More Related Content Similar to Patch Tuesday de Julio (20) Patch Tuesday de Julio4. Copyright © 2023 Ivanti. All rights reserved.
July Patch Tuesday 2023
Microsoft resolved 130 new CVEs, updated 9 CVEs, and releasedupdated 3 Advisories this month.
There are 6 confirmed Zero Day Exploits this month and another with functional exploit code. The OS
and Office updates are going to be your priority this month and will take care of the majority of the risk,
but CVE-2023-36884 is a configuration-only mitigation so another update may soon be here. There are
some operational changes in NetLogon and Kerberos stepping up enforcement from a couple of CVEs
resolved in 2022 that you will want to be aware of. For more details check out our complete writeup in
this months Patch Tuesday Blog: https://www.ivanti.com/blog/july-2023-patch-tuesday
6. Copyright © 2023 Ivanti. All rights reserved.
In the News
Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS,
iPadOS, macOS, and Safari
https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html
Apple releases, quickly pulls Rapid Security Response update for 0-
day WebKit bug
https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/amp/
Unpatched Office zero-day CVE-2023-36884 actively exploited in
targeted attacks
https://securityaffairs.com/148380/hacking/office-zero-day-cve-2023-36884.html
Oracle Critical Product Updates (CPU)
https://www.oracle.com/security-alerts/
Coming July 18th
7. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Security Advisories
Advisory 230001
Guidance on Microsoft Signed Drivers Being Used Maliciously
https://msrc.microsoft.com/update-guide/vulnerability/ADV230001
Notice of additions to Driver.STL revocation list
Advisory 230002
Microsoft Guidance for Addressing Security Feature Bypass in Trend
Micro EFI Modules
https://msrc.microsoft.com/update-guide/vulnerability/ADV230002
8. Copyright © 2023 Ivanti. All rights reserved.
Vulnerabilities of Interest
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability
CVSS 3.1 Scores: 7.2 / 6.3
Severity: Critical
All supported server operating systems
Per Microsoft - Microsoft is announcing the release of the third phase of Windows security
updates to address this vulnerability. These updates remove the ability to disable PAC
signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft
strongly recommends that customers install the June updates to be fully protected from this
vulnerability, and review How to manage the Kerberos and Netlogon Protocol changes
related to CVE-2022-37967 for further information. Customers whose Windows devices are
configured to receive automatic updates do not need to take any further action.
July Change: Initial Enforcement – Default configuration set to enforce PAC Signature
validation. Can still be override by Admin through configuration.
October Change: Full Enforcement – no more admin override.
9. Copyright © 2023 Ivanti. All rights reserved.
Vulnerabilities of Interest
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability
CVSS 3.1 Scores: 8.1 / 7.1
Severity: Important
This month begins ‘enforcement by default’.
This has been a multi-year, multi-phase implementation to correct a complex system flaw.
For more details see KB5021130: How to manage the Netlogon protocol changes related to
CVE-2022-38023
July Change: Full Enforcement – No more compatibility or audit only mode. After the July
update Netlogon will require RPC Sealing.
10. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
CVSS 3.1 Scores: 6.7 / 6.2
Severity: Important
This is a re-issue from May.
All currently supported operating systems
To comprehensively address CVE-2023-24932, Microsoft has released July 2023 security
updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that
customers install the updates to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need to take any further action.
11. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
CVE-2023-36884 Office and Windows HTML Remote Code Execution
Vulnerability
CVSS 3.1 Scores: 8.3 / 8.1
Severity: Important
All currently supported operating systems and Microsoft Office
Per Microsoft - The CVE is rated as Important but has confirmed reports of exploitation in the
wild and functional code has been publicly disclosed for this vulnerability. An attacker could
create a specially crafted Microsoft Office document that enables them to perform remote
code execution in the context of the victim. Microsoft has not yet released an update to
fix this issue but has provided a configuration level mitigation to block Office applications
from creating child processes. Running as least privileged could also help to mitigate the
attack and require the attacker to execute additional exploits to elevate their privilege level.
Microsoft has released a blog entry describing steps that can be taken to protect systems
until a fix becomes available.
12. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability
CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege
Vulnerability
CVSS 3.1 Scores: 7.8 / 6.8
Severity: Important
All currently supported operating systems
Per Microsoft - While Microsoft has announced retirement of the Internet Explorer 11
application on certain platforms and the Microsoft Edge Legacy application is deprecated,
the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The
MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other
applications through WebBrowser control. The EdgeHTML platform is used by WebView and
some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but
can also be used by other legacy applications. Updates to address vulnerabilities in the
MSHTML platform and scripting engine are included in the IE Cumulative Updates;
EdgeHTML and Chakra changes are not applicable to those platforms.
13. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
CVE-2023-32049 Windows SmartScreen Security Feature Bypass
Vulnerability
CVSS 3.1 Scores: 8.8 / 8.2
Severity: Important
Windows 10, Windows 11, Server 2016, Server 2019, Server 2022
Per Microsoft - The user would have to click on a specially crafted URL to be compromised
by the attacker and the attacker would be able to bypass the Open File - Security Warning
prompt.
14. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability
CVSS 3.1 Scores: 8.8 / 8.2
Severity: Important
Microsoft 365 Apps for Enterprise, Outlook 2013 & 2016, Office 2019, and Office LTSC 2021
Per Microsoft - The user would have to click on a specially crafted URL to be compromised
by the attacker. The attacker would be able to bypass the Microsoft Outlook Security Notice
prompt. The Preview Pane is an attack vector, but additional user interaction is required.
15. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability (cont)
CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege
Vulnerability
CVSS 3.1 Scores: 7.8 / 6.8
Severity: Important
All currently supported operating systems
Per Microsoft - An attacker who successfully exploited this vulnerability could gain
administrator privileges. An attacker must have local access to the targeted machine and the
user must be able to create folders and performance traces on the machine, with restricted
privileges that normal users have by default.
16. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack Updates (SSU)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
Windows 7/Server 2008 R2 Year 4 ESU
Azure and Development Tool Updates
.NET 6.0
.NET 7.0
Azure HDInsights
Azure Service Fabric 9.0 & 9.1
Mono 6.12.0
PandocUpload
Visual Studio 2022 (multiple)
Source: Microsoft
17. Copyright © 2023 Ivanti. All rights reserved.
Server 2012/2012 R2 EOL is Coming
Lifecycle Fact Sheet
https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft
18. Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows Server
Version Release Date End of Support Date
2022 8/18/2021 10/13/2026
2019 11/13/2019 1/9/2024
Windows 11 Home and Pro
Version Release Date End of Support Date
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
Lifecycle Fact Sheet
https://docs.microsoft.com/en-us/lifecycle/faq/windows
19. Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
Announcements Posted on Community Forum Pages
https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
Subscribe to receive email for the desired product(s)
21. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-26: Security Update Firefox 115.0.2
Maximum Severity: Critical (High)
Affected Products: Security Update Firefox
Description: This update from Mozilla addresses security vulnerabilities in the
Firefox browser on multiple platforms.
Impact: Denial of Service
Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2023-26/ for complete details.
Restart Required: Requires application restart
Known Issues: None
22. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-26: Security Update Firefox ESR 115.0.2
Maximum Severity: Critical (High)
Affected Products: Security Update Firefox ESR
Description: This update from Mozilla addresses security vulnerabilities in the Firefox
ESR browser on multiple platforms.
Impact: Denial of Service
Fixes 1 Vulnerability: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2023-26/ for complete details.
Restart Required: Requires application restart
Known Issues: None
23. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-W11: Windows 11 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
Description: This bulletin references KB 5028182 (21H2) and KB 5028185 (22H2).
There are many new features and enhancements in the 22H2 release. See the KB for
full details.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
Fixes 84 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE-
2023-36874 are known exploited. See the Security Update Guide for the complete list
of CVEs.
Restart Required: Requires restart
Known Issues: See next slide
24. Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 11
KB 5028182 – Windows 11 version 21H2
[App Fail] Windows devices with some third-party UI customization apps might not
start up. These third-party apps might cause errors with explorer.exe that might repeat
multiple times in a loop. The known affected third-party UI customization apps are
ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI
customization app before installing this or later updates. Microsoft is investigating and
will provide more info in the future.
25. Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 11 (cont)
KB 5028185 – Windows 11 version 22H2
[Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
26. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
Description: This bulletin references 5 KB articles. See KBs for the list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
Fixes 99 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046, CVE-2023-32049, CVE-
2023-36874 are known exploited. See the Security Update Guide for the complete list
of CVEs.
Restart Required: Requires restart
Known Issues: See next slide
27. Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 10
KB 5028168 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
[Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
28. Copyright © 2023 Ivanti. All rights reserved.
July Known Issues for Windows 10 (cont)
KB 5028171 – Windows Server 2022
[ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to
mitigate this issue. Microsoft and VMware are investigating this issue and will
provide more information when it is available.
29. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2012 and IE
Description: This cumulative security update contains improvements that are part of update
KB 5027283 (released June 13, 2023). Bulletin is based on KB 5028232. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023,
to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited.
See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: None reported
30. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SO8: Security-only Update for Windows Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2012
Description: This security update is based on KB 5028233. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October
10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 on
October 10, 2023.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
Fixes 69 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are
known exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are
known exploited. See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: None reported
31. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-MR81: Monthly Rollup for Server 2012 R2
Maximum Severity: Critical
Affected Products: Server 2012 R2 and IE
Description: This cumulative security update contains improvements that are part of update
KB 5027271 (released June 13, 2023). Bulletin is based on KB 5028228. Starting with this
release, Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023,
to notify customers of the end of support (EOS) for Windows Server 2012 on October 10, 2023.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known exploited.
See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.
32. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SO81: Security-only for Server 2012 R2
Maximum Severity: Critical
Affected Products: Server 2012 R2
Description: This security update is based on KB 5028223. Starting with this release,
Microsoft will log event logs beginning July 11, 2023, and ending on October 10, 2023, to
notify customers of the end of support (EOS) for Windows Server 2012 on October 10,
2023.
Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
Fixes 71 Vulnerabilities: CVE-2023-24932 (re-issued) and CVE-2023-36884 are known
exploited and publicly disclosed. CVE-2023-32046 and CVE-2023-36874 are known
exploited. See the Security Update Guide for the complete list of CVEs.
Restart Required: Requires restart
Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.
33. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-SPT: Security Updates for SharePoint Server
Maximum Severity: Critical
Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
Description: This update corrects a series of vulnerabilities which would allow
remote user access to the machine and user data. This bulletin is based on 3 KB
articles.
Impact: Remote Code Execution, Security Feature Bypass, Spoofing
Fixes 5 Vulnerabilities: This update addresses CVE-2023-33134, CVE-2023-
33157, CVE-2023-33159, CVE-2023-33160, and CVE-2023-33165 which are not
publicly disclosed or known exploited.
Restart Required: Requires restart
Known Issues: None reported
34. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-IE: Security Updates for Internet Explorer
Maximum Severity: Important
Affected Products: Internet Explorer 11
Description: The improvements that are included in this Internet Explorer update are
also included in the July 2023 Security Monthly Quality Rollup. Installing either this
Internet Explorer update or the Security Monthly Quality Rollup installs the same
improvements. This bulletin references KB 5028167.
Impact: Elevation of Privilege
Fixes 1 Vulnerability: CVE-2023-32046 is fixed in this update and is known
exploited.
Restart Required: Requires browser restart
Known Issues: None reported
35. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
Maximum Severity: Important
Affected Products: Office 2013 Click-to-Run, Microsoft 365 Apps, Office 2019 and
Office LTSC 2021
Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege, Information Disclosure
Fixes 11 Vulnerabilities: CVE-2023-36884 is known exploited and publicly
disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the
complete list of CVEs.
Restart Required: Requires application restart
Known Issues: None reported
36. Copyright © 2023 Ivanti. All rights reserved.
MS23-07-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office
LTSC 2021 for Mac, Office Online Server, Outlook 2013 & 2016, and Word 2103 &
2016
Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references 15 KB articles and release notes for the Mac
updates.
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Information
Disclosure
Fixes 10 Vulnerabilities: CVE-2023-36884 is known exploited and publicly
disclosed. CVE-2023-35311 is known exploited. See the Security Update Guide for the
complete list of CVEs.
Restart Required: Requires application restart
Known Issues: None reported
38. Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (2), Foxit
PhantomPDF (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1),
Thunderbird (1)
Security Updates (w/o CVEs): 7-Zip (1), Adobe Acrobat DC and Acrobat Reader (1), Apache
Tomcat (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker for Windows (2),
Dropbox (1), Evernote (1), Firefox (2), Firefox ESR (1), GoodSync (2), GIT for windows (1), Cisco
Jabber (1), Jabra Direct (1), LogMeIn (1), Malwarebytes (1), System Center Operations Manager
2019 (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), Paint.net (1), Pulse Secure VPN Desktop
Client (1), PeaZip (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (1),
Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (5),
TeamViewer (3), UltraVNC (1), WinSCP (1), Zoom Client (4), Zoom Rooms Client (2), Zoom VDI (1)
Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (2), Bandicut (1), BlueBeam
Revu (1), Bitwarden (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (3),
BlueJeans (1), PDF24 Creator (2), PDF-Xchange PRO (1), R for Windows (1), Rocket.Chat Desktop
Client (1), WeCom (1)
39. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information
Google Chrome 114.0.5735.199
CHROME-230627, QGC11405735199
Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
Firefox 115.0
FF-230704, QFF1150
Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
Foxit PhantomPDF 10.1.12.37872
FIP-230616, QFIP1011237872
Fixes 4 Vulnerabilities: CVE-2023-27363, CVE-2023-27364, CVE-2023-27365, CVE-
2023-27366
40. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
Firefox ESR 115.0
FFE-230704, QFFE1150
Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
Firefox ESR 102.13.0
FFE-230704, QFFE102130
Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
Thunderbird 102.13.0
TB-230707, QTB102130
Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
41. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
Node.JS 20.3.1 (Current)
NOJSC-230621, QNODEJSC2031
Fixes 10 Vulnerabilities: CVE-2023-30581, CVE-2023-30582, CVE-2023-30583, CVE-
2023-30584, CVE-2023-30585, CVE-2023-30586, CVE-2023-30587, CVE-2023-
30588, CVE-2023-30589, CVE-2023-30590
Node.JS 16.20.1 (LTS Lower)
NOJSLL-230621, QNODEJSLL16201
Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-
2023-30589, CVE-2023-30590
Node.JS 18.16.1 (LTS Upper)
NOJSLU-230621, QNODEJSLU18161
Fixes 5 Vulnerabilities: CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-
2023-30589, CVE-2023-30590
42. Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
Security Updates (with CVEs): Google Chrome (1), Firefox (1), Firefox ESR (1), macOS Big Sur
(1), macOS Monterey (1), macOS Ventura (1), Safari (1), Microsoft Edge (1), Thunderbird (1)
Security Updates (w/o CVEs): Slack (1)
Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), aText (2), Calendar 366 II (1),
Dropbox (2), Evernote (1), Firefox (2), Google Drive (1), Grammarly (7), Microsoft Edge (2), Spotify (2),
Microsoft Teams (Mac) (1), Visual Studio Code (1), Zoom Client (3)
43. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information
macOS Big Sur 11.7.8
HT213809
Fixes 1 Vulnerability: CVE-2023-32434
macOS Monterey 12.6.7
HT213810
Fixes 1 Vulnerability: CVE-2023-32434
macOS Ventura 13.4.1
HT213813
Fixes 2 Vulnerabilities: CVE-2023-32434, CVE-2023-32439
Safari 16.5.1 v2
HT213816
Fixes 1Vulnerability: CVE-2023-32439
44. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information
Google Chrome 114.0.5735.198
CHROMEMAC-230626
Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
Firefox 115.0
FF-230704
Fixes 13 Vulnerabilities: CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-
2023-37203, CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-
37207, CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212
Microsoft Edge 114.0.1823.67
MEDGEMAC-230629
Fixes 3 Vulnerabilities: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
45. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
Firefox ESR 102.13.0
FFE-230704
Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211
Thunderbird 102.13.0
TB-230707
Fixes 5 Vulnerabilities: CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-
2023-37208, CVE-2023-37211