Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

2021 September Patch Tuesday Slide 1 2021 September Patch Tuesday Slide 2 2021 September Patch Tuesday Slide 3 2021 September Patch Tuesday Slide 4 2021 September Patch Tuesday Slide 5 2021 September Patch Tuesday Slide 6 2021 September Patch Tuesday Slide 7 2021 September Patch Tuesday Slide 8 2021 September Patch Tuesday Slide 9 2021 September Patch Tuesday Slide 10 2021 September Patch Tuesday Slide 11 2021 September Patch Tuesday Slide 12 2021 September Patch Tuesday Slide 13 2021 September Patch Tuesday Slide 14 2021 September Patch Tuesday Slide 15 2021 September Patch Tuesday Slide 16 2021 September Patch Tuesday Slide 17 2021 September Patch Tuesday Slide 18 2021 September Patch Tuesday Slide 19 2021 September Patch Tuesday Slide 20 2021 September Patch Tuesday Slide 21 2021 September Patch Tuesday Slide 22 2021 September Patch Tuesday Slide 23 2021 September Patch Tuesday Slide 24 2021 September Patch Tuesday Slide 25 2021 September Patch Tuesday Slide 26 2021 September Patch Tuesday Slide 27 2021 September Patch Tuesday Slide 28 2021 September Patch Tuesday Slide 29 2021 September Patch Tuesday Slide 30 2021 September Patch Tuesday Slide 31 2021 September Patch Tuesday Slide 32 2021 September Patch Tuesday Slide 33 2021 September Patch Tuesday Slide 34 2021 September Patch Tuesday Slide 35 2021 September Patch Tuesday Slide 36 2021 September Patch Tuesday Slide 37 2021 September Patch Tuesday Slide 38 2021 September Patch Tuesday Slide 39 2021 September Patch Tuesday Slide 40 2021 September Patch Tuesday Slide 41
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

2021 September Patch Tuesday

Download to read offline

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

2021 September Patch Tuesday

  1. 1. Patch Tuesday Webinar Wednesday, September 15, 2021 Hosted by Chris Goettl and Todd Schell
  2. 2. Agenda September 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  3. 3. Overview
  4. 4. Copyright © 2021 Ivanti. All rights reserved. September Patch Tuesday 2021 September Patch Tuesday sees a continuation of Print Spooler updates with a re- release of CVE-2021-36958, which originally released in August, and the anticipated resolution to the MSHTML vulnerability (CVE-2021-40444) which Microsoft provided mitigation guidance for on September 7. Google Chrome resolves two exploited vulnerabilities (CVE-2021-30632 and CVE-2021-30633) and Adobe released a number of updates including APSB21-55 for Adobe Acrobat and Reader.
  5. 5. In the News
  6. 6. Copyright © 2021 Ivanti. All rights reserved. In the News  Zero-day Updates from Apple  https://9to5mac.com/2021/09/13/apple-releases-macos-11-6-important- security-updates/  https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/  macOS 11.6  iOS 14.8  watchOS 7.6.2  Zero-day Updates from Google  https://thehackernews.com/2021/09/update-google-chrome-to-patch-2- new.html  https://www.bleepingcomputer.com/news/google/google-patches-10th- chrome-zero-day-exploited-in-the-wild-this-year/  93.0.4577.82 for Windows, Mac, and Linux
  7. 7. Copyright © 2021 Ivanti. All rights reserved. Azure “OMI GOD” Vulnerabilities  4 CVEs discovered in Open Source Code used by Azure Linux systems (CVE-2021-38649, CVE-2021-38648, CVE-2021-38647, CVE-2021-38645)  https://www.wiz.io/blog/secret-agent-exposes-azure-customers- to-unauthorized-code-execution  Linux distros in Azure automatically deploy the OMI Agent  More than half of VMs running in Azure are Linux  Updating OMI  You can then use your platform's package tool to upgrade OMI  (for example, ‘sudo apt-get install omi’ or ‘sudo yum install omi’).
  8. 8. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed and Exploited Vulnerability  CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability  Vulnerability announced September 7 with workarounds  Security updates released September 14  CVE listed on Vulnerabilities page of the Security Updates Guide  CVE NOT listed on the All updates page  CVSS 3.0 Scores: 8.8 / 7.9  Severity: Important  Impacts all workstation and server operating systems
  9. 9. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability  CVSS 3.0 Scores: 7.8 / 6.8  Severity: Important  Impacts Server 2008/2008 R2 and Windows 7  Updates provided as part of Extended Security Updates (ESU)  CVE-2021-36958 Windows Print Spooler Remote Code Execution Vulnerability  CVSS 3.0 Scores: 7.8 / 7.2  Severity: Important  Updated from August 11  Impacts all workstation and server operating systems
  10. 10. Copyright © 2021 Ivanti. All rights reserved. Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 Source: Microsoft
  11. 11. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Development Tool and Other Updates  Accessibility Insights for Android  Accessibility Insights for Android Service - v2.0.0  Azure Open Management Infrastructure  Azure Sphere  Visual Studio 2017 version 15.9  Visual Studio 2019 versions 16.4 through 16.11  Visual Studio Code
  12. 12. Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 Windows 10 Pro and Pro Workstation Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  13. 13. Copyright © 2021 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
  14. 14. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  15. 15. Bulletins and Releases
  16. 16. Copyright © 2021 Ivanti. All rights reserved. APSB21-55: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 26 vulnerabilities, 13 of which are critical. Successful exploitation could lead to arbitrary code execution in the context of the current user. See https://helpx.adobe.com/security/products/acrobat/apsb21- 55.html for more details.  Impact: Remote Code Execution, Denial of Service, and Information Disclosure  Fixes 26 Vulnerabilities: See Adobe site for details  Restart Required: Requires application restart
  17. 17. Copyright © 2021 Ivanti. All rights reserved. CHROME-210913: Security Update for Chrome Desktop  Maximum Severity: Critical  Affected Products: Google Chrome  Description: The stable channel has been updated to 93.0.4577.82 for Windows, Mac and Linux. See https://chromereleases.googleblog.com/2021/09/stable-channel- update-for-desktop.html for more details.  Impact: Remote Code Execution and Information Disclosure  Fixes 11 Vulnerabilities: CVE-2021-30632 and CVE-2021-30633 are known exploited.  Restart Required: Requires restart
  18. 18. Copyright © 2021 Ivanti. All rights reserved. MS21-09-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 5 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  19. 19. Copyright © 2021 Ivanti. All rights reserved. September Known Issues for Windows 10  KB 5005568 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  20. 20. Copyright © 2021 Ivanti. All rights reserved. September Known Issues for Windows 10 (cont)  KB 5005565 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
  21. 21. Copyright © 2021 Ivanti. All rights reserved. MS21-09-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5005090 (released August 10, 2021). Addresses an issue in which a driver might not install if the driver is signed with more than one code sign signatures. This update also contains miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5005606.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 23 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 and CVE-2021-36968 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  22. 22. Copyright © 2021 Ivanti. All rights reserved. September Known Issues for Server 2008  KB 5005606 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5005618 – Windows Server 2008 (Security-only Update)  [File Rename]
  23. 23. Copyright © 2021 Ivanti. All rights reserved. MS21-09-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5005618. Addresses an issue in which a driver might not install if the driver is signed with more than one code sign signatures. This update also contains miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 23 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 and CVE-2021-36968 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  24. 24. Copyright © 2021 Ivanti. All rights reserved. MS21-09-MR7-ESU: Monthly Rollup for Win 7 MS21-09-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB5005088 (released August 10, 2021). Addresses an issue in which a driver might not install if the driver is signed with more than one code sign signatures. This update also contains miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5005633.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 and CVE-2021-36968 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  25. 25. Copyright © 2021 Ivanti. All rights reserved. MS21-09-SO7-ESU: Security-only Update for Win 7 MS21-09-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5005615. Addresses an issue in which a driver might not install if the driver is signed with more than one code sign signatures. This update also contains miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege, and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 and CVE-2021-36968 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  26. 26. Copyright © 2021 Ivanti. All rights reserved. MS21-09-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB5005099 (released August 10, 2021). This update contains miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5005623.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  27. 27. Copyright © 2021 Ivanti. All rights reserved. MS21-09-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5005607. This update contains miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 24 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  28. 28. Copyright © 2021 Ivanti. All rights reserved. MS21-09-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB5005076 (released August 10, 2021) and addresses the following issues. This update contains miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5005613.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE- 2021-36958 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  29. 29. Copyright © 2021 Ivanti. All rights reserved. MS21-09-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5005627. This update contains miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5005613.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2021-40444 is publicly disclosed and known exploited. CVE-2021-36958 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  30. 30. Copyright © 2021 Ivanti. All rights reserved. MS21-09-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Foundation Server 2013, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on KB 5002018, KB 5002020, and KB 5002024.  Impact: Spoofing  Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-38651 and CVE-2021-38652 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
  31. 31. Copyright © 2021 Ivanti. All rights reserved. MS21-09-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 for macOS, Office Online Server, and Office Web Apps Server 2013  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution and Spoofing  Fixes 5 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-38646, CVE-2021-38650, CVE-2021-38655, CVE-2021-38658, and CVE-2021-38660 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  32. 32. Copyright © 2021 Ivanti. All rights reserved. MS21-09-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Spoofing  Fixes 9 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-38646, CVE-2021-38650, CVE-2021-38653, CVE-2021-38654, CVE-2021-38655, CVE-2021-38656, CVE-2021-38657, CVE-2021-38658, and CVE- 2021-38659 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  33. 33. Between Patch Tuesdays
  34. 34. Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Eclipse Adoptium JDK (2), Firefox (2), Firefox ESR (2), Foxit PhantomPDF (1), Node.JS (Current) (1), Node.JS (LTS Lower) (2), Node.JS (LTS Upper) (2), Thunderbird (5)  Security (w/o CVEs): Audacity (1), Camtasia (2), CCleaner (2), Falcon Sensor for Windows (2), Citrix Workspace App (2), Dropbox (2), Evernote (4), GoodSync (4), GIT for Windows (1), Cisco Jabber (1), Jabra Direct (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Nitro Pro Enterprise (2), Notepad++ (2), Opera (2), Plantronics Hub (3), Plex Media Server (3), Royal TS (2), SeaMonkey (1), Slack Machine-Wide Installer (3), Splunk Universal Forwarder (2), Tableau Desktop (7), Tableau Prep Builder (1), Tableau Reader (2), Apache Tomcat (1), TeamViewer (3), UltraVNC (1), Wireshark (2), Zoom Client (5), Zoom Outlook Plugin (1)  Non-Security Updates: AIMP (1), Beyond Compare (1), Box Drive (1), Docker for Windows Stable (2), Google Drive File Stream (2), KeePass Pro (1), Plantronics Hub (2), RingCentral App (Machine-Wide Installer) (3), TreeSize Free (2), Cisco WebEx Teams (2), WinZip (1), XnView (1)
  35. 35. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 92.0.4515.159  CHROME-210817, QGC9204515159  Fixes 7 Vulnerabilities: CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604  Google Chrome 93.0.4577.63  CHROME-210831, QGC9204515107  Fixes 19 Vulnerabilities: CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE- 2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021- 30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624
  36. 36. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Eclipse Adoptium JDK 11.0.12.7  ECLJDK11-210804, QECLJDK110127  Fixes 3 Vulnerabilities: CVE-2021-2341, CVE-2021-2369, CVE-2021-2388  Eclipse Adoptium JDK 8.0.302.8  ECLJDK8-210804, QECLJDK803028  Fixes 3 Vulnerabilities: CVE-2021-2341, CVE-2021-2369, CVE-2021-2388  Firefox 92.0  FF-210907, QFF920  Fixes 5 Vulnerabilities: CVE-2021-29993, CVE-2021-38491, CVE-2021-38492, CVE-2021-38493, CVE-2021-38494
  37. 37. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox ESR 91.1.0  FFE-210907, QFFE9110  Fixes 2 Vulnerabilities: CVE-2021-38492, CVE-2021-38495  Firefox ESR 78.14.0  FFE-210909, QFFE78140  Fixes 2 Vulnerabilities: CVE-2021-38492, CVE-2021-38493  Foxit PhantomPDF 10.1.5.37672  FIP-210826, QFIP101537672  Fixes 23 Vulnerabilities: CVE-2021-21831, CVE-2021-21870, CVE-2021-21893, CVE-2021-34831, CVE-2021-34832, CVE-2021-34833, CVE-2021-34834, CVE- 2021-34835, CVE-2021-34836, CVE-2021-34837, CVE-2021-34838, CVE-2021- 34839, CVE-2021-34840, CVE-2021-34841, CVE-2021-34842, CVE-2021-34843, CVE-2021-34844, CVE-2021-34845, CVE-2021-34846, CVE-2021-34847, CVE- 2021-34851, CVE-2021-34852, CVE-2021-34853
  38. 38. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 16.6.2 (Current)  NOJSC-210811, QNODEJSC1662  Fixes 4 Vulnerabilities: CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021- 3672  Node.JS 12.22.6 (LTS Lower)  NOJSLL-210831, QNODEJSLL12226  Fixes 5 Vulnerabilities: CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021- 39134, CVE-2021-39135  Node.JS 14.17.6 (LTS Upper)  NOJSLU-210831, QNODEJSLU14176  Fixes 5 Vulnerabilities: CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021- 39134, CVE-2021-39135
  39. 39. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 78.13.0  TB-210811, QTB78130  Fixes 6 Vulnerabilities: CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989  Thunderbird 78.14.0  TB-210908, QTB78140  Fixes 2 Vulnerabilities: CVE-2021-38492, CVE-2021-38493  Thunderbird 91.0  TB-210812, QTB910  Fixes 10 Vulnerabilities: CVE-2021-29980, CVE-2021-29981, CVE-2021-29982, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29987, CVE-2021-29988, CVE-2021-29989, CVE- 2021-38549  Thunderbird 91.1.0  TB-210907, QTB9110  Fixes 2 Vulnerabilities: CVE-2021-38492, CVE-2021-38495
  40. 40. Q & A
  41. 41. Copyright © 2021 Ivanti. All rights reserved. Thank You!

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Views

Total views

1,272

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

161

Shares

0

Comments

0

Likes

0

×