Successfully reported this slideshow.
Your SlideShare is downloading. ×

Fr february 2022 patch tuesday v2 presenters slides

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
2022 February Patch Tuesday
2022 February Patch Tuesday
Loading in …3
×

Check these out next

1 of 48 Ad

Fr february 2022 patch tuesday v2 presenters slides

Download to read offline

février - Diapositives des présentateurs du Patch Tuesday français

février - Diapositives des présentateurs du Patch Tuesday français

Advertisement
Advertisement

More Related Content

Advertisement
Advertisement

Fr february 2022 patch tuesday v2 presenters slides

  1. 1. Webinar Patch Tuesday jeudi 10 février 2022 Présenté par Gency Myrtezai
  2. 2. Agenda February 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  3. 3. Overview
  4. 4. Copyright © 2022 Ivanti. All rightsreserved. February Patch Tuesday 2022 Sys Admins may be feeling a little gun shy after the January Windows OS updates went awry with three known issues. Details in the following out-of-band update on January 18 stated "This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount” which did look to stabilize matters. Enter February Patch Tuesday! The lineup this month is smaller than average with only 48 new CVEs being resolved and 3 re-released fixes. Another interesting note is all CVEs this month are only rated as Important. There are fixes for Print Spooler and Hyper-V which are some key places to focus your testing this month.
  5. 5. In the News
  6. 6. Copyright © 2022 Ivanti. All rightsreserved. In the News ▪ UEFI firmware vulnerabilities affect at least 25 computer vendors ▪ https://www.bleepingcomputer.com/news/security/uefi-firmware- vulnerabilities-affect-at-least-25-computer-vendors/ ▪ CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability ▪ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882 (exploit identified just days after Jan patch Tuesday) ▪ https://thehackernews.com/2022/02/cisa-orders-federal-agencies-to- patch.html ▪ Ransomware 2022 Spotlight Report ▪ https://www.ivanti.com/lp/security/reports/ransomware-spotlight-year-end- 2021-report
  7. 7. Copyright © 2022 Ivanti. All rightsreserved. Publicly Disclosed Vulnerabilities ▪ CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability ▪ CVSS 3.1 Scores: 7.8 / 7.0 ▪ Severity: Important ▪ Impacts all Windows workstation and server operating systems.
  8. 8. Copyright © 2022 Ivanti. All rightsreserved. Microsoft Patch Tuesday Updates of Interest ▪ Advisory 990001 Latest Servicing Stack Updates (SSU) ▪ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 ▪ Updated SSUs this month ▪ Windows Server 2008 ▪ Windows 7/Server 2008 R2 ▪ Development Tool and Other Updates ▪ .NET 5.0 ▪ .NET 6.0 ▪ Azure Data Explorer ▪ Microsoft Teams for Android/ioS ▪ PowerBI-client JS SDK ▪ Visual Studio 2022 version 17.0 ▪ Visual Studio 2019 version 16.11 ▪ Visual Studio 2019 version 16.9 Source: Microsoft
  9. 9. Copyright © 2022 Ivanti. All rightsreserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 1909 11/12/2019 5/10/2022 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2022 8/18/2021 10/13/2026 20H2 10/20/2020 5/10/2022 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023 ▪ Lifecycle Fact Sheet ▪ https://docs.microsoft.com/en-us/lifecycle/faq/windows
  10. 10. Copyright © 2022 Ivanti. All rightsreserved. Server 2012/2012 R2 EOL is Coming ▪ Lifecycle Fact Sheet ▪ https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
  11. 11. Copyright © 2022 Ivanti. All rightsreserved. Patch Content Announcements ▪ Announcements Posted on Community Forum Pages ▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 ▪ Subscribe to receive email for the desired product(s) New! New!
  12. 12. Bulletins and Releases
  13. 13. Copyright © 2022 Ivanti. All rightsreserved. MFSA-2022-04: Security Update Firefox 97 ▪ Maximum Severity: Critical (High) ▪ Affected Products: Firefox ▪ Description: This security update from Mozilla addresses critical vulnerabilities in the Firefox application on multiple platforms. Of the 12 reported vulnerabilities, 4 are rated as High. See https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/ for complete details. ▪ Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and Information Disclosure ▪ Fixes 12 Vulnerabilities: See link to Mozilla bulletin ▪ Restart Required: Requires application restart ▪ Known Issues: None
  14. 14. Copyright © 2022 Ivanti. All rightsreserved. MFSA-2022-05: Security Update Firefox ESR 91.6 ▪ Maximum Severity: Critical (High) ▪ Affected Products: Firefox ESR ▪ Description: This security update from Mozilla addresses critical vulnerabilities in the Firefox ESR application on multiple platforms. Of the 8 reported vulnerabilities, 3 are rated as High. See https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/ for complete details. ▪ Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege and Information Disclosure ▪ Fixes 8 Vulnerabilities: See link to Mozilla bulletin ▪ Restart Required: Requires application restart ▪ Known Issues: None
  15. 15. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-W11: Windows 11 Update ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows11 Version 21H2 and Edge Chromium ▪ Description: This bulletin references KB 5010386. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: None reported
  16. 16. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-W10: Windows 10 Update ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium ▪ Description: This bulletin references 7 KB articles. See KBs for the list of changes. ▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 21 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: See next slides
  17. 17. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Windows 10 ▪ KB 5010359 – Windows 10, version 1607, Windows Server 2016 ▪ [AD Forest Trust] After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note: These out-of-band updates are not available from WindowsUpdate and will not install automatically. See KB for a list of .NET links.
  18. 18. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Windows 10 (cont) ▪ KB 5010351 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 ▪ [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution. ▪ [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571. ▪ [AD Forest Trust]
  19. 19. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Windows 10 (cont) ▪ KB 5010342 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 ▪ [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322. ▪ [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automaticallyreplaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
  20. 20. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Windows 10 (cont) ▪ KB 5010342 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 ▪ [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details. ▪ KB 5010354 – Server 2022 ▪ [Smart Card Failure] ▪ [AD Forest Trust]
  21. 21. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-MR2K8-ESU: Monthly Rollup for Windows Server 2008 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft WindowsServer 2008 and IE 9 ▪ Description: This security update includes improvements and fixes that were a part of update KB 5009627 (released January 11, 2022) and update KB 5010799 (released January 17, 2022). Bulletin is based on KB 5010384. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 10 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: See next slide.
  22. 22. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Server 2008 ▪ KB 5010384 – Windows Server 2008 (Monthly Rollup) ▪ [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administratorprivilege. Workaround: Perform the operation from a process that has administratorprivilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution. ▪ KB 5010403 – Windows Server 2008 (Security-only Update) ▪ [File Rename]
  23. 23. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-SO2K8-ESU: Security-only Update for Windows Server 2008 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft WindowsServer 2008 ▪ Description: Addresses vulnerabilities in the operating system kernel, print spooler, log file driver, and more. Bulletin is based on KB 5010403. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 10 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: See previous slide.
  24. 24. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-MR7-ESU: Monthly Rollup for Win 7 MS22-02-MR2K8R2-ESU Monthly Rollup for Server 2008 R2 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows7, Server 2008 R2, and IE 11 ▪ Description: This security update includes improvements and fixes that were a part of update KB 5009610 (released January 11, 2022) and update KB 5010798 (released January 17, 2022). Bulletin is based on KB 5010404. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 10 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  25. 25. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-SO7-ESU: Security-only Update for Win 7 MS22-02-SO2K8R2-ESU: Security-only Update for Server 2008 R2 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows7 and Server 2008 R2 ▪ Description: Addresses vulnerabilities in the operating system kernel, print spooler, log file driver, and more. Bulletin is based on KB 5010422. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 10 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename]
  26. 26. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-MR8: Monthly Rollup for Server 2012 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft WindowsServer 2012 and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 5009586 (released January 11, 2022) and update KB 5010797 (released January 17, 2022). Bulletin is based on KB 5010392. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] and [AD Forest Trust]
  27. 27. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-SO8: Security-only Update for Windows Server 2012 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft WindowsServer 2012 ▪ Description: Addresses vulnerabilities in the operating system kernel, print spooler, log file driver, and more. Bulletin is based on KB 5010412. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] and [AD Forest Trust]
  28. 28. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows8.1, Server 2012 R2, and IE ▪ Description: This security update includes improvements and fixes that were a part of update KB 5009624 (released January 11, 2022) and update KB 5010794 (released January 17, 2022). Bulletin is based on KB 5010419. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] and [AD Forest Trust]
  29. 29. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft Windows8.1, Server 2012 R2 ▪ Description: Addresses vulnerabilities in the operating system kernel, print spooler, log file driver, and more. Bulletin is based on KB 5010395. ▪ Impact: Denial of Service, Elevation of Privilege and Information Disclosure ▪ Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2022-21989 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. ▪ Restart Required: Requires restart ▪ Known Issues: [File Rename] and [AD Forest Trust]
  30. 30. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-OFF: Security Updates for Microsoft Office ▪ Maximum Severity: Important ▪ Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 and LTSC 2021 for macOS, Office Online Server, Office Web Apps Server 2013 and Outlook 2016 for macOS ▪ Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office. ▪ Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure ▪ Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-22003, CVE-2022-22716, CVE-2022-23252 and CVE-2022- 23280 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
  31. 31. Copyright © 2022 Ivanti. All rightsreserved. MS22-01-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 ▪ Maximum Severity: Important ▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 ▪ Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. ▪ Impact: Remote Code Execution and Information Disclosure ▪ Fixes 5 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-21988, CVE-2022-22003, CVE-2022-22004, CVE-2022-22716 and CVE-2022-23252 are fixed in this release. ▪ Restart Required: Requires application restart ▪ Known Issues: None reported
  32. 32. Copyright © 2022 Ivanti. All rightsreserved. MS22-02-SPT: Security Updates for SharePoint Server ▪ Maximum Severity: Important ▪ Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Server 2019 ▪ Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution or a security feature bypass if a user opens a specially crafted Office file. This bulletin is based on 6 bulletins. ▪ Impact: Remote Code Execution, Security Feature Bypass, Spoofing and Information Disclosure ▪ Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-21968, CVE-2022-21987, CVE-2022-22005 and CVE-2022- 22716 are fixed in this release. ▪ Restart Required: Requires restart ▪ Known Issues: See next slide
  33. 33. Copyright © 2022 Ivanti. All rightsreserved. February Known Issues for Sharepoint Server ▪ KB 5002135 – SharePoint Server 2019 ▪ [Translate] The Machine Translation service fails if the content contains certain HTML tags. To work around this issue, see ‘Publishing pages cannot be translated in SharePoint Server 2019’ (KB5011291).
  34. 34. Between Patch Tuesdays
  35. 35. Copyright © 2022 Ivanti. All rightsreserved. Release Summary ▪ Security Updates (with CVEs): Google Chrome (2), Amazon Corretto (2), Docker for Windows (1), Firefox (1), Firefox ESR (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 8 (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1), RedHat OpenJDK JDK 11 (1), RedHat OpenJDK 8 (1), RedHat OpenJDK JRE 11 (1), Thunderbird (1), VMware Workstation Player (1), VMware Workstation Pro (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8 (1) ▪ Security (w/o CVEs): Box Edit (1), CCleaner (2), ClickShare App Machine-Wide Installer (2), Falcon Sensor for Windows (2), Docker for Windows Stable (2), Dropbox (2), Eclipse Adoptium JDK 11 (1), Eclipse Adoptium JDK 8 (1), Evernote (2), Firefox (3), Firefox ESR (1), GoodSync (2), GIT for Windows (3), Jabra Direct (1), Java Development Kit 17 (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (Maintain) (1), Notepad++ (2), Opera (3), VirtualBox (1), Plex Media Server (4), Royal TS (1), Skype (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), TortoiseGit (1), Apache Tomcat (2), TeamViewer (1), WinRAR (1)Zoom Client (1), Zoom Outlook Plugin (1), Zoom VDI (1) ▪ Non-Security Updates: Box Sync (1), Google Drive File Stream (1), BlueJeans (1), NextCloud Desktop Client (1), RingCentral App (Machine-Wide Installer) (2), Rocket.Chat Desktop Client (2)Cisco WebEx Teams (2), WinMerge (1)
  36. 36. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information ▪ Google Chrome 97.0.4692.99 ▪ CHROME-220119, QGC970469299 ▪ Fixes 22 Vulnerabilities: CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE- 2022-0292, CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022- 0302, CVE-2022-0303, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306, CVE- 2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311 ▪ Google Chrome 98.0.4758.80 ▪ CHROME-220202, QGC980475880 ▪ Fixes 7 Vulnerabilities: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE- 2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022- 0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE- 2022-0469, CVE-2022-0470
  37. 37. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Java 8 Update 321 ▪ JAVA8-321, QJAVA8U321 ▪ Java Development Kit 8 Update 321 ▪ JDK8-321, QJDK8U321 ▪ Fixes 14 Vulnerabilities in each: CVE-2022-21248, CVE-2022-21271, CVE-2022- 21282, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE- 2022-21349, CVE-2022-21360, CVE-2022-21365 ▪ RedHat OpenJDK 8.0.322 ▪ RHTJDK8-220131, QRHTJDK180322 ▪ Fixes 12 Vulnerabilities: CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE- 2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022- 21365
  38. 38. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Java Development Kit 11 Update 11.0.14 ▪ JDK11-220118, QJDK11U11014 ▪ Fixes 16 Vulnerabilities: CVE-2022-21248, CVE-2022-21271, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE- 2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022- 21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366 ▪ RedHat OpenJDK JDK 11.0.14.9 ▪ RHTJDK11-220131, QRHTJDK110149 ▪ RedHat OpenJDK JRE 11.0.14.9 ▪ RHTJRE11-220131, QRHTJRE110149 ▪ Fixes 15 Vulnerabilities in each: CVE-2022-21248, CVE-2022-21277, CVE-2022- 21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE- 2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
  39. 39. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Amazon Corretto 8 Update 322 ▪ CORRETTO8-322, QCORRETTO8322 ▪ Fixes 12 Vulnerabilities: CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE- 2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022- 21365 ▪ Amazon Corretto 11.0.14.9.1 ▪ CORRETTO11-220118, QCORRETTO11014 ▪ Fixes 15 Vulnerabilities: CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE- 2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022- 21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
  40. 40. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Firefox 96.0 ▪ FF-220111, QFF96 ▪ Fixes 18 Vulnerabilities: CVE-2021-4140, CVE-2022-22736, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE- 2022-22742, CVE-2022-22743, CVE-2022-22744, CVE-2022-22745, CVE-2022- 22746, CVE-2022-22747, CVE-2022-22748, CVE-2022-22749, CVE-2022-22750, CVE-2022-22751, CVE-2022-22752 ▪ Firefox ESR 91.5.0 ▪ FFE-220111, QFFE9150 ▪ Fixes 14 Vulnerabilities: CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE- 2022-22743, CVE-2022-22744, CVE-2022-22745, CVE-2022-22746, CVE-2022- 22747, CVE-2022-22748, CVE-2022-22751
  41. 41. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Node.JS 17.3.1 (Current) ▪ NOJSC-220111, QNODEJSC1731 ▪ Node.JS 14.18.3 (LTS Lower) ▪ NOJSLL-220111, QNODEJSL14183 ▪ Node.JS 16.13.2 (LTS Upper) ▪ NOJSLU-220111, QNODEJSLU16132 ▪ Node.JS 12.22.9 (Maintain) ▪ NOJSM-220111, QNODEJSLU12229 ▪ Fixes 4 Vulnerabilities in each: CVE-2021-44531, CVE-2021-44532, CVE-2021-44533, CVE- 2022-21824
  42. 42. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Docker for Windows Stable 4.4.2.0 ▪ DOCKER-220113, QDOCKER4420 ▪ Fixes 1 Vulnerability: CVE-2021-45449 ▪ Foxit PDF Editor 11.2.1.53537 ▪ FPDFE-220128, QFPDFE112153537 ▪ Foxit PDF Reader Consumer 11.2.1.53537 ▪ FPDFRC-220128, QFPDFRC112153537 ▪ Foxit PDF Reader Enterprise 11.2.1.53537 ▪ FPDFRE-220128, QFPDFRE112153537 ▪ Fixes 7 Vulnerabilities in each: CVE-2018-1285, CVE-2021-40420, CVE-2021-44708, CVE- 2021-44709, CVE-2021-44740, CVE-2021-44741, CVE-2022-22150
  43. 43. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Thunderbird 91.5.0 ▪ TB-220111, QTB9150 ▪ Fixes 13 Vulnerabilities: CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022- 22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE- 2022-22744, CVE-2022-22745, CVE-2022-22746, CVE-2022-22747, CVE-2022-22748 ▪ VMware Workstation 16.2.2 Player ▪ VMWP16-220118, QVMWP1622 ▪ VMware Workstation 16.2.2 Pro ▪ VMWW16-220118, QVMWW1622 ▪ Fixes 1 Vulnerability in each: CVE-2022-22938
  44. 44. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Azul Zulu JDK 8.60.0.21 (8u322) ▪ ZULUJDK8-220118, QZULUJDK860021 ▪ Azul Zulu JRE 8.60.0.21 (8u322) ▪ ZULUJRE8-220118, QZULUJRE860021 ▪ Fixes 15 Vulnerabilities: CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE- 2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022- 21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365
  45. 45. Copyright © 2022 Ivanti. All rightsreserved. Third Party CVE Information (cont) ▪ Azul Zulu JDK 11.54.23 (11.0.14) ▪ ZULUJDK11-220118, QZULUJDK115423 ▪ Azul Zulu JRE 11.54.23 (11.0.14) ▪ ZULUJRE11-220118, QZULUJRE115423 ▪ Fixes 15 Vulnerabilities: CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE- 2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022- 21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
  46. 46. Q & A
  47. 47. Copyright © 2022 Ivanti. All rightsreserved. Prochains Rendez-vous Patch Tuesday https://www.ivanti.fr/resources/patch-tuesday Sauf exception, le jeudi suivant le Patch Tuesday (2e mardi de chaque mois) à 16h00 • 13 janvier • 10 février • 10 mars • 14 avril • 12 mai • 16 juin • 19 juillet • 11 août • 15 septembre • 13 octobre • 10 novembre • 15 décembre
  48. 48. Copyright © 2022 Ivanti. All rightsreserved. Thank You!

×