SlideShare a Scribd company logo
1 of 47
Download to read offline
Patch Tuesday Webinar
Wednesday, July 12, 2023
Hosted by Chris Goettl and Todd Schell
Agenda
July 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
Overview
Copyright © 2023 Ivanti. All rights reserved.
July Patch Tuesday 2023
Microsoft resolved 130 new CVEs, updated 9 CVEs, and releasedupdated 3 Advisories this month.
There are 6 confirmed Zero Day Exploits this month and another with functional exploit code. The OS
and Office updates are going to be your priority this month and will take care of the majority of the risk,
but CVE-2023-36884 is a configuration-only mitigation so another update may soon be here. There are
some operational changes in NetLogon and Kerberos stepping up enforcement from a couple of CVEs
resolved in 2022 that you will want to be aware of. For more details check out our complete writeup in
this months Patch Tuesday Blog: https://www.ivanti.com/blog/july-2023-patch-tuesday
In the News
Copyright © 2023 Ivanti. All rights reserved.
In the News
§ Apple Issues Urgent Patch for Zero-Day Flaw Targe;ng iOS, iPadOS, macOS,
and Safari
§ h"ps://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html
§ Apple releases, quickly pulls Rapid Security Response update for 0-day
WebKit bug
§ h"ps://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/amp/
§ Unpatched Office zero-day CVE-2023-36884 ac;vely exploited in targeted
aUacks
§ h"ps://securityaffairs.com/148380/hacking/office-zero-day-cve-2023-36884.html
§ Oracle Cri;cal Product Updates (CPU)
§ https://www.oracle.com/security-alerts/
§ Coming July 18th
Copyright © 2023 Ivanti. All rights reserved.
Microsoft Security Advisories
§ Advisory 230001
§ Guidance on Microsoft Signed Drivers Being Used Maliciously
§ https://msrc.microsoft.com/update-guide/vulnerability/ADV230001
§ Notice of additions to Driver.STL revocation list
§ Advisory 230002
§ Microsoft Guidance for Addressing Security Feature Bypass in Trend
Micro EFI Modules
§ https://msrc.microsoft.com/update-guide/vulnerability/ADV230002
Copyright © 2023 Ivanti. All rights reserved.
Vulnerabilities of Interest
§ CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 7.2 / 6.3
§ Severity: Critical
§ All supported server operating systems
§ Per Microsoft - Microsoft is announcing the release of the third phase of Windows security
updates to address this vulnerability. These updates remove the ability to disable PAC
signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft
strongly recommends that customers install the June updates to be fully protected from this
vulnerability, and review How to manage the Kerberos and Netlogon Protocol changes
related to CVE-2022-37967 for further information. Customers whose Windows devices are
configured to receive automatic updates do not need to take any further action.
§ July Change: Initial Enforcement – Default configuration set to enforce PAC Signature
validation. Can still be override by Admin through configuration.
§ October Change: Full Enforcement – no more admin override.
Copyright © 2023 Ivanti. All rights reserved.
Vulnerabilities of Interest
§ CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 8.1 / 7.1
§ Severity: Important
§ This month begins ‘enforcement by default’.
§ This has been a multi-year, multi-phase implementation to correct a complex system flaw.
For more details see KB5021130: How to manage the Netlogon protocol changes related to
CVE-2022-38023
§ July Change: Full Enforcement – No more compatibility or audit only mode. After the July
update Netlogon will require RPC Sealing.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
§ CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 6.7 / 6.2
§ Severity: Important
§ This is a re-issue from May.
§ All currently supported operating systems
§ To comprehensively address CVE-2023-24932, Microsoft has released July 2023 security
updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that
customers install the updates to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need to take any further action.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
§ CVE-2023-36884 Office and Windows HTML Remote Code Execution
Vulnerability
§ CVSS 3.1 Scores: 8.3 / 8.1
§ Severity: Important
§ All currently supported operating systems and Microsoft Office
§ Per Microsoft - The CVE is rated as Important but has confirmed reports of exploitation in the
wild and functional code has been publicly disclosed for this vulnerability. An attacker could
create a specially crafted Microsoft Office document that enables them to perform remote
code execution in the context of the victim. Microsoft has not yet released an update to
fix this issue but has provided a configuration level mitigation to block Office applications
from creating child processes. Running as least privileged could also help to mitigate the
attack and require the attacker to execute additional exploits to elevate their privilege level.
Microsoft has released a blog entry describing steps that can be taken to protect systems
until a fix becomes available.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability
§ CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 6.8
§ Severity: Important
§ All currently supported operating systems
§ Per Microsoft - While Microsoft has announced retirement of the Internet Explorer 11
application on certain platforms and the Microsoft Edge Legacy application is deprecated,
the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The
MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other
applications through WebBrowser control. The EdgeHTML platform is used by WebView and
some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but
can also be used by other legacy applications. Updates to address vulnerabilities in the
MSHTML platform and scripting engine are included in the IE Cumulative Updates;
EdgeHTML and Chakra changes are not applicable to those platforms.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
§ CVE-2023-32049 Windows SmartScreen Security Feature Bypass
Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Windows 10, Windows 11, Server 2016, Server 2019, Server 2022
§ Per Microsoft - The user would have to click on a specially crafted URL to be compromised
by the attacker and the attacker would be able to bypass the Open File - Security Warning
prompt.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
§ CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Microsoft 365 Apps for Enterprise, Outlook 2013 & 2016, Office 2019, and Office LTSC 2021
§ Per Microsoft - The user would have to click on a specially crafted URL to be compromised
by the attacker. The attacker would be able to bypass the Microsoft Outlook Security Notice
prompt. The Preview Pane is an attack vector, but additional user interaction is required.
Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
§ CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 6.8
§ Severity: Important
§ All currently supported operating systems
§ Per Microsoft - An attacker who successfully exploited this vulnerability could gain
administrator privileges. An attacker must have local access to the targeted machine and the
user must be able to create folders and performance traces on the machine, with restricted
privileges that normal users have by default.
Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Windows 7/Server 2008 R2 Year 4 ESU
§ Azure and Development Tool Updates
§ .NET 6.0
§ .NET 7.0
§ Azure HDInsights
§ Azure Service Fabric 9.0 & 9.1
§ Mono 6.12.0
§ PandocUpload
§ Visual Studio 2022 (multiple)
Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved.
Server 2012/2012 R2 EOL is Coming
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows Server
Version Release Date End of Support Date
2022 8/18/2021 10/13/2026
2019 11/13/2019 1/9/2024
Windows 11 Home and Pro
Version Release Date End of Support Date
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-26: Security Update Firefox 115.0.2
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses security vulnerabilities in the
Firefox browser on multiple platforms.
§ Impact: Denial of Service
§ Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2023-26/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None
Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-26: Security Update Firefox ESR 115.0.2
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox ESR
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox
ESR browser on multiple platforms.
§ Impact: Denial of Service
§ Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2023-26/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
§ Description: This bulletin references KB 5028182 (21H2) and KB 5028185 (22H2).
There are many new features and enhancements in the 22H2 release. See the KB for
full details.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 84 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE-
2023-36874 are known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 11
§ KB 5028182 – Windows 11 version 21H2
§ [App Fail] Windows devices with some third-party UI customization apps might not
start up. These third-party apps might cause errors with explorer.exe that might repeat
multiple times in a loop. The known affected third-party UI customization apps are
ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI
customization app before installing this or later updates. Microsoft is investigating and
will provide more info in the future.
Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 11 (cont)
§ KB 5028185 – Windows 11 version 22H2
§ [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 5 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 99 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE-
2023-36874 are known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 10
§ KB 5028168 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
§ [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 10 (cont)
§ KB 5028171 – Windows Server 2022
§ [ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to
mitigate this issue. Microsoft and VMware are investigating this issue and will
provide more information when it is available.
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-MR8: Monthly Rollup for Server 2012
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows Server 2012 and IE
§ Description: This cumulative security update contains improvements that are part of update
KB 5027283 (released June 13, 2023). Bulletin is based on KB 5028232. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023,
to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited.
See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SO8: Security-only Update for Windows Server 2012
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows Server 2012
§ Description: This security update is based on KB 5028233. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October
10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on
October 10, 2023.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are
known exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-MR81: Monthly Rollup for Server 2012 R2
§ Maximum Severity: Critical
§ Affected Products: Server 2012 R2 and IE
§ Description: This cumulative security update contains improvements that are part of update
KB 5027271 (released June 13, 2023). Bulletin is based on KB 5028228. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023,
to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited.
See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SO81: Security-only for Server 2012 R2
§ Maximum Severity: Critical
§ Affected Products: Server 2012 R2
§ Description: This security update is based on KB 5028223. Starting with this release,
Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to
notify customers of the end of support (EOS) for Windows Server 2012 on October 10,
2023.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known
exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SPT: Security Updates for SharePoint Server
§ Maximum Severity: Critical
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
§ Description: This update corrects a series of vulnerabilities which would allow
remote user access to the machine and user data. This bulletin is based on 3 KB
articles.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing
§ Fixes 5 Vulnerabilities: This update addresses CVE-2023-33134, CVE-2023-
33157, CVE-2023-33159, CVE-2023-33160, and CVE-2023-33165 which are not
publicly disclosed or known exploited.
§ Restart Required: Requires restart
§ Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-IE: Security Updates for Internet Explorer
§ Maximum Severity: Important
§ Affected Products: Internet Explorer 11
§ Description: The improvements that are included in this Internet Explorer update are
also included in the July 2023 Security Monthly Quality Rollup. Installing either this
Internet Explorer update or the Security Monthly Quality Rollup installs the same
improvements. This bulletin references KB 5028167.
§ Impact: Elevation of Privilege
§ Fixes 1 Vulnerability: CVE-2023-32046 is fixed in this update and is known
exploited.
§ Restart Required: Requires browser restart
§ Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Maximum Severity: Important
§ Affected Products: Office 2013 Click-to-Run, Microsoft 365 Apps, Office 2019 and
Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege, Information Disclosure
§ Fixes 11 Vulnerabilities: CVE-2023-36884 is known exploited and publicly
disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the
complete list of CVEs.
§ Restart Required: Requires application restart
§ Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved.
MS23-07-OFF: Security Updates for Microsoft Office
§ Maximum Severity: Important
§ Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office
LTSC 2021 for Mac, Office Online Server, Outlook 2013 & 2016, and Word 2103 &
2016
§ Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references 15 KB articles and release notes for the Mac
updates.
§ Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Information
Disclosure
§ Fixes 10 Vulnerabilities: CVE-2023-36884 is known exploited and publicly
disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the
complete list of CVEs.
§ Restart Required: Requires application restart
§ Known Issues: None reported
Between Patch Tuesdays
Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
§ Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (2), Foxit
PhantomPDF (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1),
Thunderbird (1)
§ Security Updates (w/o CVEs): 7-Zip (1), Adobe Acrobat DC and Acrobat Reader (1), Apache
Tomcat (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker for Windows (2),
Dropbox (1), Evernote (1), Firefox (2), Firefox ESR (1), GoodSync (2), GIT for windows (1), Cisco
Jabber (1), Jabra Direct (1), LogMeIn (1), Malwarebytes (1), System Center Operations Manager
2019 (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), Paint.net (1), Pulse Secure VPN Desktop
Client (1), PeaZip (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (1),
Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (5),
TeamViewer (3), UltraVNC (1), WinSCP (1), Zoom Client (4), Zoom Rooms Client (2), Zoom VDI (1)
§ Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (2), Bandicut (1), BlueBeam
Revu (1), Bitwarden (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (3),
BlueJeans (1), PDF24 Creator (2), PDF-Xchange PRO (1), R for Windows (1), Rocket.Chat Desktop
Client (1), WeCom (1)
Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information
§ Google Chrome 114.0.5735.199
§ CHROME-230627, QGC11405735199
§ Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
§ Firefox 115.0
§ FF-230704, QFF1150
§ Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
§ Foxit PhantomPDF 10.1.12.37872
§ FIP-230616, QFIP1011237872
§ Fixes 4 Vulnerabilities: CVE-2023-27363, CVE-2023-27364, CVE-2023-27365, CVE-
2023-27366
Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Firefox ESR 115.0
§ FFE-230704, QFFE1150
§ Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
§ Firefox ESR 102.13.0
§ FFE-230704, QFFE102130
§ Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
§ Thunderbird 102.13.0
§ TB-230707, QTB102130
§ Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Node.JS 20.3.1 (Current)
§ NOJSC-230621, QNODEJSC2031
§ Fixes 10 Vulnerabilities: CVE-2023-30581, CVE-2023-30582, CVE-2023-30583, CVE-
2023-30584, CVE-2023-30585, CVE-2023-30586, CVE-2023-30587, CVE-2023-
30588, CVE-2023-30589, CVE-2023-30590
§ Node.JS 16.20.1 (LTS Lower)
§ NOJSLL-230621, QNODEJSLL16201
§ Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-
2023-30589, CVE-2023-30590
§ Node.JS 18.16.1 (LTS Upper)
§ NOJSLU-230621, QNODEJSLU18161
§ Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-
2023-30589, CVE-2023-30590
Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
§ Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1), macOS Big Sur
(1), macOS Monterey (1), macOS Ventura (1), Safari (1), Microsoft Edge (1), Thunderbird (1)
§ Security Updates (w/o CVEs): Slack (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), aText (2), Calendar 366 II (1),
Dropbox (2), Evernote (1), Firefox (2), Google Drive (1), Grammarly (7), Microsoft Edge (2), Spotify (2),
Microsoft Teams (Mac) (1), Visual Studio Code (1), Zoom Client (3)
Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information
§ macOS Big Sur 11.7.8
§ HT213809
§ Fixes 1 Vulnerability: CVE-2023-32434
§ macOS Monterey 12.6.7
§ HT213810
§ Fixes 1 Vulnerability: CVE-2023-32434
§ macOS Ventura 13.4.1
§ HT213813
§ Fixes 2 Vulnerabilities: CVE-2023-32434, CVE-2023-32439
§ Safari 16.5.1 v2
§ HT213816
§ Fixes 1Vulnerability: CVE-2023-32439
Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information
§ Google Chrome 114.0.5735.198
§ CHROMEMAC-230626
§ Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
§ Firefox 115.0
§ FF-230704
§ Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
§ Microsoft Edge 114.0.1823.67
§ MEDGEMAC-230629
§ Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
§ Firefox ESR 102.13.0
§ FFE-230704
§ Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
§ Thunderbird 102.13.0
§ TB-230707
§ Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
Q & A
Copyright © 2023 Ivanti. All rights reserved.
Thank You!

More Related Content

What's hot

2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch TuesdayIvanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit Guard
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit GuardIT エンジニアのための 流し読み Windows - Microsoft Defender Exploit Guard
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit GuardTAKUYA OHTA
 
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...TAKUYA OHTA
 
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATP
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATPIT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATP
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATPTAKUYA OHTA
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Yusuke Kodama
 
Intuneによるパッチ管理
Intuneによるパッチ管理Intuneによるパッチ管理
Intuneによるパッチ管理Suguru Kunii
 
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズ
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズIT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズ
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズTAKUYA OHTA
 
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレード
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレードIT エンジニアのための 流し読み Windows - Windows 11 へのアップグレード
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレードTAKUYA OHTA
 
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証TAKUYA OHTA
 
Cyber Security Management.pdf
Cyber Security Management.pdfCyber Security Management.pdf
Cyber Security Management.pdfRobert Kloots
 
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しようSuguru Ito
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例についてAzure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例についてShinya Yamaguchi
 
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update wind06106
 
Microsoft Endpoint Configuration Manager 新機能のおさらい
Microsoft Endpoint Configuration Manager 新機能のおさらいMicrosoft Endpoint Configuration Manager 新機能のおさらい
Microsoft Endpoint Configuration Manager 新機能のおさらいYutaro Tamai
 
Active Directory 侵害と推奨対策
Active Directory 侵害と推奨対策Active Directory 侵害と推奨対策
Active Directory 侵害と推奨対策Yurika Kakiuchi
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
3分でわかるAzureでのService Principal
3分でわかるAzureでのService Principal3分でわかるAzureでのService Principal
3分でわかるAzureでのService PrincipalToru Makabe
 

What's hot (20)

2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit Guard
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit GuardIT エンジニアのための 流し読み Windows - Microsoft Defender Exploit Guard
IT エンジニアのための 流し読み Windows - Microsoft Defender Exploit Guard
 
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender for Endpoint クロスプラットフ...
 
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATP
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATPIT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATP
IT エンジニアのための 流し読み Microsoft 365 - 入門!Microsoft Defender ATP
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説
 
Intuneによるパッチ管理
Intuneによるパッチ管理Intuneによるパッチ管理
Intuneによるパッチ管理
 
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズ
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズIT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズ
IT エンジニアのための 流し読み Windows 10 - 超概要!Windows Defender シリーズ
 
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレード
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレードIT エンジニアのための 流し読み Windows - Windows 11 へのアップグレード
IT エンジニアのための 流し読み Windows - Windows 11 へのアップグレード
 
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
 
Cyber Security Management.pdf
Cyber Security Management.pdfCyber Security Management.pdf
Cyber Security Management.pdf
 
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう
[入門編] はじめてのIoT!Azureのサービスを使ってIoTのデータを取得しよう
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例についてAzure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
 
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update
SCUGJ第28回勉強会:Azure Extended Network Ver 2.2.0 Update
 
Microsoft Endpoint Configuration Manager 新機能のおさらい
Microsoft Endpoint Configuration Manager 新機能のおさらいMicrosoft Endpoint Configuration Manager 新機能のおさらい
Microsoft Endpoint Configuration Manager 新機能のおさらい
 
Active Directory 侵害と推奨対策
Active Directory 侵害と推奨対策Active Directory 侵害と推奨対策
Active Directory 侵害と推奨対策
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
3分でわかるAzureでのService Principal
3分でわかるAzureでのService Principal3分でわかるAzureでのService Principal
3分でわかるAzureでのService Principal
 

Similar to July Patch Tuesday Webinar Recap

Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de JulioIvanti
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletIvanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch TuesdayIvanti
 
2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – AoûtIvanti
 
2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto2023 Patch Tuesday de Agosto
2023 Patch Tuesday de AgostoIvanti
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de NoviembreIvanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia NovembreIvanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – NovembreIvanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juinIvanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - maiIvanti
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – OctobreIvanti
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de OctubreIvanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch TuesdayIvanti
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch TuesdayShazia464689
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 

Similar to July Patch Tuesday Webinar Recap (20)

Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de Julio
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - Juillet
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août
 
2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de Noviembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 

More from Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia DicembreIvanti
 

More from Ivanti (19)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 

July Patch Tuesday Webinar Recap

  • 1. Patch Tuesday Webinar Wednesday, July 12, 2023 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda July 2023 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2023 Ivanti. All rights reserved. July Patch Tuesday 2023 Microsoft resolved 130 new CVEs, updated 9 CVEs, and releasedupdated 3 Advisories this month. There are 6 confirmed Zero Day Exploits this month and another with functional exploit code. The OS and Office updates are going to be your priority this month and will take care of the majority of the risk, but CVE-2023-36884 is a configuration-only mitigation so another update may soon be here. There are some operational changes in NetLogon and Kerberos stepping up enforcement from a couple of CVEs resolved in 2022 that you will want to be aware of. For more details check out our complete writeup in this months Patch Tuesday Blog: https://www.ivanti.com/blog/july-2023-patch-tuesday
  • 6. Copyright © 2023 Ivanti. All rights reserved. In the News § Apple Issues Urgent Patch for Zero-Day Flaw Targe;ng iOS, iPadOS, macOS, and Safari § h"ps://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html § Apple releases, quickly pulls Rapid Security Response update for 0-day WebKit bug § h"ps://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/amp/ § Unpatched Office zero-day CVE-2023-36884 ac;vely exploited in targeted aUacks § h"ps://securityaffairs.com/148380/hacking/office-zero-day-cve-2023-36884.html § Oracle Cri;cal Product Updates (CPU) § https://www.oracle.com/security-alerts/ § Coming July 18th
  • 7. Copyright © 2023 Ivanti. All rights reserved. Microsoft Security Advisories § Advisory 230001 § Guidance on Microsoft Signed Drivers Being Used Maliciously § https://msrc.microsoft.com/update-guide/vulnerability/ADV230001 § Notice of additions to Driver.STL revocation list § Advisory 230002 § Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules § https://msrc.microsoft.com/update-guide/vulnerability/ADV230002
  • 8. Copyright © 2023 Ivanti. All rights reserved. Vulnerabilities of Interest § CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.2 / 6.3 § Severity: Critical § All supported server operating systems § Per Microsoft - Microsoft is announcing the release of the third phase of Windows security updates to address this vulnerability. These updates remove the ability to disable PAC signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft strongly recommends that customers install the June updates to be fully protected from this vulnerability, and review How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967 for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action. § July Change: Initial Enforcement – Default configuration set to enforce PAC Signature validation. Can still be override by Admin through configuration. § October Change: Full Enforcement – no more admin override.
  • 9. Copyright © 2023 Ivanti. All rights reserved. Vulnerabilities of Interest § CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 8.1 / 7.1 § Severity: Important § This month begins ‘enforcement by default’. § This has been a multi-year, multi-phase implementation to correct a complex system flaw. For more details see KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 § July Change: Full Enforcement – No more compatibility or audit only mode. After the July update Netlogon will require RPC Sealing.
  • 10. Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 6.7 / 6.2 § Severity: Important § This is a re-issue from May. § All currently supported operating systems § To comprehensively address CVE-2023-24932, Microsoft has released July 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • 11. Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability § CVSS 3.1 Scores: 8.3 / 8.1 § Severity: Important § All currently supported operating systems and Microsoft Office § Per Microsoft - The CVE is rated as Important but has confirmed reports of exploitation in the wild and functional code has been publicly disclosed for this vulnerability. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. Microsoft has not yet released an update to fix this issue but has provided a configuration level mitigation to block Office applications from creating child processes. Running as least privileged could also help to mitigate the attack and require the attacker to execute additional exploits to elevate their privilege level. Microsoft has released a blog entry describing steps that can be taken to protect systems until a fix becomes available.
  • 12. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability § CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 6.8 § Severity: Important § All currently supported operating systems § Per Microsoft - While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.
  • 13. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability (cont) § CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Windows 10, Windows 11, Server 2016, Server 2019, Server 2022 § Per Microsoft - The user would have to click on a specially crafted URL to be compromised by the attacker and the attacker would be able to bypass the Open File - Security Warning prompt.
  • 14. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability (cont) § CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Microsoft 365 Apps for Enterprise, Outlook 2013 & 2016, Office 2019, and Office LTSC 2021 § Per Microsoft - The user would have to click on a specially crafted URL to be compromised by the attacker. The attacker would be able to bypass the Microsoft Outlook Security Notice prompt. The Preview Pane is an attack vector, but additional user interaction is required.
  • 15. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability (cont) § CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 6.8 § Severity: Important § All currently supported operating systems § Per Microsoft - An attacker who successfully exploited this vulnerability could gain administrator privileges. An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.
  • 16. Copyright © 2023 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest § Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 § Windows 7/Server 2008 R2 Year 4 ESU § Azure and Development Tool Updates § .NET 6.0 § .NET 7.0 § Azure HDInsights § Azure Service Fabric 9.0 & 9.1 § Mono 6.12.0 § PandocUpload § Visual Studio 2022 (multiple) Source: Microsoft
  • 17. Copyright © 2023 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 18. Copyright © 2023 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 21H2 11/16/2021 6/11/2024 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 2019 11/13/2019 1/9/2024 Windows 11 Home and Pro Version Release Date End of Support Date 22H2 9/20/2022 10/8/2024 21H2 10/4/2021 10/10/2023 § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 19. Copyright © 2023 Ivanti. All rights reserved. Patch Content Announcements § Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s)
  • 21. Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-26: Security Update Firefox 115.0.2 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox § Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on multiple platforms. § Impact: Denial of Service § Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en- US/security/advisories/mfsa2023-26/ for complete details. § Restart Required: Requires application restart § Known Issues: None
  • 22. Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-26: Security Update Firefox ESR 115.0.2 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox ESR § Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR browser on multiple platforms. § Impact: Denial of Service § Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en- US/security/advisories/mfsa2023-26/ for complete details. § Restart Required: Requires application restart § Known Issues: None
  • 23. Copyright © 2023 Ivanti. All rights reserved. MS23-07-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium § Description: This bulletin references KB 5028182 (21H2) and KB 5028185 (22H2). There are many new features and enhancements in the 22H2 release. See the KB for full details. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 84 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE- 2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 24. Copyright © 2023 Ivanti. All rights reserved. July Known Issues for Windows 11 § KB 5028182 – Windows 11 version 21H2 § [App Fail] Windows devices with some third-party UI customization apps might not start up. These third-party apps might cause errors with explorer.exe that might repeat multiple times in a loop. The known affected third-party UI customization apps are ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI customization app before installing this or later updates. Microsoft is investigating and will provide more info in the future.
  • 25. Copyright © 2023 Ivanti. All rights reserved. July Known Issues for Windows 11 (cont) § KB 5028185 – Windows 11 version 22H2 § [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution.
  • 26. Copyright © 2023 Ivanti. All rights reserved. MS23-07-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 5 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 99 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE- 2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 27. Copyright © 2023 Ivanti. All rights reserved. July Known Issues for Windows 10 § KB 5028168 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  • 28. Copyright © 2023 Ivanti. All rights reserved. July Known Issues for Windows 10 (cont) § KB 5028171 – Windows Server 2022 § [ESXi Fail] After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to mitigate this issue. Microsoft and VMware are investigating this issue and will provide more information when it is available.
  • 29. Copyright © 2023 Ivanti. All rights reserved. MS23-07-MR8: Monthly Rollup for Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 and IE § Description: This cumulative security update contains improvements that are part of update KB 5027283 (released June 13, 2023). Bulletin is based on KB 5028232. Starting with this release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
  • 30. Copyright © 2023 Ivanti. All rights reserved. MS23-07-SO8: Security-only Update for Windows Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 § Description: This security update is based on KB 5028233. Starting with this release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported
  • 31. Copyright © 2023 Ivanti. All rights reserved. MS23-07-MR81: Monthly Rollup for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 and IE § Description: This cumulative security update contains improvements that are part of update KB 5027271 (released June 13, 2023). Bulletin is based on KB 5028228. Starting with this release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 32. Copyright © 2023 Ivanti. All rights reserved. MS23-07-SO81: Security-only for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 § Description: This security update is based on KB 5028223. Starting with this release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 33. Copyright © 2023 Ivanti. All rights reserved. MS23-07-SPT: Security Updates for SharePoint Server § Maximum Severity: Critical § Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This update corrects a series of vulnerabilities which would allow remote user access to the machine and user data. This bulletin is based on 3 KB articles. § Impact: Remote Code Execution, Security Feature Bypass, Spoofing § Fixes 5 Vulnerabilities: This update addresses CVE-2023-33134, CVE-2023- 33157, CVE-2023-33159, CVE-2023-33160, and CVE-2023-33165 which are not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
  • 34. Copyright © 2023 Ivanti. All rights reserved. MS23-07-IE: Security Updates for Internet Explorer § Maximum Severity: Important § Affected Products: Internet Explorer 11 § Description: The improvements that are included in this Internet Explorer update are also included in the July 2023 Security Monthly Quality Rollup. Installing either this Internet Explorer update or the Security Monthly Quality Rollup installs the same improvements. This bulletin references KB 5028167. § Impact: Elevation of Privilege § Fixes 1 Vulnerability: CVE-2023-32046 is fixed in this update and is known exploited. § Restart Required: Requires browser restart § Known Issues: None reported
  • 35. Copyright © 2023 Ivanti. All rights reserved. MS23-07-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Maximum Severity: Important § Affected Products: Office 2013 Click-to-Run, Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege, Information Disclosure § Fixes 11 Vulnerabilities: CVE-2023-36884 is known exploited and publicly disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
  • 36. Copyright © 2023 Ivanti. All rights reserved. MS23-07-OFF: Security Updates for Microsoft Office § Maximum Severity: Important § Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office LTSC 2021 for Mac, Office Online Server, Outlook 2013 & 2016, and Word 2103 & 2016 § Description: This security update resolves multiple security issues in Microsoft Office suite. This bulletin references 15 KB articles and release notes for the Mac updates. § Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Information Disclosure § Fixes 10 Vulnerabilities: CVE-2023-36884 is known exploited and publicly disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires application restart § Known Issues: None reported
  • 38. Copyright © 2023 Ivanti. All rights reserved. Windows Release Summary § Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (2), Foxit PhantomPDF (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Thunderbird (1) § Security Updates (w/o CVEs): 7-Zip (1), Adobe Acrobat DC and Acrobat Reader (1), Apache Tomcat (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker for Windows (2), Dropbox (1), Evernote (1), Firefox (2), Firefox ESR (1), GoodSync (2), GIT for windows (1), Cisco Jabber (1), Jabra Direct (1), LogMeIn (1), Malwarebytes (1), System Center Operations Manager 2019 (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), Paint.net (1), Pulse Secure VPN Desktop Client (1), PeaZip (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (5), TeamViewer (3), UltraVNC (1), WinSCP (1), Zoom Client (4), Zoom Rooms Client (2), Zoom VDI (1) § Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (2), Bandicut (1), BlueBeam Revu (1), Bitwarden (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (3), BlueJeans (1), PDF24 Creator (2), PDF-Xchange PRO (1), R for Windows (1), Rocket.Chat Desktop Client (1), WeCom (1)
  • 39. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information § Google Chrome 114.0.5735.199 § CHROME-230627, QGC11405735199 § Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422 § Firefox 115.0 § FF-230704, QFF1150 § Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE- 2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023- 37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211, CVE-2023-37212 § Foxit PhantomPDF 10.1.12.37872 § FIP-230616, QFIP1011237872 § Fixes 4 Vulnerabilities: CVE-2023-27363, CVE-2023-27364, CVE-2023-27365, CVE- 2023-27366
  • 40. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Firefox ESR 115.0 § FFE-230704, QFFE1150 § Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE- 2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023- 37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211, CVE-2023-37212 § Firefox ESR 102.13.0 § FFE-230704, QFFE102130 § Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE- 2023-37208, CVE-2023-37211 § Thunderbird 102.13.0 § TB-230707, QTB102130 § Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE- 2023-37208, CVE-2023-37211
  • 41. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Node.JS 20.3.1 (Current) § NOJSC-230621, QNODEJSC2031 § Fixes 10 Vulnerabilities: CVE-2023-30581, CVE-2023-30582, CVE-2023-30583, CVE- 2023-30584, CVE-2023-30585, CVE-2023-30586, CVE-2023-30587, CVE-2023- 30588, CVE-2023-30589, CVE-2023-30590 § Node.JS 16.20.1 (LTS Lower) § NOJSLL-230621, QNODEJSLL16201 § Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE- 2023-30589, CVE-2023-30590 § Node.JS 18.16.1 (LTS Upper) § NOJSLU-230621, QNODEJSLU18161 § Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE- 2023-30589, CVE-2023-30590
  • 42. Copyright © 2023 Ivanti. All rights reserved. Apple Release Summary § Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1), macOS Big Sur (1), macOS Monterey (1), macOS Ventura (1), Safari (1), Microsoft Edge (1), Thunderbird (1) § Security Updates (w/o CVEs): Slack (1) § Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), aText (2), Calendar 366 II (1), Dropbox (2), Evernote (1), Firefox (2), Google Drive (1), Grammarly (7), Microsoft Edge (2), Spotify (2), Microsoft Teams (Mac) (1), Visual Studio Code (1), Zoom Client (3)
  • 43. Copyright © 2023 Ivanti. All rights reserved. Apple Updates CVE Information § macOS Big Sur 11.7.8 § HT213809 § Fixes 1 Vulnerability: CVE-2023-32434 § macOS Monterey 12.6.7 § HT213810 § Fixes 1 Vulnerability: CVE-2023-32434 § macOS Ventura 13.4.1 § HT213813 § Fixes 2 Vulnerabilities: CVE-2023-32434, CVE-2023-32439 § Safari 16.5.1 v2 § HT213816 § Fixes 1Vulnerability: CVE-2023-32439
  • 44. Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information § Google Chrome 114.0.5735.198 § CHROMEMAC-230626 § Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422 § Firefox 115.0 § FF-230704 § Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE- 2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023- 37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211, CVE-2023-37212 § Microsoft Edge 114.0.1823.67 § MEDGEMAC-230629 § Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
  • 45. Copyright © 2023 Ivanti. All rights reserved. Apple Third Party CVE Information (cont) § Firefox ESR 102.13.0 § FFE-230704 § Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE- 2023-37208, CVE-2023-37211 § Thunderbird 102.13.0 § TB-230707 § Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE- 2023-37208, CVE-2023-37211
  • 46. Q & A
  • 47. Copyright © 2023 Ivanti. All rights reserved. Thank You!