SlideShare a Scribd company logo

2021 November Patch Tuesday

Download as PPTX, PDF
Ivanti
Ivanti

November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities. From a risk perspective let’s start with the most sever, the two zero days. DHS CISA has also released BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by threat actors that also need some evaluation to see if you have some low hanging fruit to pluck from the reach of threat actors.

Technology
1 of 47
Patch Tuesday Webinar Wednesday, November 10, 2021 Hosted by Chris Goettl and Todd Schell
Agenda November 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2021 Ivanti. All rights reserved. November Patch Tuesday 2021 November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities. From a risk perspective let’s start with the most severe, the two zero days. DHS CISA has also released BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by threat actors. Perform an evaluation to see if you have some low hanging fruit to pluck from the reach of threat actors.
In the News
Copyright © 2021 Ivanti. All rights reserved. In the News  Pwn2Own Austin Event Occurred on Nov 1-4  Successful attacks on Routers, Printers and NAS, and Cell Phones  https://www.zerodayinitiative.com/blog/2021/11/1/pwn2ownaustin  Binding Operational Directive 22-01  Reducing the Significant Risk of Known Exploited Vulnerabilities  https://cyber.dhs.gov/bod/22-01/  Total of 287 CVEs are released in the alert  32 of them are trending in the last 30 days where attackers are focused on targeting and advancing their tactics  53 CVEs are actively used by Ransomware groups  54 CVEs are used by Malware authors  87 CVEs are capable of a Remote Code Execution  166 CVEs are Weaponized
Copyright © 2021 Ivanti. All rights reserved. What Risk Based Vulnerability Management Looks Like:
Copyright © 2021 Ivanti. All rights reserved. Exploited Vulnerabilities  CVE-2021-42292 Microsoft Excel Security Feature Bypass Vulnerability  CVSS 3.1 Scores: 7.8 / 7.0  Severity: Important  Impacts Excel in standalone, Office, 365 Apps, etc, on both Windows and macOS  CVE-2021-42321 Microsoft Exchange Server Remote Code Execution Vulnerability  CVSS 3.1 Scores: 8.8 / 7.7  Severity: Important  Impacts Exchange Server 2016 Cumulative Updates 21 and 22, and Exchange Server 2019 Cumulative Updates 10 and 11
Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-38631 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability  CVSS 3.0 Scores: 4.4 / 3.9  Severity: Important  Impacts all Workstation and Server versions from Server 2008 through Windows 11  CVE-2021-41371 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability  CVSS 3.1 Scores: 4.4 / 3.9  Severity: Important  Impacts all Workstation and Server versions from Server 2008 through Windows 11
Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities (cont)  CVE-2021-43208 3D Viewer Remote Code Execution Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts the 3D Viewer application  CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts the 3D Viewer application
Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  No Servicing Stack Updates (SSUs) this month  Development Tool and Other Updates  Azure FSLogix  Azure RTOS  Azure Sphere  Visual Studio Code  Visual Studio 2015 Update 3  Visual Studio 2017 version 15.9  Visual Studio 2019 versions 16.7 through 16.11
Copyright © 2021 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 Windows 10 Pro and Pro Workstation Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2021 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2021 Ivanti. All rights reserved. MS21-11-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5007215.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2021 Ivanti. All rights reserved. MS21-11-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10  KB 5007207 – Windows 10, Version 1507 LTSC  [Print Server] After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:  0x000006e4 (RPC_S_CANNOT_SUPPORT)  0x0000007c (ERROR_INVALID_LEVEL)  0x00000709 (ERROR_INVALID_PRINTER_NAME)  Workaround: See release health page for options. Microsoft is working on a resolution.  KB 5007192 – Windows 10, version 1607, Windows Server 2016  [Print Server]
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007206 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [Print Server]
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007189 – Windows 10 Enterprise, version 1909 Windows 10 Enterprise and Education, version 1909 Windows 10 IoT Enterprise, version 1909  [Print Server]
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007186 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5006670 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details.  [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5006736 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007263.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Server 2008  KB 5007263 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  [Print Server]  KB 5007246 – Windows Server 2008 (Security-only Update)  [File Rename]  [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5007246. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR7-ESU: Monthly Rollup for Win 7 MS21-11-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB 5006743 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007236.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE- 2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO7-ESU: Security-only Update for Win 7 MS21-11-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5007233. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB5006739 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007260.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE- 2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5007245. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5006714 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5007247.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 17 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021- 41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5007255. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 17 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
Copyright © 2021 Ivanti. All rights reserved. MS21-11-EXCH: Security Updates for Exchange Server  Maximum Severity: Important  Affected Products: Microsoft Exchange Server 2013 - 2019  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5007409.  Impact: Remote Code Execution and Spoofing  Fixes 3 Vulnerabilities: CVE-2021-42321 is known exploited. CVE-2021-41349 and CVE-2021-42305 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Exchange Server  KB 5007409 – Exchange Server 2013, 2016 and 2019  [Issue 1] If the update is run it in Normal mode (that is, not as an administrator), some files are not correctly updated and there are no error messages. This occurs because UAC prevents the security update from correctly stopping certain Exchange-related services. Workaround: Run as administrator in manual mode. See KB for more details.  [Issue 2] Exchange services might remain in a disabled state after you install this security update. Workaround: Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt.  [Issue 3] When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. Workaround: Enable third-party cookies for the domain that's hosting OWA or Office Online Server in the browser settings. See KB for more details.
Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Exchange Server (cont)  [Issue 4] When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a "(400) Bad Request" error message. Workaround: See Microsoft help article "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology for guidance.
Copyright © 2021 Ivanti. All rights reserved. MS21-11-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on KB 5002063.  Impact: Remote Code Execution  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-40442 is fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2021 Ivanti. All rights reserved. MS21-11-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 and LTSC 2021 for macOS, Office Online Server, and Office Web Apps Server 2013  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 3 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442 and CVE-2021-41368 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2021 Ivanti. All rights reserved. MS21-11-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 4 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442, CVE-2021-41368, and CVE-2021-42296 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Between Patch Tuesdays
Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Amazon Corretto 11 (1), Amazon Corretto 8 (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 8 (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), RedHat OpenJDK 8 (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8 (1)  Security (w/o CVEs): iTunes (1), Audacity (1), Box Edit (1), Camtasia (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Dropbox (1), Eclipse Adoptium JDK 11 (1), Eclipse Adoptium JDK 8 (1), Evernote (3), Firefox (1), FileZilla Client (2), GoodSync (10), GIT for Windows (1), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (3), Notepad++ (4), Opera (4), VirtualBox (1), Pidgin (1), Plex Media Server (2), RedHat OpenJDK JDK 11 (1), Skype (2), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (2), VMware Workstation Player (1), VMware Workstation Pro (1), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (3), CutePDF Writer (1), Google Drive File Stream (2), NextCloud Desktop Client (1), PDF-Xchange PRO (2), R for Windows (1), RingCentral App (Machine-Wide Installer) (2), RealVNC Server (1), RealVNC Viewer (1), Cisco WebEx Teams (2), WinMerge (1)
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 95.0.4638.54  CHROME-211019, QGC950463854  Fixes 16 Vulnerabilities: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE- 2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021- 37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996  Google Chrome 95.0.4638.69  CHROME-211028, QGC950463869  Fixes 7 Vulnerabilities: CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Java 8 Update 311  JAVA8-311, QJAVA8U311  Java Development Kit 8 Update 311  JDK8-311, QJDK8U311  RedHat OpenJDK 8.0.312  RHTJDK8-211102, QRHTJDK180312  Fixes 11 Vulnerabilities: CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE- 2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Amazon Corretto 11.0.13.8.1  CORRETTO11-211019, QCORRETTO11013  Amazon Corretto 8 Update 312  CORRETTO8-312, QCORRETTO8312  Java Development Kit 11 update 11.0.13  JDK11-211019, QJDK11U11013  Fixes 14 Vulnerabilities: CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE-2021-35561, CVE- 2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021- 35586, CVE-2021-35588, CVE-2021-35603
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 94.0  FF-211102, QFF94  Fixes 8 Vulnerabilities: CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE- 2021-38510  Firefox ESR 91.3.0  FFE-211102, QFFE9130  Fixes 8 Vulnerabilities: CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE- 2021-38510
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Nitro Pro 13.50.4.1013  NITRO-211026, QNITRO135041013  Fixes 2 Vulnerabilities: CVE-2021-21796, CVE-2021-21797  Nitro Pro Enterprise 13.50.4.1013  NITROE-211026, QNITROE135041013  Fixes 2 Vulnerabilities: CVE-2021-21796, CVE-2021-21797  Node.JS 16.11.1 (Current)  NOJSC-211013, QNODEJSC16111  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960  Node.JS 12.22.7 (LTS Lower)  NOJSLL-211013, QNODEJSL12227  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960  Node.JS 14.18.1 (LTS Upper)  NOJSLU-211013, QNODEJSLU14181  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960
Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Azul Zulu JDK 11.52.13 (11.0.13)  ZULUJDK11-211020, QZULUJDK115213  Azul Zulu JDK 8.58.0.13 (8u312)  ZULUJDK8-211019, QZULUJDK858013  Azul Zulu JRE 11.52.13 (11.0.13)  ZULUJRE11-211020, QZULUJRE115213  Azul Zulu JRE 8.58.0.13 (8u312)  ZULUJRE8-211019, QZULUJRE858013  Fixes 15 Vulnerabilities: CVE-2021-27290, CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE- 2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021- 35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
Q & A
Copyright © 2021 Ivanti. All rights reserved. Thank You!

Recommended

Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
Ivanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
Ivanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
Ivanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 

Recommended

Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
Ivanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 
August 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - FrenchAugust 2021 Patch Tuesday slides - French
August 2021 Patch Tuesday slides - French
Ivanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
Ivanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
Ivanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
Ivanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
Ivanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
Ivanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
Ivanti
 

More Related Content

What's hot

2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
Ivanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
Ivanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
Ivanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
Ivanti
 

What's hot (20)

2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
 
2021 August Patch Tuesday
2021 August Patch Tuesday2021 August Patch Tuesday
2021 August Patch Tuesday
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
December Patch Tuesday 2020
December Patch Tuesday 2020December Patch Tuesday 2020
December Patch Tuesday 2020
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
February Patch Tuesday 2019
February Patch Tuesday 2019February Patch Tuesday 2019
February Patch Tuesday 2019
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
 

Similar to 2021 November Patch Tuesday

2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
Ivanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
Ivanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
Ivanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
Ivanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
Ivanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
Ivanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
Ivanti
 

Similar to 2021 November Patch Tuesday (20)

2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 

More from Ivanti

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
Ivanti
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
Ivanti
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
Ivanti
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 

Recently uploaded

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 

Recently uploaded (20)

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 

2021 November Patch Tuesday

  • 1. Patch Tuesday Webinar Wednesday, November 10, 2021 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda November 2021 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2021 Ivanti. All rights reserved. November Patch Tuesday 2021 November Patch Tuesday feels light, but there are a couple of chilling vulnerabilities to resolve. Microsoft has resolved a total of 55 vulnerabilities (CVE’s), six of which are rated as Critical. The updates include the normal lineup of Windows OS, Office, Azure, and some dev tools like Visual Studio. There are two Zero Day vulnerabilities in Microsoft Exchange (CVE-2021-42321) and Excel (CVE-2021-42292) which need attention. Along with the two Zero Day vulnerabilities there are also four publicly disclosed vulnerabilities. From a risk perspective let’s start with the most severe, the two zero days. DHS CISA has also released BOD 22-01 which outlines 287 vulnerabilities, many over a year old, that are still commonly exploited by threat actors. Perform an evaluation to see if you have some low hanging fruit to pluck from the reach of threat actors.
  • 6. Copyright © 2021 Ivanti. All rights reserved. In the News  Pwn2Own Austin Event Occurred on Nov 1-4  Successful attacks on Routers, Printers and NAS, and Cell Phones  https://www.zerodayinitiative.com/blog/2021/11/1/pwn2ownaustin  Binding Operational Directive 22-01  Reducing the Significant Risk of Known Exploited Vulnerabilities  https://cyber.dhs.gov/bod/22-01/  Total of 287 CVEs are released in the alert  32 of them are trending in the last 30 days where attackers are focused on targeting and advancing their tactics  53 CVEs are actively used by Ransomware groups  54 CVEs are used by Malware authors  87 CVEs are capable of a Remote Code Execution  166 CVEs are Weaponized
  • 7. Copyright © 2021 Ivanti. All rights reserved. What Risk Based Vulnerability Management Looks Like:
  • 8. Copyright © 2021 Ivanti. All rights reserved. Exploited Vulnerabilities  CVE-2021-42292 Microsoft Excel Security Feature Bypass Vulnerability  CVSS 3.1 Scores: 7.8 / 7.0  Severity: Important  Impacts Excel in standalone, Office, 365 Apps, etc, on both Windows and macOS  CVE-2021-42321 Microsoft Exchange Server Remote Code Execution Vulnerability  CVSS 3.1 Scores: 8.8 / 7.7  Severity: Important  Impacts Exchange Server 2016 Cumulative Updates 21 and 22, and Exchange Server 2019 Cumulative Updates 10 and 11
  • 9. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2021-38631 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability  CVSS 3.0 Scores: 4.4 / 3.9  Severity: Important  Impacts all Workstation and Server versions from Server 2008 through Windows 11  CVE-2021-41371 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability  CVSS 3.1 Scores: 4.4 / 3.9  Severity: Important  Impacts all Workstation and Server versions from Server 2008 through Windows 11
  • 10. Copyright © 2021 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities (cont)  CVE-2021-43208 3D Viewer Remote Code Execution Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts the 3D Viewer application  CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts the 3D Viewer application
  • 11. Copyright © 2021 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  No Servicing Stack Updates (SSUs) this month  Development Tool and Other Updates  Azure FSLogix  Azure RTOS  Azure Sphere  Visual Studio Code  Visual Studio 2015 Update 3  Visual Studio 2017 version 15.9  Visual Studio 2019 versions 16.7 through 16.11
  • 12. Copyright © 2021 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 2004 5/27/2020 12/14/2021 1909 11/12/2019 5/10/2022 Windows 10 Pro and Pro Workstation Version Release Date End of Support Date 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows Datacenter and Standard Server Version Release Date End of Support Date 20H2 10/20/2020 5/10/2022 2004 5/27/2020 12/14/2021 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 13. Copyright © 2021 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
  • 14. Copyright © 2021 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 16. Copyright © 2021 Ivanti. All rights reserved. MS21-11-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This bulletin references KB 5007215.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 22 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 17. Copyright © 2021 Ivanti. All rights reserved. MS21-11-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2, 21H1, Server 2016, Server 2019, Server 2022, Server version 1909, Server version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 18. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10  KB 5007207 – Windows 10, Version 1507 LTSC  [Print Server] After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:  0x000006e4 (RPC_S_CANNOT_SUPPORT)  0x0000007c (ERROR_INVALID_LEVEL)  0x00000709 (ERROR_INVALID_PRINTER_NAME)  Workaround: See release health page for options. Microsoft is working on a resolution.  KB 5007192 – Windows 10, version 1607, Windows Server 2016  [Print Server]
  • 19. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007206 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.  [Print Server]
  • 20. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007189 – Windows 10 Enterprise, version 1909 Windows 10 Enterprise and Education, version 1909 Windows 10 IoT Enterprise, version 1909  [Print Server]
  • 21. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5007186 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For more information and a workaround, see KB5005322.  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.
  • 22. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Windows 10 (cont)  KB 5006670 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Smart Card Failure] After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red. Workaround: Requires use of Known Issue Rollback (KIR). See KB for details.  [Print Server]
  • 23. Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 5006736 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007263.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide.
  • 24. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Server 2008  KB 5007263 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  [Print Server]  KB 5007246 – Windows Server 2008 (Security-only Update)  [File Rename]  [Print Server]
  • 25. Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5007246. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 13 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See previous slide.
  • 26. Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR7-ESU: Monthly Rollup for Win 7 MS21-11-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This security update includes improvements and fixes that were a part of update KB 5006743 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007236.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE- 2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 27. Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO7-ESU: Security-only Update for Win 7 MS21-11-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5007233. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure  Fixes 15 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 28. Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB5006739 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. Bulletin is based on KB 5007260.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE- 2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 29. Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5007245. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.  Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure  Fixes 16 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 30. Copyright © 2021 Ivanti. All rights reserved. MS21-11-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 5006714 (released October 12, 2021). This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. Bulletin is based on KB 5007247.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 17 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021- 41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 31. Copyright © 2021 Ivanti. All rights reserved. MS21-11-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5007255. This update contains several printer driver fixes and miscellaneous security improvements to internal OS functionality.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 17 Vulnerabilities: No CVEs are known exploited. CVE-2021-38631 and CVE-2021-41371 are publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] and [Print Server]
  • 32. Copyright © 2021 Ivanti. All rights reserved. MS21-11-EXCH: Security Updates for Exchange Server  Maximum Severity: Important  Affected Products: Microsoft Exchange Server 2013 - 2019  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5007409.  Impact: Remote Code Execution and Spoofing  Fixes 3 Vulnerabilities: CVE-2021-42321 is known exploited. CVE-2021-41349 and CVE-2021-42305 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  • 33. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Exchange Server  KB 5007409 – Exchange Server 2013, 2016 and 2019  [Issue 1] If the update is run it in Normal mode (that is, not as an administrator), some files are not correctly updated and there are no error messages. This occurs because UAC prevents the security update from correctly stopping certain Exchange-related services. Workaround: Run as administrator in manual mode. See KB for more details.  [Issue 2] Exchange services might remain in a disabled state after you install this security update. Workaround: Use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt.  [Issue 3] When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. Workaround: Enable third-party cookies for the domain that's hosting OWA or Office Online Server in the browser settings. See KB for more details.
  • 34. Copyright © 2021 Ivanti. All rights reserved. November Known Issues for Exchange Server (cont)  [Issue 4] When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a "(400) Bad Request" error message. Workaround: See Microsoft help article "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology for guidance.
  • 35. Copyright © 2021 Ivanti. All rights reserved. MS21-11-SPT: Security Updates for SharePoint Server  Maximum Severity: Important  Affected Products: Microsoft SharePoint Enterprise Server 2013  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on KB 5002063.  Impact: Remote Code Execution  Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited. CVE-2021-40442 is fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
  • 36. Copyright © 2021 Ivanti. All rights reserved. MS21-11-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 and LTSC 2021 for macOS, Office Online Server, and Office Web Apps Server 2013  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references just the release notes for the macOS Office.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 3 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442 and CVE-2021-41368 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 37. Copyright © 2021 Ivanti. All rights reserved. MS21-11-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Security Feature Bypass  Fixes 4 Vulnerabilities: CVE-2021-42292 is known exploited. CVE-2021-40442, CVE-2021-41368, and CVE-2021-42296 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 39. Copyright © 2021 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Amazon Corretto 11 (1), Amazon Corretto 8 (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 8 (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), RedHat OpenJDK 8 (1), Azul Zulu JDK 11 (1), Azul Zulu JDK 8 (1), Azul Zulu JRE 11 (1), Azul Zulu JRE 8 (1)  Security (w/o CVEs): iTunes (1), Audacity (1), Box Edit (1), Camtasia (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Dropbox (1), Eclipse Adoptium JDK 11 (1), Eclipse Adoptium JDK 8 (1), Evernote (3), Firefox (1), FileZilla Client (2), GoodSync (10), GIT for Windows (1), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (3), Notepad++ (4), Opera (4), VirtualBox (1), Pidgin (1), Plex Media Server (2), RedHat OpenJDK JDK 11 (1), Skype (2), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (2), VMware Workstation Player (1), VMware Workstation Pro (1), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (3), CutePDF Writer (1), Google Drive File Stream (2), NextCloud Desktop Client (1), PDF-Xchange PRO (2), R for Windows (1), RingCentral App (Machine-Wide Installer) (2), RealVNC Server (1), RealVNC Viewer (1), Cisco WebEx Teams (2), WinMerge (1)
  • 40. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 95.0.4638.54  CHROME-211019, QGC950463854  Fixes 16 Vulnerabilities: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE- 2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021- 37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996  Google Chrome 95.0.4638.69  CHROME-211028, QGC950463869  Fixes 7 Vulnerabilities: CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003
  • 41. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Java 8 Update 311  JAVA8-311, QJAVA8U311  Java Development Kit 8 Update 311  JDK8-311, QJDK8U311  RedHat OpenJDK 8.0.312  RHTJDK8-211102, QRHTJDK180312  Fixes 11 Vulnerabilities: CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE- 2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
  • 42. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Amazon Corretto 11.0.13.8.1  CORRETTO11-211019, QCORRETTO11013  Amazon Corretto 8 Update 312  CORRETTO8-312, QCORRETTO8312  Java Development Kit 11 update 11.0.13  JDK11-211019, QJDK11U11013  Fixes 14 Vulnerabilities: CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE-2021-35561, CVE- 2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021- 35586, CVE-2021-35588, CVE-2021-35603
  • 43. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 94.0  FF-211102, QFF94  Fixes 8 Vulnerabilities: CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE- 2021-38510  Firefox ESR 91.3.0  FFE-211102, QFFE9130  Fixes 8 Vulnerabilities: CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE- 2021-38510
  • 44. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Nitro Pro 13.50.4.1013  NITRO-211026, QNITRO135041013  Fixes 2 Vulnerabilities: CVE-2021-21796, CVE-2021-21797  Nitro Pro Enterprise 13.50.4.1013  NITROE-211026, QNITROE135041013  Fixes 2 Vulnerabilities: CVE-2021-21796, CVE-2021-21797  Node.JS 16.11.1 (Current)  NOJSC-211013, QNODEJSC16111  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960  Node.JS 12.22.7 (LTS Lower)  NOJSLL-211013, QNODEJSL12227  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960  Node.JS 14.18.1 (LTS Upper)  NOJSLU-211013, QNODEJSLU14181  Fixes 2 Vulnerabilities: CVE-2021-22959, CVE-2021-22960
  • 45. Copyright © 2021 Ivanti. All rights reserved. Third Party CVE Information (cont)  Azul Zulu JDK 11.52.13 (11.0.13)  ZULUJDK11-211020, QZULUJDK115213  Azul Zulu JDK 8.58.0.13 (8u312)  ZULUJDK8-211019, QZULUJDK858013  Azul Zulu JRE 11.52.13 (11.0.13)  ZULUJRE11-211020, QZULUJRE115213  Azul Zulu JRE 8.58.0.13 (8u312)  ZULUJRE8-211019, QZULUJRE858013  Fixes 15 Vulnerabilities: CVE-2021-27290, CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE- 2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021- 35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
  • 46. Q & A
  • 47. Copyright © 2021 Ivanti. All rights reserved. Thank You!