes 8 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22044, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22051, CVE-2023-25193 § Java Development Kit 11 Update 11.0.20 § JDK11-230718, QJDK11020 § Fixes 6 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193 § Java 8 Update 381 – JRE and JDK § JAVA8-230718, QJDK8U381 and QJRE8U381 § Fixes 5 Vulnerabilities: CVE-2023-22043, CVE-2023-22041, CVE-2023-22044, CVE-2023-22049, CVE-2023-22045
  • 39. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Azul Zulu 17.44.15 (17.0.8) Note: FX version of JDK also now supported § ZULU11-230719, QZULUJDK174415 and QZULUJRE174415 § Fixes 9 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE- 2023-22049, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023- 22051, CVE-2023-25193 § Azul Zulu 11.66.15 (11.0.20) Note: FX version of JDK also now supported § ZULU11-230719, QZULUJDK116615 and QZULUJRE116615 § Fixes 8 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22043, CVE- 2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22051, CVE-2023-25193 § Azul Zulu 8.72.0.17 (8u382) Note: FX version of JDK also now supported § ZULU8-230719, QZULUJDK872017 and QZULUJRE872017 § Fixes 3 Vulnerabilities: CVE-2023-22043, CVE-2023-22045, CVE-2023-22049
  • 40. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Corretto 17.0.8.7.1 § CRTO17-230719, QCRTOJDK1708 § Fixes 7 Vulnerabilities: CVE-2023-22006, CVE-2023-22041, CVE-2023-22036, CVE- 2023-22049, CVE-2023-22044, CVE-2023-25193, CVE-2023-22045 § Corretto 11.0.20.8.1 § CRTO11-230719, QCRTOJDK11020 § Fixes 6 Vulnerabilities: CVE-2023-22041, CVE-2023-22006, CVE-2023-22049, CVE- 2023-22036, CVE-2023-22045, CVE-2023-25193 § Corretto 8.382.05.1 – JRE and JDK § CRTO8-230719, QCRTOJRE8382 § CRTO8-230719, QCRTOJDK8382 § Fixes 3 Vulnerabilities: CVE-2023-22043, CVE-2023-22045, CVE-2023-22049
  • 41. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § RedHat OpenJDK 17.0.8.0 – JRE and JDK § RHTJDK17-230721, QRHTJDK170807 § RHTJDK17-230721, QRHTJRE170807 § Fixes 7 Vulnerabilities: CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE- 2023-22044, CVE-2023-22049, CVE-2023-22045, CVE-2023-25193 § RedHat OpenJDK 11.0.20.8 – JRE and JDK § RHTJDK11-230721, QRHTJDK110208 § RHTJDK11-230721, QRHTJRE110208 § Fixes 6 Vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22045, CVE- 2023-22041, CVE-2023-22049, CVE-2023-25193 § RedHat OpenJDK 8.0.382 § RHTJDK8-230721, QRHTJDK180382 § Fixes 2 Vulnerabilities: CVE-2023-22045, CVE-2023-22049
  • 42. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Firefox 116.0 § FF-230801, QFF1160 § Fixes 14 Vulnerabilities: CVE-2023-4047, CVE-2023-4051, CVE-2023-4053, CVE- 2023-4054, CVE-2023-4045, CVE-2023-4057, CVE-2023-4046, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023- 4056, CVE-2023-4058 § Firefox ESR 115.1.0 § FFE115-230801, QFFE11510 § Fixes 11 Vulnerabilities: CVE-2023-4047, CVE-2023-4049, CVE-2023-4045, CVE- 2023-4054, CVE-2023-4046, CVE-2023-4057, CVE-2023-4048, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023-4056 § Firefox ESR 102.14.0 § FFE-230801, QFFE102140 § Fixes 9 Vulnerabilities: CVE-2023-4045, CVE-2023-4047, CVE-2023-4054, CVE- 2023-4046, CVE-2023-4055, CVE-2023-4048, CVE-2023-4056, CVE-2023-4049, CVE-2023-4050
  • 43. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Nitro Pro 13.70.7.60 § NITRO-230801, QNITRO1370760 § Fixes 1 Vulnerability: CVE-2023-36664 § Nitro Pro Enterprise 13.70.7.60 § NITROE-230801, QNITROE1370760 § Fixes 1 Vulnerability: CVE-2023-36664 § SeaMonkey 2.53.17 § SM-230804, QSM25317 § Fixes 10 Vulnerabilities: CVE-2023-11709, CVE-2023-11712, CVE-2023-11711, CVE- 2023-11729, CVE-2023-11713, CVE-2023-11730, CVE-2023-11715, CVE-2023- 11717, CVE-2023-11719, CVE-2023-9811 § Thunderbird 115.0.1 § TB-230720, QTB11501 § Fixes 2 Vulnerabilities: CVE-2023-3417, CVE-2023-3600
  • 44. Copyright © 2023 Ivanti. All rights reserved. Apple Release Summary § Security Updates (with CVEs): Apple Venture macOS (1), Apple Big Sur macOS (1), Apple Monterey macOS (1), Apple Safari (1), Google Chrome (2), Microsoft Edge (1), Firefox (1), Firefox ESR (1), Thunderbird (1) § Security Updates (w/o CVEs): Google Chrome (1), Firefox ESR (1), Slack (1), SeaMonkey (1) § Non-Security Updates: 1Password (1), Alfred (1), aText (1), Google Chrome (1), Data Rescue (1), Docker Desktop for Mac (2), Dropbox (2), Evernote (1), Firefox (2), Firefox ESR (1), Google Drive (1), Grammarly (4), Inkscape (1), LibreOffice (1), Microsoft Edge (1), Skype (1), Spotify (2), Sublime Text Build (1), Thunderbird (1), Visual Studio Code (2), Zoom Client for Mac (1)
  • 45. Copyright © 2023 Ivanti. All rights reserved. Apple Updates CVE Information § macOS Ventura 13.5 § HT213843 § Fixes 42 Vulnerabilities: See https://support.apple.com/en-us/HT213843 for details. § macOS Monterey 12.6.8 § HT213844 § Fixes 93 Vulnerabilities: See https://support.apple.com/en-us/HT213844 for details. § macOS Big Sur 11.7.9 § HT213845 § Fixes 120 Vulnerabilities: See https://support.apple.com/en-us/HT213845 for details. § Safari 16.6 § HT213847 § Fixes 7 Vulnerabilities: See https://support.apple.com/en-us/HT213847 for details.
  • 46. Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information § Google Chrome 115.0.5790.98 § CHROMEMAC-230718 § Fixes 11 Vulnerabilities: CVE-2023-3727, CVE-2023-3728, CVE-2023-3730, CVE- 2023-3736, CVE-2023-3732, CVE-2023-3738, CVE-2023-3733, CVE-2023-3734, CVE-2023-3735, CVE-2023-3737, CVE-2023-3740 § Google Chrome 115.0.5790.170 § CHROMEMAC-230802 § Fixes 11 Vulnerabilities: CVE-2023-4068, CVE-2023-4071, CVE-2023-4069, CVE- 2023-4072, CVE-2023-4070, CVE-2023-4073, CVE-2023-4078, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077 § Microsoft Edge 115.0.1901.183 § MEDGEMAC-230721 § Fixes 3 Vulnerabilities: CVE-2023-32387, CVE-2023-35392, CVE-2023-38173
  • 47. Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information (cont) § Firefox 116.0 § FF-230801 § Fixes 14 Vulnerabilities: CVE-2023-4047, CVE-2023-4051, CVE-2023-4053, CVE- 2023-4054, CVE-2023-4045, CVE-2023-4057, CVE-2023-4046, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4055, CVE-2023- 4056, CVE-2023-4058 § Firefox ESR 102.14.0 § FFE-230801, QFFE102140 § Fixes 9 Vulnerabilities: CVE-2023-4045, CVE-2023-4047, CVE-2023-4054, CVE- 2023-4046, CVE-2023-4055, CVE-2023-4048, CVE-2023-4056, CVE-2023-4049, CVE-2023-4050 § Thunderbird 115.0.1 § TB-230720 § Fixes 2 Vulnerabilities: CVE-2023-3417, CVE-2023-3600
  • 48. Q & A
  • 49. Copyright © 2023 Ivanti. All rights reserved. Thank You!