Successfully reported this slideshow.
Your SlideShare is downloading. ×

French Patch Tuesday March 2021

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Loading in …3
×

Check these out next

1 of 39 Ad
Advertisement

More Related Content

Recently uploaded (20)

Advertisement

French Patch Tuesday March 2021

  1. 1. Copyright © 2021 Ivanti. All rights reserved. Patch Tuesday Webinar Jeudi 11 mars 2021 Eric Vincent & Camille Proux
  2. 2. Copyright © 2021 Ivanti. All rights reserved. Agenda March 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 1 1 2 2 3 3 4 4 5 5
  3. 3. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Overview
  4. 4. Copyright © 2021 Ivanti. All rights reserved.
  5. 5. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News
  6. 6. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. In the News Source: Microsoft  Microsoft Edge Legacy will prompt you to install Chromium Edge  https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-legacy-will- now-prompt-you-to-install-chromium-edge/  A Basic Timeline of the Exchange Mass-Hack  https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass- hack/  Microsoft rushes out a patch for older versions of Exchange  https://www.zdnet.com/article/microsoft-exchange-attacks-now-microsoft-rushes-out-a- patch-for-these-unsupported-exchange-servers-too/  CISA Emergency Directive 21-02  https://cyber.dhs.gov/ed/21-02/  CISA Guidance for Remediating Microsoft Exchange Vulnerabilities  https://us-cert.cisa.gov/remediating-microsoft-exchange-vulnerabilities
  7. 7. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Exchange Servers Under Attack!  Microsoft Threat Intelligence Center announcement on March 2  https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange- servers/  Hacker group HAFNIUM exploiting 4 vulnerabilities  CVE-2021-26855  CVE-2021-26857  CVE-2021-26858  CVE-2021-27065  Exchange updates for Exchange Server 2013 (CU23), Exchange Server 2016 (CU18 or CU19), and Exchange Server 2019 (CU7 or CU8)  Another round of updates on Monday, March 8  Cumulative Updates for servers that are out of support, including Exchange Server 2019 CU 6, CU 5, and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14.
  8. 8. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077  CVE-2021-26701 .NET Core Remote Code Execution Vulnerability  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701 Source: Microsoft
  9. 9. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Known Exploited and Disclosed Vulnerability  CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411 Source: Microsoft Affected Products: Internet Explorer 9 and 11, Microsoft Edge (EdgeHTML-based) Severity: Critical Base CVSS 3.0 Score: 8.8
  10. 10. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Combined SSU and LCU for Windows 10 2004 and newer  https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 10 1809/Server 2019  Windows 10 1909/Windows Server 1909  Windows 10 2004/Windows Server 2004  Windows 10 20H2/Windows Server 20H2  Development Tool and Other Updates  Azure Kubernetes Service  Azure (multiple components)  Visual Studio 2017-2019  Visual Studio Code (multiple components) Source: Microsoft
  11. 11. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 1903 5/21/2019 12/8/2020 1809 11/13/2018 5/11/2021 1803 4/30/2018 5/11/2021 1709 10/17/2017 10/13/2020 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/11/2021 1903 5/21/2019 12/8/2020  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows  https://docs.microsoft.com/en-us/lifecycle/products/windows-server  https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education
  12. 12. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  13. 13. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Bulletins and Releases
  14. 14. Copyright © 2021 Ivanti. All rights reserved. MS21-03-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1909, Server version 2004, Server version 20H2, IE 11, Legacy Edge and Edge Chromium  Description: This bulletin references 10 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 50 Vulnerabilities: CVE-2021-27077 is publicly disclosed. CVE-2021-26411 is publicly disclosed and known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  15. 15. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. March Known Issues for Windows 10  KB 5000803 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 5000822 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  16. 16. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont)  KB 5000808 – Windows 10 version 1909, Windows Server version 1909  [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution.
  17. 17. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont)  KB 5000802 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2  [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Workaround: Microsoft is working on a resolution.  [Outdated Updates]
  18. 18. Copyright © 2021 Ivanti. All rights reserved. MS21-03-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Internet Explorer 9 and 11  Description: The fixes that are included in the cumulative Security Update for Internet Explorer are also included in the March 2020 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in the cumulative update. This bulletin references 11 KB articles.  Impact: Remote Code Execution  Fixes 2 Vulnerabilities: CVE-2021-26411 is fixed in both IE 9 and IE 11; it is publicly disclosed and known exploited. CVE-2021-27085 is also fixed in IE 11.  Restart Required: Requires browser restart  Known Issues: None reported
  19. 19. Copyright © 2021 Ivanti. All rights reserved. MS21-03-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 4601360 (released February 9, 2021). Bulletin is based on KB 5000844. Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 22 Vulnerabilities: CVE-2021-27077 is publicly disclosed. CVE-2021-26411 is publicly disclosed and known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  20. 20. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. March Known Issues for Server 2008  KB 5000844 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 5000856 – Windows Server 2008 (Security-only Update)  [File Rename]
  21. 21. Copyright © 2021 Ivanti. All rights reserved. MS21-03-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5000856. Addresses an issue in which a non- native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, and Windows Hybrid Cloud Networking.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 21 Vulnerabilities: CVE-2021-27077 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
  22. 22. Copyright © 2021 Ivanti. All rights reserved. MS21-03-MR7-ESU: Monthly Rollup for Win 7 MS21-03-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4601347 (released February 9, 2021). Bulletin is based on KB 5000841. Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 25 Vulnerabilities: CVE-2021-27077 is publicly disclosed. CVE-2021-26411 is publicly disclosed and known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  23. 23. Copyright © 2021 Ivanti. All rights reserved. MS21-03-SO7-ESU: Security-only Update for Win 7 MS21-03-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5000851. Addresses an issue in which a non- native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, and Windows Media.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: CVE-2021-27077 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  24. 24. Copyright © 2021 Ivanti. All rights reserved. MS21-03-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4601348 (released previous February 9, 2021). Bulletin is based on KB 5000847. Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Graphics, and Windows Media.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 28 Vulnerabilities: CVE-2021-27077 is publicly disclosed. CVE-2021-26411 is publicly disclosed and known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  25. 25. Copyright © 2021 Ivanti. All rights reserved. MS21-03-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5000840. Addresses an issue in which a non- native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Graphics, and Windows Media.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 26 Vulnerabilities: CVE-2021-27077 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  26. 26. Copyright © 2021 Ivanti. All rights reserved. MS21-03-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4601384 (released February 9, 2021). Bulletin is based on KB 5000848. Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. Addresses an issue in which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: CVE-2021-27077 is publicly disclosed. CVE-2021-26411 is publicly disclosed and known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  27. 27. Copyright © 2021 Ivanti. All rights reserved. MS21-03-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5000853. Addresses an issue in which a non- native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs. Security updates to Windows Fundamentals, Windows Shell, Windows UAC, Windows Hybrid Cloud Networking, Windows Media, and Windows Graphics.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 27 Vulnerabilities: CVE-2021-27077 is publicly disclosed. No CVEs are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  28. 28. Copyright © 2021 Ivanti. All rights reserved. MS21-03-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office Online Server, Office 2019 for macOS, Office Web Apps Server, Powerpoint 2010-2016 and Visio 2010-2016.  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 17 KB articles plus release notes for the MacOS Office.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-24108, CVE-2021-27053, CVE-2021-27054, CVE-2021-27055, CVE-2021-27056, CVE-2021-27057 and CVE-2021-27058 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  29. 29. Copyright © 2021 Ivanti. All rights reserved. MS21-03-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-24108, CVE-2021-27053, CVE-2021-27054, CVE-2021-27055, CVE-2021-27056, CVE-2021-27057 and CVE-2021-27058 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  30. 30. Copyright © 2021 Ivanti. All rights reserved. MS21-03-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation Server 2013, and Microsoft SharePoint Server 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 6 KB articles.  Impact: Remote Code Execution, Spoofing and Information Disclosure  Fixes 3 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-24104, CVE-2021-27052 and CVE-2021-27076 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
  31. 31. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Between Patch Tuesdays
  32. 32. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates: Google Chrome (2), Firefox (1), Firefox ESR (1), Node.JS (4), Thunderbird (1)  Non-Security Updates: Adobe Acrobat (3), Bandicut (1), Box Sync (1), Camtasia (1), CCleaner (2), Google Chrome (2), Falcon sensor for Windows (2), DropBox (2), Evernote (2), Google Drive File Stream (1), Jabra Direct (1), BlueJeans (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Node.JS (5), Notepad++ (1), NextCloud Desktop Client (1), Opera (5), Plex Media Server (3), PSPad (1), PeaZip (1), R for Windows (1), RingCentral App (1), Royal TS (2), Skype (1), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (8), Tableau Reader (1), TortoiseSVN (1), TeamViewer (9), Cisco WebEx Teams (2), Zoom Client (1)
  33. 33. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 88.0.4324.182  CHROME-210217, QGC8804324182  Fixes 9 Vulnerabilities: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE- 2021-21156, CVE-2021-21157  Thunderbird 78.8.0  TB-210224, QTB7880  Fixes 4 Vulnerabilities: CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
  34. 34. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Firefox 86.0  FF-210223, QFF860  Fixes 13 Vulnerabilities: CVE-2020-26954, CVE-2021-23968, CVE-2021-23969, CVE-2021-23970, CVE-2021-23971, CVE-2021-23972, CVE-2021-23973, CVE- 2021-23974, CVE-2021-23975, CVE-2021-23976, CVE-2021-23977, CVE-2021- 23978, CVE-2021-23979  Firefox ESR 78.8.0  FFE-210223, QFFE7880  Fixes 4 Vulnerabilities: CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
  35. 35. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Node.JS 15.10.0 (Current)  NOJSC-210223, QNODEJSC15100  Fixes 3 Vulnerabilities: CVE-2021-22883, CVE-2021-22884, CVE-2021-23840  Node.JS 12.21.0 (LTS Lower)  NOJSLL-210223, QNODEJSLL12210  Fixes 3 Vulnerabilities: CVE-2021-22883, CVE-2021-22884, CVE-2021-23840  Node.JS 14.16.0 (LTS Upper)  NOJSLU-210223, QNODEJSLU14160  Fixes 3 Vulnerabilities: CVE-2021-22883, CVE-2021-22884, CVE-2021-23840  Node.JS 10.24.0 (Maintain)  NOJSM-210223, QNODEJSLL10240  Fixes 3 Vulnerabilities: CVE-2021-22883, CVE-2021-22884, CVE-2021-23840
  36. 36. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 89.0.4389.72  CHROME-210302, QGC890438972  Fixes 34 Vulnerabilities: CVE-2020-27844, CVE-2021-21158, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE- 2021-21164, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021- 21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE- 2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021- 21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE- 2021-21190
  37. 37. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Q & A
  38. 38. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Prochains Rendez-Vous Patch Tuesday https://www.ivanti.fr/resources/patch-tuesday o Jeudi 15 avril – 16h00 o Mardi 18 mai – 16h00 o Jeudi 10 juin – 16h00
  39. 39. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Thank You!

×