Patch Tuesday Webinar Wednesday, August 12, 2020 Hosted by: Chris Goettl & T...
Agenda August 2020 Patch Tuesday Overview In the News Bulletins and Releases...
Overview
Copyright © 2020 Ivanti. All rights reserved.
In the News
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. FBI PIN Warns of Increased Atta...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Netlogon Secure Channel Connect...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited and Publicly Di...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited  CVE-2020-1380...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Another CVE of Interest  CVE-2...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates...
Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness ...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Blog  Latest Patch Relea...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  A...
Bulletins and Releases
Copyright © 2020 Ivanti. All rights reserved. APSB20-48: Security Update for Adobe Acrobat and Reader  Maximum Severity: ...
Copyright © 2020 Ivanti. All rights reserved. ICLOUD-200811: Security Update for iCloud for Windows 11.3  Maximum Severit...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Produ...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-IE: Security Updates for Internet Explorer  Maximum Severity: Criti...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Server ...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Se...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR7-ESU: Monthly Rollup for Win 7 MS20-08-MR2K8R2-ESU Monthly Rollup...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO7-ESU: Security-only Update for Win 7 MS20-08-SO2K8R2-ESU: Securit...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  A...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severi...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum ...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Critica...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SONET: Security-only Update for Microsoft .Net  Maximum Severity: C...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Criti...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum ...
Copyright © 2020 Ivanti. All rights reserved. MS20-08-SPT: Security Updates for SharePoint Server  Maximum Severity: Impo...
Between Patch Tuesdays
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Upda...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  G...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  M...
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  T...
Q & A
Thank You!
Patch Tuesday August 2020

Are you bored sitting at home in Covid Quarantine? We have a little excitement for you this month with two zero day releases from Microsoft. These vulnerabilities impact all Windows Operating System versions going back to Windows 7 and Server 2008, and also Internet Explorer 11 across all supported OSs. This release also includes the resolution of Windows Print Spooler Elevation of Privilege vulnerability (CVE-2020-1337) that made recent headlines. Adobe Acrobat, Reader and Apple iCloud also have critical updates resolving 26 and 20 CVEs respectively.

Patch Tuesday August 2020

  1. 1. Copyright © 2020 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, August 12, 2020 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 113 229 7116
  2. 2. Copyright © 2020 Ivanti. All rights reserved. Agenda August 2020 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
  3. 3. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Overview
  4. 4. Copyright © 2020 Ivanti. All rights reserved.
  5. 5. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News
  6. 6. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. FBI PIN Warns of Increased Attacks on EoL OSs  FBI issues warnings over Windows 7 end-of-life  https://www.zdnet.com/article/fbi-issues-warning-over-windows-7-end-of-life/  FBI PIN 20200803-002  https://www.documentcloud.org/documents/7013545-Windows-7- End-of-Life-PIN-20200803-002-BC.html  Microsoft to remove all Windows downloads signed with SHA-1  https://www.bleepingcomputer.com/news/microsoft/microsoft-to- remove-all-windows-downloads-signed-with-sha-1/ Source: Microsoft
  7. 7. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Netlogon Secure Channel Connections  Changes Associated with CVE-2020-1472  Deployment Guidelines  Deploy August 11th updates  Monitor for warning events  Act on warning events  Full enforcement mode goes into effect February 9, 2021
  8. 8. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed  CVE-2020-1464 Windows Spoofing Vulnerability  A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.  In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.  The update addresses the vulnerability by correcting how Windows validates file signatures. Source: Microsoft
  9. 9. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Known Exploited  CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.  In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user- provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. Source: Microsoft
  10. 10. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Another CVE of Interest  CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.  The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. Source: Microsoft
  11. 11. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001  Updated SSUs this month  Windows 7/Server 2008/2008 R2  Windows 10 1809 > 2004  Development Tool and Other Updates  ASP.NET Core 2.1, 3.1  Visual Studio 2017-2019  Visual Studio Code Source: Microsoft
  12. 12. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
  13. 13. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness (cont)  Enterprise LTSB/LTSC Support  Complete Lifecycle Fact Sheet  https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet Source: Microsoft
  14. 14. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Blog  Latest Patch Releases  Microsoft and Third-party  Security and non-Security  CVE Analysis  Security Events of Interest  Host: Brian Secrist  https://www.ivanti.com/blog /topics/patch-tuesday
  15. 15. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  16. 16. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Bulletins and Releases
  17. 17. Copyright © 2020 Ivanti. All rights reserved. APSB20-48: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html  Restart Required: Requires application restart
  18. 18. Copyright © 2020 Ivanti. All rights reserved. ICLOUD-200811: Security Update for iCloud for Windows 11.3  Maximum Severity: Critical  Affected Products: iCloud for Windows  Description: Apple has released a security update for iCloud for Windows supporting Windows 10 and later.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, and Spoofing  Fixes 20 Vulnerabilities: https://support.apple.com/en-us/HT211294  Restart Required: Requires application restart
  19. 19. Copyright © 2020 Ivanti. All rights reserved. MS20-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, Server 2016, Server 2019, Server version 1709, Server version 1803, Server version 2004, IE 11 and Microsoft Edge  Description: This bulletin references 19 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 94 Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  20. 20. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10  KB 4571694 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  21. 21. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4565349 – Windows 10, Version 1809, Server 2019 All Versions  [Edge] After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,”0x80704006. Hmmmm…can’t reach this page” when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. Workaround: Do one of the following:  Update to the new, Chromium-based Microsoft Edge and configure it to allow the port used for the affected site.  Use Internet Explorer 11 to access the website.  Update Windows 10 to a newer version.  Configure the website to use a standard port on the server side. Don’t use a port that is listed in the Fetch Standard specification under bad ports or port blocking.  Microsoft is working on a resolution.
  22. 22. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 4566782 – Windows 10, Version 2004  [Editor] When using some apps, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese might receive an error, or the app might stop responding or close when attempting to drag using the mouse. Workaround: 1. Select Start, type Settings and select it or press enter. 2. Type IME settings into the search box within Settings and select the IME settings that are appropriate to your language, for example Japanese IME Settings. 3. Select General. 4. Turn on Use previous version of Microsoft IME.  Microsoft is working on a solution.
  23. 23. Copyright © 2020 Ivanti. All rights reserved. MS20-08-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: IE 9 and IE 11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the August 2020 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 12 KB articles.  Impact: Remote Code Execution  Fixes 3 Vulnerabilities: CVE-2020-1567 and CVE-2020-1570 are fixed in IE 9. CVE-2020-1380, CVE-2020-1567 and CVE-2020-1570 are fixed in IE 11. CVE-2020- 1380 is known exploited.  Restart Required: Requires restart  Known Issues: None reported
  24. 24. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: Security update includes improvements and fixes that were a part of update KB 4565536 (released July 14, 2020). Bulletin is based on KB 4571730. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 + 2 (IE 9) Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  25. 25. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. August Known Issues for Server 2008  KB 4571730 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4571746 – Windows Server 2008 (Security-only Update)
  26. 26. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4571746. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Kernel, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 31 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
  27. 27. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR7-ESU: Monthly Rollup for Win 7 MS20-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565524 (released July 14, 2020). Bulletin is based on KB 4571729. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  28. 28. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO7-ESU: Security-only Update for Win 7 MS20-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4571719. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Storage and Filesystems, Windows Network Security and Containers, Windows File Server and Clustering, Windows Hybrid Storage Services, Microsoft Scripting Engine, and Windows SQL components.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 53 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  29. 29. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565537 (released July 14, 2020). Bulletin is based on KB 4571736. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  30. 30. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4571702. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  31. 31. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: Security update includes improvements and fixes that were a part of update KB 4565541 (released July 14, 2020). Bulletin is based on KB 4571703. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 + 3 IE Vulnerabilities: CVE-2020-1380 is known exploited. CVE-2020-1464 is known exploited and publicly disclosed. See Details column of Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  32. 32. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4571723. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components, Microsoft Scripting Engine, and Windows Remote Desktop.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 58 Vulnerabilities: CVE-2020-1464 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  33. 33. Copyright © 2020 Ivanti. All rights reserved. MS20-08-MRNET: Monthly Rollup for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  34. 34. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SONET: Security-only Update for Microsoft .Net  Maximum Severity: Critical  Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8  Description: The update changes how ASP.NET and .NET handle requests which could result in IIS improperly allowing access to cached files. It also addresses a vulnerability by correcting how .NET Framework processes input resulting in code execution. This bulletin references 12 KB articles.  Impact: Remote Code Execution and Elevation of Privilege  Fixes 2 Vulnerabilities: CVE-2020-1046 and CVE-2020-1476  Restart Required: Does not require a system restart after you apply it unless files that are being updated are locked or are being used.  Known Issues: None reported
  35. 35. Copyright © 2020 Ivanti. All rights reserved. MS20-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Access 2010-2016, Excel 2010-2016, Office 2010-2016, Outlook 2010-2016, Word 2010-2016, Office 2016 and 2019 for macOS  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Guide for specific details on each. This bulletin references 22 KB articles plus release notes for MacOS.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
  36. 36. Copyright © 2020 Ivanti. All rights reserved. MS20-08-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Information Disclosure  Fixes 13 Vulnerabilities: CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, and CVE-2020- 1583  Restart Required: Requires application restart  Known Issues: None reported
  37. 37. Copyright © 2020 Ivanti. All rights reserved. MS20-08-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 12 KB articles.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 10 Vulnerabilities: CVE-2020-1495, CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1502, CVE-2020-1503, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580, and CVE-2020-1583  Restart Required: Requires restart  Known Issues: None reported
  38. 38. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Between Patch Tuesdays
  39. 39. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Updates: Apple iTunes (1), Amazon Corretto (1), Box Edit (1), Camtasia (1), CCleaner (2), Cisco Jabber (1), Crowdstrike Falcon Sensor (1), Dropbox (2), Firefox (1), Firefox ESR (1), Foxit PhantomPDF (1), Foxit Reader (2), FileZilla (1), GoodSync (4), Google Chrome (2), Google Earth Pro (1), GIT for Windows (1), LibreOffice (1), Malwarebytes (1), Microsoft Edge Chromium (5), Nitro Pro (2), Node.JS (4), Notepad++ (1), Opera (4), Power BI Desktop (5), Paint.net (1), Plex Media Server (1), Powershell 7 (1), Skype (1), Slack (1), Snagit (3), Splunk Forwarder (1), SQL Server Management Studio (1), Tableau (10), Thunderbird (4), TeamViewer (5), WinSCP (1), Zoom Client (1)  Non-Security Updates: AIMP (2), Azure Information Protection (1), BlueJeans (1), Box Drive (1), Google Drive (1), GOM Player (1), Microsoft (16), PDF-Xchange PRO (1), RingCentral App (1), Royal TS (1), TortoiseHG (1), Visual Studio Code (3), Webex Teams (1)
  40. 40. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 84.0.4147.125  CHROME-200810, QGC8404147125  Fixes 14 Vulnerabilities: CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020- 6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020- 6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020- 6555  Google Chrome 84.0.4147.105  CHROME-200728, QGC8404147105  Fixes 6 Vulnerabilities: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE- 2020-6539, CVE-2020-6540, CVE-2020-6541
  41. 41. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Microsoft Edge 84.0.522.40  MEDGE-200717, QMEDGE84052240  Fixes 25 Vulnerabilities: CVE-2020-6510,CVE-2020-6511,CVE-2020-6512,CVE- 2020-6513,CVE-2020-6514,CVE-2020-6515,CVE-2020-6516,CVE-2020- 6517,CVE-2020-6518,CVE-2020-6519,CVE-2020-6520,CVE-2020-6522,CVE- 2020-6523,CVE-2020-6524,CVE-2020-6525,CVE-2020-6526,CVE-2020- 6527,CVE-2020-6528,CVE-2020-6529,CVE-2020-6530,CVE-2020-6531,CVE- 2020-6533,CVE-2020-6534,CVE-2020-6535,CVE-2020-6536  Firefox 79.0, Firefox ESR 68.11.0, Firefox ESR 78.1.0  FF-200728, QFF790  FFE-200728, QFFE7810, QFFE68110  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
  42. 42. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  Thunderbird 78.0  TB-200716, QTB780  Fixes 14 Vulnerabilities: CVE-2020-12402,CVE-2020-12415,CVE-2020- 12416,CVE-2020-12417,CVE-2020-12418,CVE-2020-12419,CVE-2020- 12420,CVE-2020-12421,CVE-2020-12422,CVE-2020-12423,CVE-2020- 12424,CVE-2020-12425,CVE-2020-12426,CVE-2020-15648  Thunderbird 78.1.0  TB-200731, QTB7810  Fixes 10 Vulnerabilities: CVE-2020-6463,CVE-2020-6514,CVE-2020-15652,CVE- 2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020- 15657,CVE-2020-15658,CVE-2020-15659
  43. 43. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Q & A
  44. 44. Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. Thank You!

