Successfully reported this slideshow.
Your SlideShare is downloading. ×

2021 June Patch Tuesday

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 42 Ad

2021 June Patch Tuesday

Download to read offline

Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Fortunately these are all in the monthly OS rollups so you can knock them out in one update per system. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No additional updates for exchange this month!

Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Fortunately these are all in the monthly OS rollups so you can knock them out in one update per system. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No additional updates for exchange this month!

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Advertisement

Recently uploaded (20)

Advertisement

2021 June Patch Tuesday

  1. 1. Copyright © 2021 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, June 9, 2021 Hosted by: Chris Goettl & Todd Schell
  2. 2. Copyright © 2021 Ivanti. All rights reserved. Agenda June 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
  3. 3. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Overview
  4. 4. Copyright © 2021 Ivanti. All rights reserved. June Patch Tuesday 2021 Microsoft has just released the June Patch Tuesday updates and it is a hot one! There are 49 unique vulnerabilities, six of which have been detected in exploits in the wild. Fortunately, these are all in the monthly OS rollups so you can knock them out in one update per system. Many of the exploited vulnerabilities are only rated as Important and have lower CVSSv3 base scores, which can cause them to be missed in prioritization in some organizations. This brings a very important prioritization challenge to the forefront this month. Vendor severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases. Adopting a Risk-based Vulnerability Management approach and using additional risk indicators and telemetry on real-world attack trends is vital to stay ahead of threats like modern ransomware. And good news for Microsoft Exchange admins, if you are caught up you get this month off! No additional updates for exchange this month!
  5. 5. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News
  6. 6. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News Source: Microsoft  Windows 10 21H1 Released May 18  https://docs.microsoft.com/en-us/windows/release- health/release-information  Enablement packages provide updates from Windows 10 2004 or Windows 10 20H2  PuzzleMaker attacks exploit Windows zero-day, chrome vulnerabilities  https://www.zdnet.com/article/puzzlemaker-attacks-exploit- windows-chrome-zero-day-vulnerabilities/  Feds recover more than $2 million in ransomware payments from Colonial Pipeline hackers  https://www.washingtonpost.com/business/2021/06/07/colonial -pipeline-ransomware-payment-recovered/
  7. 7. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Threat Actors Shift Tactics Quickly Q4 2020 Q1 2020
  8. 8. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerabilities  CVE-2021-31199 Enhanced Cryptographic Provider Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 5.2 / 4.8  Severity: Important  CVE-2021-31201 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability  CVSS 3.0 Scores 5.2 / 4.8  Severity: Important  CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability  CVSS 3.0 Scores 5.5 / 5.1  Severity: Important Source: Microsoft
  9. 9. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerabilities (cont)  CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 7.8 / 7.2  Severity: Important  CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability  CVSS 3.0 Scores: 7.5 / 7.0  Severity: Critical Source: Microsoft
  10. 10. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited and Disclosed Vulnerability  CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 8.4 / 7.8  Severity: Important Source: Microsoft
  11. 11. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2021-31968 Windows Remote Desktop Services Denial of Service Vulnerability  CVSS 3.0 Scores: 7.5 / 6.5  Severity: Important Source: Microsoft
  12. 12. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 10 1809/Server 2019  Windows 10 1909/Server, version 1909  Development Tool and Other Updates  .NET 5.0 and .NET Core 3.1  Visual Studio 2019 v16.4-16.10  Visual Studio 2019 for Mac version 8.10  Visual Studio Code (Kubernetes Tools) Source: Microsoft
  13. 13. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 Windows 10 Pro and Pro Workstation Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  14. 14. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  15. 15. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Bulletins and Releases
  16. 16. Copyright © 2021 Ivanti. All rights reserved. APSB21-37: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 5 critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. See https://helpx.adobe.com/security/products/acrobat/apsb21-37.html for more details.  Impact: Remote Code Execution  Fixes 5 Vulnerabilities: CVE-2021-28551, CVE-2021-28552, CVE-2021-28554, CVE-2021-28631 and CVE-2021-28632  Restart Required: Requires application restart
  17. 17. Copyright © 2021 Ivanti. All rights reserved. MS21-06-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, Server 2016, Server 2019, Server version 1909, Server version 2004, Server version 20H2, IE 11, and Edge Chromium  Description: This bulletin references 5 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31955, CVE-2021-31956, CVE-2021-33739 and CVE-2021-33742 are known exploited. CVE- 2021-31968 and CVE-2021-33739 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  18. 18. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for Windows 10  KB 5003646 – Windows 10, Version 1809, Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  19. 19. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for Windows 10 (cont)  KB 5003635 – Windows 10 version 1909  [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution.
  20. 20. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for Windows 10 (cont)  KB 5003637 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Workaround: Microsoft is working on a resolution.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
  21. 21. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for Windows 10 (cont)  [Game Lag] A small subset of users have reported lower than expected performance in games after installing this update. Most users affected by this issue are running games full screen or borderless windowed modes and using two or more monitors. Workaround: This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your device might help the resolution apply to your device faster. See KB for more info on KIR and Group Policy options.  [Audio] After installing this update, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings. Workaround: Try streaming the video or audio in a web browser or different app, instead of the app affected by this issue. Enable Spatial sound settings by right clicking or long pressing on the volume icon in the notification area, selecting Spatial sound (Off) and selecting any of the available options. Microsoft is working on a resolution.  [Outdated Updates]
  22. 22. Copyright © 2021 Ivanti. All rights reserved. MS21-06-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Internet Explorer 9 and 11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the June 2020 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references KB 5003636.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: CVE-2021-33742 is known exploited. It also fixes CVE- 2021-31959 and CVE-2021-31971.  Restart Required: Requires browser restart  Known Issues: None reported
  23. 23. Copyright © 2021 Ivanti. All rights reserved. MS21-06-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5003210 (released May 11, 2021). Bulletin is based on KB 5003661. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.  Impact: Remote Code Execution, Security Feature Bypass, and Elevation of Privilege  Fixes 12 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956, and CVE-2021-33742 are known exploited. No vulnerabilities are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  24. 24. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for Server 2008  KB 5003661 – Windows Server 2008 (Monthly Rollup)  [SQL Failure] After installing this update or later updates, connections to SQL Server 2005 might fail. Workaround: This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a supported version of SQL Server.  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5003695 – Windows Server 2008 (Security-only Update)  [SQL Failure]  [File Rename]
  25. 25. Copyright © 2021 Ivanti. All rights reserved. MS21-06-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5003695. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, and Windows Storage and Filesystems.  Impact: Security Feature Bypass and Elevation of Privilege  Fixes 10 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021- 31956 are known exploited. No vulnerabilities are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
  26. 26. Copyright © 2021 Ivanti. All rights reserved. MS21-06-MR7-ESU: Monthly Rollup for Win 7 MS21-06-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5003233 (released May 11, 2021). Bulletin is based on KB 5003667. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Remote Desktop, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and Elevation of Privilege  Fixes 14 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956, and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [SQL Failure] and [File Rename]
  27. 27. Copyright © 2021 Ivanti. All rights reserved. MS21-06-SO7-ESU: Security-only Update for Win 7 MS21-06-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5003694. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Remote Desktop, and Windows Storage and Filesystems.  Impact: Security Feature Bypass, Denial of Service and Elevation of Privilege  Fixes 11 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021- 31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [SQL Failure] and [File Rename]
  28. 28. Copyright © 2021 Ivanti. All rights reserved. MS21-06-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 5003208 (released previous May 11, 2021). Bulletin is based on KB 5003697. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 18 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956, and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  29. 29. Copyright © 2021 Ivanti. All rights reserved. MS21-06-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5003696. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, and Windows Storage and Filesystems.  Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 15 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021- 31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  30. 30. Copyright © 2021 Ivanti. All rights reserved. MS21-06-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5003209 (released May 11, 2021). Bulletin is based on KB 5003671. Security updates to Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Storage and Filesystems, Windows HTML Platform, and Microsoft Scripting Engine.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 19 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, CVE-2021-31956, and CVE-2021-33742 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  31. 31. Copyright © 2021 Ivanti. All rights reserved. MS21-06-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5003681. Security updates to Windows App Platform and Frameworks, and Windows Silicon Platform.  Impact: Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: CVE-2021-31199, CVE-2021-31201, and CVE-2021- 31956 are known exploited. CVE-2021-31968 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  32. 32. Copyright © 2021 Ivanti. All rights reserved. MS21-06-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft SharePoint Enterprise Server 2013, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 8 KB articles.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-26420, CVE-2021-31948, CVE-2021-31950, CVE-2021-31963, CVE-2021-31964, CVE-2021-31965, and CVE-2021-31966 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  33. 33. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. June Known Issues for SharePoint Server  KB 5001962 – SharePoint Foundation 2013  [URL Block] DataFormWebPart may be blocked from accessing an external URL, and it generates "8scdc"event tags in SharePoint Unified Logging System (ULS) logs. Workaround: Contact the farm administrator to use PowerShell to add the blocked host name to SPFarm.AllowedSafeDomain. For more information, see KB 5004210.  KB 5001946 – SharePoint Enterprise Server 2016  [URL Block]  KB 5001944 – SharePoint Server 2019  [URL Block]
  34. 34. Copyright © 2021 Ivanti. All rights reserved. MS21-06-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013-2016, Office 2013-2016, Office 2019 for macOS, Office Online Server, Office Web Apps 2013, Outlook 2013-2016  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 10 KB articles plus release notes for the macOS Office.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021- 31949 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  35. 35. Copyright © 2021 Ivanti. All rights reserved. MS21-06-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-31939, CVE-2021-31940, CVE-2021-31941 and CVE-2021- 31949 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  36. 36. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Between Patch Tuesdays
  37. 37. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1), Thunderbird (2), VMware Horizon Client (1), VMware Workstation Player (1), VMware Workstation Pro (1)  Security (w/o CVEs): Audacity (1), Camtasia (1), CCleaner (1), ClickShare App Machine- Wide Installer (1), Falcon sensor for Windows (1), Dropbox (2), Evernote (3), FileZilla Client (4), GoodSync (6), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Node.JS 14.17.0 (3), Notepad++ (1), Opera (4), Pidgin (1), Plex Media Server (5), Skype (2), Slack Machine-Wide Installer (4), Snagit (2), Splunk Universal Forwarder (2), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Apache Tomcat (2), TeamViewer (5), VLC Media Player (2), Wireshark (2), Zoom Client (2), Zoom Outlook Plugin (1)  Non-Security Updates: AIMP (2), Allway Sync (1), BlueJeans Outlook Addin (1), Google Drive File Stream (1), Inkscape (1), IrfanView (1), BlueJeans (3), R for Windows 4.1.0 (1), RingCentral App (Machine-Wide Installer) (1), TortoiseHG (1), RealVNC Viewer (1), Cisco WebEx Teams (2)
  38. 38. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 91.0.4472.77  CHROME-210525, QGC910447277  Fixes 21 Vulnerabilities: CVE-2021-21212, CVE-2021-30521, CVE-2021-30522, CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE- 2021-30527, CVE-2021-30528, CVE-2021-30529, CVE-2021-30530, CVE-2021- 30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30535, CVE-2021-30536, CVE-2021-30537, CVE-2021-30538, CVE-2021-30539, CVE- 2021-30540  Thunderbird 78.10.2  TB-210517, QTB78102  Fixes 2 Vulnerabilities: CVE-2021-29956, CVE-2021-29957  Thunderbird 78.11.0  TB-210603, QTB78102  Fixes 2 Vulnerabilities: CVE-2021-29964, CVE-2021-29967
  39. 39. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 89.0  FF-210601, QFF890  Fixes 9 Vulnerabilities: CVE-2021-29959, CVE-2021-29960, CVE-2021-29961, CVE-2021-29962, CVE-2021-29963, CVE-2021-29964, CVE-2021-29965, CVE- 2021-29966, CVE-2021-29967  Firefox ESR 78.11.0  FFE-210601, QFFE78110  Fixes 2 Vulnerabilities: CVE-2021-29964, CVE-2021-29967  VMware Horizon Client 5.5.2  VMWH5-210521, QVMWH552  Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
  40. 40. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  VMware Workstation Player 16.1.2  VMWP16-210519, QVMWP1612  Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989  VMware Workstation Pro 16.1.2  VMWW16-210519, QVMWW1612  Fixes 3 Vulnerabilities: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989
  41. 41. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Q & A
  42. 42. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Thank You!

×