Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

January Patch Tuesday French Session

Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.

  • Be the first to comment

  • Be the first to like this

January Patch Tuesday French Session

  1. 1. Copyright © 2021 Ivanti. All rights reserved. Patch Tuesday Webinar Jeudi 14 janvier 2021 Eric Vincent & Camille Proux Tél : 01 70 91 86 47 N°de conference : 177 823 1780
  2. 2. Copyright © 2021 Ivanti. All rights reserved. Agenda January 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A 11 22 33 44 55
  3. 3. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Overview
  4. 4. Copyright © 2021 Ivanti. All rights reserved.
  5. 5. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. In the News
  6. 6. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. In the News Source: Microsoft  Microsoft Defender Zero Day  https://www.darkreading.com/threat-intelligence/microsoft- defender-zero-day-fixed-in-first-patch-tuesday-of-2021/d/d- id/1339881  Adobe Fixes 7 Critical Flaws  https://threatpost.com/adobe-critical-flaws-flash-player/162958/  SolarWinds attackers suspected in Microsoft authentication compromise  https://www.scmagazine.com/home/email-security/solarwinds- attackers-suspected-in-microsoft-authentication-compromise/  Oracle CPU January 19, 2021  https://www.oracle.com/security-alerts/
  7. 7. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Adobe Flash End of Life  December 31st was the official End of Life of Adobe Flash  https://www.adobe.com/products/flashplayer/end-of-life.html  Adobe Enterprise EoL Page  https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html Source: Microsoft
  8. 8. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648 Source: Microsoft While this issue is labeled as an elevation of privilege, it can also be exploited to disclose information. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
  9. 9. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Known Exploited Vulnerability  CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 Source: Microsoft For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Verify that the Microsoft Malware Protection Engine version is 1.1.17700.4 or later.
  10. 10. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 10 1809/Server 2019  Windows 10 1909/Windows Server 1909  Windows 10 2004/Windows Server 2004  Windows 10 20H2/Windows Server 20H2  Development Tool and Other Updates  ASP.NET Core 3.1 and 5.0  Azure Kubernetes Service  Bot Framework SDK  Visual Studio 2015-2019 Source: Microsoft
  11. 11. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 1903 5/21/2019 12/8/2020 1809 11/13/2018 5/11/2021 1803 4/30/2018 5/11/2021 1709 10/17/2017 10/13/2020 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/11/2021 1903 5/21/2019 12/8/2020  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows  https://docs.microsoft.com/en-us/lifecycle/products/windows-server  https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education
  12. 12. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  13. 13. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. December Threat Thursday  December Special Edition Threat Thursday  Phil Richards (Ivanti CSO) and Chris Goettl discuss FireEye and Solarwinds breaches  If the best of the best can be bested, what chance do the rest of us have?  https://www.ivanti.com/blog/if-the-best-of-the-best-can-be- bested-what-chance-do-the-rest-of-us-have  http://podcasts.apple.com/us/podcast/ivanti- insights/id1545462188
  14. 14. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. A Call to Help Design Ivanti's Patch for MEM Product Manager and UX Designer are looking to connect with customers who are currently utilizing Microsoft Intune and have a need to also manage third-party applications via Microsoft Intune. The initial feedback session will entail 30 minutes with the Patch for MEM Product Manager and UX Designer in a discussion around your current Intune strategy as well as prototype review. If participating in product feedback sessions such as this is something of interest to you please email Dana Santos, Product Manager directly at dana.santos@ivanti.com to get signed up.
  15. 15. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Bulletins and Releases
  16. 16. Copyright © 2021 Ivanti. All rights reserved. MFSA-2021-02: Security Update for Thunderbird  Maximum Severity: Critical  Affected Products: Mozilla Thunderbird  Description: This update provides fixes for 1 vulnerability in Thunderbird 78.6.1.  Impact: Remote Code Execution  Fixes 1 Vulnerability: CVE-2020-16044. See https://www.mozilla.org/en- US/security/advisories/mfsa2021-02/ for more information.  Restart Required: Requires application restart  NOTE: Per Mozilla, several of these vulnerabilities cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
  17. 17. Copyright © 2021 Ivanti. All rights reserved. MS21-01-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1909, Server version 2004, Server version 20H2,IE 11, Legacy Edge and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 64 Vulnerabilities: CVE-2021-1648 is publicly disclosed. No vulnerabilities are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  18. 18. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. January Known Issues for Windows 10  KB 4598243 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4598230 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  19. 19. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. January Known Issues for Windows 10 (cont)  KB 4598229 – Windows 10 version 1903, Windows Server version 1903, Windows 10 version 1909, Windows Server version 1909  [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution.
  20. 20. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. January Known Issues for Windows 10 (cont)  KB 4598242 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2  [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.  [Outdated Updates]
  21. 21. Copyright © 2021 Ivanti. All rights reserved. MS21-01-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 4592498 (released December 8, 2020). Bulletin is based on KB 4598288. Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. Addresses a security vulnerability issue with HTTPS-based intranet servers. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 32 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  22. 22. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. January Known Issues for Server 2008  KB 4598288 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4598287 – Windows Server 2008 (Security-only Update)  [File Rename]
  23. 23. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4598287. Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. Addresses a security vulnerability issue with HTTPS-based intranet servers. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 32 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
  24. 24. Copyright © 2021 Ivanti. All rights reserved. MS21-01-MR7-ESU: Monthly Rollup for Win 7 MS21-01-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4592471 (released December 8, 2020). Bulletin is based on KB 4598279. Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. Addresses a security vulnerability issue with HTTPS-based intranet servers. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  25. 25. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SO7-ESU: Security-only Update for Win 7 MS21-01-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4598289. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 35 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  26. 26. Copyright © 2021 Ivanti. All rights reserved. MS21-01-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4592468 (released previous December 8, 2020). Bulletin is based on KB 4598278. Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. Addresses a security vulnerability issue with HTTPS-based intranet servers. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2021-1648 is publicly disclosed. No vulnerabilities are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  27. 27. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4598297. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, Windows Virtualization, and Windows Hybrid Storage Services.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 38 Vulnerabilities: CVE-2021-1648 is publicly disclosed. No vulnerabilities are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  28. 28. Copyright © 2021 Ivanti. All rights reserved. MS21-01-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4592484 (released December 8, 2020). Bulletin is based on KB 4598285. Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. Addresses a security vulnerability issue with HTTPS-based intranet servers.Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, and Windows Virtualization.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 42 Vulnerabilities: CVE-2021-1648 is publicly disclosed. No vulnerabilities are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  29. 29. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4598275. Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Fundamentals, Windows Cryptography, and Windows Virtualization.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 42 Vulnerabilities: CVE-2021-1648 is publicly disclosed. No vulnerabilities are known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  30. 30. Copyright © 2021 Ivanti. All rights reserved. MS21-01-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office Online Server, Office 2019 for macOS, and Word 2010-2016  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 16 KB articles plus release notes for MacOS.  Impact: Remote Code Execution  Fixes 5 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-1711, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715 and CVE-2021-1716 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  31. 31. Copyright © 2021 Ivanti. All rights reserved. MS21-01-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution  Fixes 5 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-1711, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715 and CVE-2021-1716 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  32. 32. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 9 KB articles.  Impact: Remote Code Execution, Tampering, Spoofing and Elevation of Privilege  Fixes 9 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2021-1641, CVE-2021-1707, CVE-2021-1712, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716, CVE-2021-1717, CVE-2021-1718 and CVE-2021-1719 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
  33. 33. Copyright © 2021 Ivanti. All rights reserved. MS21-01-SQL: Security Updates for SQL Server  Maximum Severity: Important  Affected Products: Microsoft SQL Server 2012-2019  Description: This security update fixes an issue where an authenticated attacker can send data over a network to an affected SQL Server when configured to run an Extended Event session. This bulletin is based on 9 KB articles.  Impact: Elevation of Privilege  Fixes 1 Vulnerability: CVE-2021-1636  Restart Required: Requires restart  Known Issues: None reported
  34. 34. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Between Patch Tuesdays
  35. 35. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates: Adobe Acrobat and Reader (1), Google Chrome (1), Firefox (2), Firefox ESR (2), Foxit Reader (1), Foxit PhantomPDF (2), GIT for windows (1), Cisco Jabber (1), Node.JS (4), Royal TS (1), Thunderbird (2), Wireshark (3)  Non-Security Updates: AIMP (1), Allway Sync (1), Bandicut (1), BlueJeans Outlook Addin (1), Box Drive (1), Ccleaner (1), Citrix Workspace App (1), Dropbox (1), Evernote (2), Firefox (1), FileZilla Client (4), Google Drive File Stream (1), GoodSync (8), GIT for windows (1), GoToMeeting (1), Jabra Direct (1), BlueJeans (1), KeePass Pro (1), KeePass Classic (1), LibreOffice (1), LogMeIn (1), Malwarebytes (1), Node.JS (4), Notepad++ (1), Opera Browser (3), Plex Media Server (2), PSPad (1), PeaZip (1), RingCentral App (Machine-Wide Installer) (1), RingCentral App Classic (Machine-Wide Installer) (1)
  36. 36. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Adobe Acrobat and Reader  APSB20-75, QADC1701130188, QADC2000130018, QADC2001320074, QARDC1701130188MUI, QARDC2000130018MUI, QARDC2001320074, QARDC2001320074MUI  Fixes 1 Vulnerability: CVE-2020-29075  Google Chrome 87.0.4280.141  CHROME-210106, QGC8704280141  Fixes 23 Vulnerabilities: CVE-2019-8075, CVE-2020-16012, CVE-2020-16014, CVE-2020-16015, CVE-2020-16018, CVE-2020-16019, CVE-2020-16020, CVE- 2020-16021, CVE-2020-16022, CVE-2020-16023, CVE-2020-16024, CVE-2020- 16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029, CVE-2020-16030, CVE-2020-16031, CVE-2020-16032, CVE-2020-16033, CVE- 2020-16034, CVE-2020-16035, CVE-2020-16036
  37. 37. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 84.0  FF-201215,QFF840  Fixes 14 Vulnerabilities: CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26973, CVE-2020-26974, CVE-2020-26975, CVE-2020-26976, CVE- 2020-26977, CVE-2020-26978, CVE-2020-26979, CVE-2020-35111, CVE-2020- 35112, CVE-2020-35113, CVE-2020-35114  Firefox 84.0.2  FF-210106, QFF8402  Fixes 1 Vulnerability: CVE-2020-16044  Firefox ESR 78.6.0  FFE-201215, QFFE7860  Fixes 8 Vulnerabilities: CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, CVE- 2020-35113
  38. 38. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox ESR 78.6.1  FFE-210106, QFFE7861  Fixes 1 Vulnerability: CVE-2020-16044  Foxit Reader Consumer and Enterprise 10.1.1.37576  FI-201209, QNFOXIT101137576  FIC-201209, QNFOXITC101137576  Fixes 6 Vulnerabilities: CVE-2020-13547, CVE-2020-13548, CVE-2020-13557, CVE-2020-13560, CVE-2020-13570, CVE-2020-28203  Foxit PhantomPDF 10.1.1.37576  FIP-201209, QFIP101137576  Fixes 6 Vulnerabilities: CVE-2020-13547, CVE-2020-13548, CVE-2020-13557, CVE-2020-13560, CVE-2020-13570, CVE-2020-28203
  39. 39. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PhantomPDF 9.7.5.29616  FIP-201230, QFIP97529616  Fixes 7 Vulnerabilities: CVE-2020-13547, CVE-2020-13548, CVE-2020-13557, CVE- 2020-13560, CVE-2020-13570, CVE-2020-27860, CVE-2020-28203  GIT for windows 2.29.2.3  GIT-201210,QGIT22923  Fixes 2 Vulnerabilities: CVE-2020-26233, CVE-2020-27955  Cisco Jabber 12.9.3.54813  JABBER-201217, QJABBER129354813  Fixes 5 Vulnerabilities: CVE-2020-26085, CVE-2020-27127, CVE-2020-27132, CVE- 2020-27133, CVE-2020-27134  Royal TS 5.03.61223  RTS5-201223, QRTS50361223  Fixes 1 Vulnerability: CVE-2018-1285
  40. 40. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Node.JS 15.5.1 (Current)  NOJSC-210104, QNODEJSC1551  Fixes 2 Vulnerabilities: CVE-2020-8265, CVE-2020-8287  Node.JS 12.20.1 (LTS Lower)  NOJSLL-210104, QNODEJSLL12201  Fixes 3 Vulnerabilities: CVE-2020-1971, CVE-2020-8265, CVE-2020-8287  Node.JS 14.15.4 (LTS Upper)  NOJSLU-210104, QNODEJSLU14154  Fixes 3 Vulnerabilities: CVE-2020-1971, CVE-2020-8265, CVE-2020-8287  Node.JS 10.23.1 (Maintain)  NOJSM-210104, QNODEJSLL10231  Fixes 3 Vulnerabilities: CVE-2020-1971, CVE-2020-8265, CVE-2020-8287
  41. 41. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Thunderbird 68.12.0  TB-200825, QTB68120  Fixes 3 Vulnerabilities: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669  Thunderbird 78.6.0  TB-201215, QTB7860  Fixes 8 Vulnerabilities: CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, CVE- 2020-35113  Wireshark 3.2.9  WIRES32-201210,QWIRES329  Fixes 3 Vulnerabilities: CVE-2020-26418, CVE-2020-26420, CVE-2020-26421  Wireshark 4.2.1  WIRES32-201210,QWIRES421  Fixes 4 Vulnerabilities: CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421
  42. 42. Copyright © 2021 Ivanti. All rights reserved. Prochains rendez-vous Patch Tuesday o Jeudi 11 février – 16h00 o Jeudi 11 mars – 16h00 https://www.ivanti.fr/resources/patch-tuesday
  43. 43. Copyright © 2021 Ivanti. All rights reserved.Copyright © 2021 Ivanti. All rights reserved. Q & A
  44. 44. Copyright © 2021 Ivanti. All rights reserved. Copyright © 2021 Ivanti. All rights reserved. Thank You!

×