SlideShare a Scribd company logo

2022 August Patch Tuesday

Download as PPTX, PDF
Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Technology
1 of 46
Patch Tuesday Webinar Wednesday, August 10, 2022 Hosted by Chris Goettl and Todd Schell
Agenda August 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2022 Ivanti. All rights reserved. August Patch Tuesday 2022 Microsoft resolved a total of 121 new unique CVEs with their August Patch Tuesday update. Included in this release are 17 Critical CVEs, one publicly disclosed and known exploited CVE (CVE-2022-34713) in the Windows OS, and one publicly disclosed CVE (CVE-2022-30134) in Microsoft Exchange that will require additional steps to resolve. Adobe released an update for Acrobat and Reader which resolves a total of 7 CVEs, 3 of which are Critical. There are also several housekeeping items you should be aware of such as the wind down of ESU support for Server 20082008 R2, ensuring you are planning for budget or wind down of Server 20122012 R2 which will end extended support next October, and the upcoming end of support for the Windows 10 21H1 branch coming in December.
In the News
Copyright © 2022 Ivanti. All rights reserved. In the News  Another MSDT Vuln Exploited:  https://krebsonsecurity.com/2022/08/microsoft-patch-tuesday- august-2022-edition/  Original Follina MSDT vuln (CVE-2022-30190) discovered in May, Patched in June:  https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases- workaround-guidance-msdt-follina-vulnerability  https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability
Copyright © 2022 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability  CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability  CVSS 3.1 Scores: 7.8 / 7.2  Severity: Important  Impacts all Windows workstation and server operating systems except Server 2008  Exploitation of this vulnerability requires the user to open a specially crafted file which can be obtained via email attachment or downloaded from a malicious web site. This is a variant of another recent MSDT vulnerability known as Dogwalk.
Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability  CVSS 3.1 Scores: 7.6 / 6.6  Severity: Important  Impacts all currently supported versions  Exchange Server 2013 CU 23  Exchange Server 2016 CU 22 & 23  Exchange Server 2019 CU 11 & 12  Exploitation of this vulnerability is unlikely because an attacker would have to host a specially crafted server share or website. The attacker would then have to convince a user to visit the server share or website, typically by way of an enticement in an email or chat message.  The Exchange Blog for more details on the update  Details on how to implement Windows Extended Protection are available here
Copyright © 2022 Ivanti. All rights reserved. Secure Boot Vulnerabilities  Unified Extensible Firmware Interface (UEFI)  Manages the interaction between firmware and operating system  Contains Secure Boot an anti-rootkit feature that defends the boot process from untrusted code execution  Secure Boot uses DBX which is the Forbidden Signature Database and tracks the revoked boot images  GRUB (GRand Unified Bootloader) is the default boot loader for multiple Linux Distributions  Advisory 200011 Microsoft Guidance for Addressing Security Feature Bypass in GRUB  KB 5012170: Security update for Secure Boot DBX  Server 2012/2012 R2, Multiple versions of Windows 10 and associated servers, Windows 11, Azure stack 1809  Additional Boot Loader Bypass Updates:  CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass  CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass  CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Win 10 Ver 1607/Server 2016  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure Sphere  Azure Batch  Azure Site Recovery VMWare to Azure  Azure Real Time Operating System GUIX Studio  Visual Studio 2012 Update 5 – 2022 17.2 Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Microsoft Windows Server Support  Semi-Annual Channel (SAC) Support  Program ended August 9th  Windows Server 20H2 was final version  Long-Term Service Channel (LTSC) Support  New releases every 2-3 years  5 years regular support and then 5 years extended  All SAC functionality in latest LTSC  Current versions  Server 2019  Server 2022
Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 20H2 10/20/2020 8/9/2022 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2022 Ivanti. All rights reserved. APSB22-39: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 3 Critical and 4 Important vulnerabilities. See https://helpx.adobe.com/security/products/acrobat/apsb22-39.html for complete details.  Impact: Remote Code Execution and Information Disclosure  Fixes 7 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
Copyright © 2022 Ivanti. All rights reserved. MS22-08-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This security update includes improvements that were a part of update KB 5015882 (released July 21, 2022). This bulletin references KB 5016629.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 54 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 11  KB 5016629 – Windows 11  [IE Mode] After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app. Workaround: This issue is resolved using Known Issue Rollback (KIR). See KB for link to Windows 11 (original release) KB 5014019 220624_22553 Known Issue Rollback. For enterprise-managed devices that have installed an affected update and encountered this issue, they can resolve it by installing and configuring the special Group Policy also provided in KB.  [XPS Viewer] After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. See KB for more details. Workaround: None. Microsoft is working on a resolution.
Copyright © 2022 Ivanti. All rights reserved. MS22-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version 20H2, Server 21H1 and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 60 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10  KB 5016623 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 5016616 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [Printer Copy] Reports of duplicate copies of printers installed on a device (commonly with a similar name and the suffix "Copy1"), and applications which refer to the printer by a specific name cannot print. Normal printer usage might be interrupted, resulting in failure of printing operations. Workaround: Review printer settings and adjust as needed – remove, rename, re-install, etc. See KB for details.  [IE Mode]  [XPS Viewer]
Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 5016627 – Windows Server 2022  [IE Mode]
Copyright © 2022 Ivanti. All rights reserved. MS22-08-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Internet Explorer 11  Description: The fixes that are included in this update are also included in the August 2022 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes. This bulletin references KB 5016618.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and Elevation of Privilege  Fixes 34 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires browser restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5015866 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016669.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016686.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR7-ESU: Monthly Rollup for Win 7 MS22-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5015861 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016676.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO7-ESU: Security-only Update for Win 7 MS22-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016679.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5015863 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016672.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016684.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5015874 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016681.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016683.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-08-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5015322 and KB 5015321.  Impact: Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: CVE-2022-30134 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 and 2016, Office 2013 and 2016, Outlook 2013 and 2016 and Office Online Server  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 7 KB articles.  Impact: Remote Code Execution, Security Feature Bypass, and Denial of Service  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-33631, CVE-2022-33648, CVE-2022-34717 and CVE-2022- 35742 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-08-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution, Security Feature Bypass and Denial of Service  Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-33631, CVE-2022-34717 and CVE-2022-35742 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Between Patch Tuesdays
Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Apache Tomcat (2), Azul Zulu (3), Google Chrome (2), Corretto (3), Eclipse Adoptium (2), Firefox (1), Firefox ESR (2), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), Java 8 (1), Java Development Kit (2), VirtualBox (1), RedHat OpenJDK (3)  Security (w/o CVEs): 7-Zip (1), CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace app LTSR (1), Citrix Workspace App (1), Docker for Windows Stable (2), Docker for Windows (1), Dropbox (2), Evernote (1), Firefox (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), GoodSync (3), GIT for windows (1), Malwarebytes (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (Current) (2), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (3), Plex Media Server (2), PeaZip (1), Royal TS (1), Skype (1), SeaMonkey (1), Splunk Universal Forwarder (2), Tableau Desktop (6), Tableau Prep Builder (2), Tableau Reader (2), Thunderbird (1), TeamViewer (1), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (1), Amazon WorkSpaces (3), Beyond Compare (1), Boxcryptor (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (3), Inkscape (1), BlueJeans (1), NextCloud Desktop Client (2), Python (1), RingCentral App (Machine-Wide Installer) (1), Recuva (1), Cisco WebEx Teams (1), WinMerge (1)
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 103.0.5060.134  CHROME-220719, QGC10305060134  Fixes 6 Vulnerabilities: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE- 2022-2479, CVE-2022-2480, CVE-2022-2481  Google Chrome 104.0.5112.81  CHROME-220802, QGC1040511281  Fixes 22 Vulnerabilities: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE- 2022-2606, CVE-2022-2607, CVE-2022-2608, CVE-2022-2609, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2613, CVE-2022-2614, CVE-2022- 2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE- 2022-2620, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Java 8 Update 341  JAVA8-220719, QJDK8U341  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541,CVE-2022-34169, CVE-2022-21540, CVE- 2022-21541, CVE-2022-34169  Java Development Kit 11 Update 11.0.16  JDK11-220719, QJDK11016  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169  Java Development Kit 17 Update 17.0.4  JDK17-220719, QJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Corretto 17.0.4.8.1  CRTO17-220719, QCRTOJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169  Corretto 11.0.16.8.1  CRTO11-220719, QCRTOJDK11016  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169  Corretto 8.342.07.1  CRTO8-220719, QCRTOJDK8342  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Eclipse Adoptium 17.0.4.8  ECL17-220725, QECLJDK17048  Fixes 8 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022- 34169  Eclipse Adoptium 11.0.16.8  ECL11-220725, QECLJDK110168  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  VirtualBox 6.1.36  OVB61-220720, QOVB6136  Fixes 2 Vulnerabilities: CVE-2022-21554, CVE-2022-21571
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 103.0  FF-220726, QFF1030  Fixes 8 Vulnerabilities: CVE-2022-2505, CVE-2022-36314, CVE-2022-36315, CVE-2022- 36316, CVE-2022-36317, CVE-2022-36318, CVE-2022-36319, CVE-2022-36320  Firefox ESR 102.1.0  FFE-220725, QFFE10210  Fixes 4 Vulnerabilities: CVE-2022-2505, CVE-2022-36314, CVE-2022-36318, CVE-2022- 36319  Firefox ESR 91.12.0  FF-220726, QFFE91120  Fixes 2 Vulnerabilities: CVE-2022-36318, CVE-2022-36319
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  RedHat OpenJDK 17.0.4.0.8  RHTJDK17-220728, QRHTJDK170408  Fixes 8 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169  RedHat OpenJDK 11.0.16.8  RHTJDK11-220728, QRHTJDK110168  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  RedHat OpenJDK 8.0.342  RHTJDK8-220728, QRHTJDK180342  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Azul Zulu 17.0.4  ZULU17-220725, QZULUJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169  Azul Zulu 11.0.16  ZULU11-220725, QZULUJDK11016  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  Azul Zulu 8.64.0.15 (8u342)  ZULU8-220719, QZULUJDK864015  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PDF Editor 12.0.1.12430  FPDFE-220729, QFPDFE1201  Fixes 2 Vulnerabilities: CVE-2022-26979, CVE-2022-27944  Apache Tomcat 10.0.23.0  TOMCAT10-220726, QTOMCAT100230  Fixes 1 Vulnerability: CVE-2022-34305  Apache Tomcat 9.0.65.0  TOMCAT9-220721, QTOMCAT90650  Fixes 1 Vulnerability: CVE-2022-34305
Q & A
Copyright © 2022 Ivanti. All rights reserved. Thank You!

Recommended

2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
Ivanti
 

Recommended

2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
Infosec
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumMuhammad Ghazali MBCI, ISO22301 LA, CRISC, BCM Trainer
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012
Youssef Atshan
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
JohnHPazEMCPMPITIL5G
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
Ivanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
Ivanti
 

More Related Content

What's hot

2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
Infosec
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012
Youssef Atshan
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
JohnHPazEMCPMPITIL5G
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
Ivanti
 

What's hot (20)

2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
nessus
nessusnessus
nessus
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012تنصيب واعداد Windows Server 2012
تنصيب واعداد Windows Server 2012
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
 

Similar to 2022 August Patch Tuesday

2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
Ivanti
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
Ivanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
Ivanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
Ivanti
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
Ivanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
Ivanti
 

Similar to 2022 August Patch Tuesday (20)

2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 

More from Ivanti

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
Ivanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
Ivanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 

Recently uploaded

Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

Recently uploaded (20)

Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 

2022 August Patch Tuesday

  • 1. Patch Tuesday Webinar Wednesday, August 10, 2022 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda August 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2022 Ivanti. All rights reserved. August Patch Tuesday 2022 Microsoft resolved a total of 121 new unique CVEs with their August Patch Tuesday update. Included in this release are 17 Critical CVEs, one publicly disclosed and known exploited CVE (CVE-2022-34713) in the Windows OS, and one publicly disclosed CVE (CVE-2022-30134) in Microsoft Exchange that will require additional steps to resolve. Adobe released an update for Acrobat and Reader which resolves a total of 7 CVEs, 3 of which are Critical. There are also several housekeeping items you should be aware of such as the wind down of ESU support for Server 20082008 R2, ensuring you are planning for budget or wind down of Server 20122012 R2 which will end extended support next October, and the upcoming end of support for the Windows 10 21H1 branch coming in December.
  • 6. Copyright © 2022 Ivanti. All rights reserved. In the News  Another MSDT Vuln Exploited:  https://krebsonsecurity.com/2022/08/microsoft-patch-tuesday- august-2022-edition/  Original Follina MSDT vuln (CVE-2022-30190) discovered in May, Patched in June:  https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases- workaround-guidance-msdt-follina-vulnerability  https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability
  • 7. Copyright © 2022 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability  CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability  CVSS 3.1 Scores: 7.8 / 7.2  Severity: Important  Impacts all Windows workstation and server operating systems except Server 2008  Exploitation of this vulnerability requires the user to open a specially crafted file which can be obtained via email attachment or downloaded from a malicious web site. This is a variant of another recent MSDT vulnerability known as Dogwalk.
  • 8. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerability  CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability  CVSS 3.1 Scores: 7.6 / 6.6  Severity: Important  Impacts all currently supported versions  Exchange Server 2013 CU 23  Exchange Server 2016 CU 22 & 23  Exchange Server 2019 CU 11 & 12  Exploitation of this vulnerability is unlikely because an attacker would have to host a specially crafted server share or website. The attacker would then have to convince a user to visit the server share or website, typically by way of an enticement in an email or chat message.  The Exchange Blog for more details on the update  Details on how to implement Windows Extended Protection are available here
  • 9. Copyright © 2022 Ivanti. All rights reserved. Secure Boot Vulnerabilities  Unified Extensible Firmware Interface (UEFI)  Manages the interaction between firmware and operating system  Contains Secure Boot an anti-rootkit feature that defends the boot process from untrusted code execution  Secure Boot uses DBX which is the Forbidden Signature Database and tracks the revoked boot images  GRUB (GRand Unified Bootloader) is the default boot loader for multiple Linux Distributions  Advisory 200011 Microsoft Guidance for Addressing Security Feature Bypass in GRUB  KB 5012170: Security update for Secure Boot DBX  Server 2012/2012 R2, Multiple versions of Windows 10 and associated servers, Windows 11, Azure stack 1809  Additional Boot Loader Bypass Updates:  CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass  CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass  CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
  • 10. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Win 10 Ver 1607/Server 2016  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure Sphere  Azure Batch  Azure Site Recovery VMWare to Azure  Azure Real Time Operating System GUIX Studio  Visual Studio 2012 Update 5 – 2022 17.2 Source: Microsoft
  • 11. Copyright © 2022 Ivanti. All rights reserved. Microsoft Windows Server Support  Semi-Annual Channel (SAC) Support  Program ended August 9th  Windows Server 20H2 was final version  Long-Term Service Channel (LTSC) Support  New releases every 2-3 years  5 years regular support and then 5 years extended  All SAC functionality in latest LTSC  Current versions  Server 2019  Server 2022
  • 12. Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 13. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 20H2 10/20/2020 8/9/2022 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 14. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 16. Copyright © 2022 Ivanti. All rights reserved. APSB22-39: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 3 Critical and 4 Important vulnerabilities. See https://helpx.adobe.com/security/products/acrobat/apsb22-39.html for complete details.  Impact: Remote Code Execution and Information Disclosure  Fixes 7 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
  • 17. Copyright © 2022 Ivanti. All rights reserved. MS22-08-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium  Description: This security update includes improvements that were a part of update KB 5015882 (released July 21, 2022). This bulletin references KB 5016629.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 54 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
  • 18. Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 11  KB 5016629 – Windows 11  [IE Mode] After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app. Workaround: This issue is resolved using Known Issue Rollback (KIR). See KB for link to Windows 11 (original release) KB 5014019 220624_22553 Known Issue Rollback. For enterprise-managed devices that have installed an affected update and encountered this issue, they can resolve it by installing and configuring the special Group Policy also provided in KB.  [XPS Viewer] After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. See KB for more details. Workaround: None. Microsoft is working on a resolution.
  • 19. Copyright © 2022 Ivanti. All rights reserved. MS22-08-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version 20H2, Server 21H1 and Edge Chromium  Description: This bulletin references 6 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 60 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 20. Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10  KB 5016623 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  • 21. Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 5016616 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. See KB for details.  [Printer Copy] Reports of duplicate copies of printers installed on a device (commonly with a similar name and the suffix "Copy1"), and applications which refer to the printer by a specific name cannot print. Normal printer usage might be interrupted, resulting in failure of printing operations. Workaround: Review printer settings and adjust as needed – remove, rename, re-install, etc. See KB for details.  [IE Mode]  [XPS Viewer]
  • 22. Copyright © 2022 Ivanti. All rights reserved. August Known Issues for Windows 10 (cont)  KB 5016627 – Windows Server 2022  [IE Mode]
  • 23. Copyright © 2022 Ivanti. All rights reserved. MS22-08-IE: Security Updates for Internet Explorer  Maximum Severity: Critical  Affected Products: Internet Explorer 11  Description: The fixes that are included in this update are also included in the August 2022 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes. This bulletin references KB 5016618.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service and Elevation of Privilege  Fixes 34 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires browser restart  Known Issues: None reported
  • 24. Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5015866 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016669.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 25. Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016686.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 26. Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR7-ESU: Monthly Rollup for Win 7 MS22-08-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5015861 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016676.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 27. Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO7-ESU: Security-only Update for Win 7 MS22-08-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016679.  Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 29 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 28. Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5015863 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016672.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 29. Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016684.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 30. Copyright © 2022 Ivanti. All rights reserved. MS22-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5015874 (released July 12, 2022). Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016681.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 31. Copyright © 2022 Ivanti. All rights reserved. MS22-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. Bulletin is based on KB 5016683.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege and Information Disclosure  Fixes 40 Vulnerabilities: CVE-2022-34713 is known exploited and publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 32. Copyright © 2022 Ivanti. All rights reserved. MS22-08-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5015322 and KB 5015321.  Impact: Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: CVE-2022-30134 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 33. Copyright © 2022 Ivanti. All rights reserved. MS22-08-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2013 and 2016, Office 2013 and 2016, Outlook 2013 and 2016 and Office Online Server  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 7 KB articles.  Impact: Remote Code Execution, Security Feature Bypass, and Denial of Service  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-33631, CVE-2022-33648, CVE-2022-34717 and CVE-2022- 35742 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 34. Copyright © 2022 Ivanti. All rights reserved. MS22-08-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution, Security Feature Bypass and Denial of Service  Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-33631, CVE-2022-34717 and CVE-2022-35742 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 36. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Apache Tomcat (2), Azul Zulu (3), Google Chrome (2), Corretto (3), Eclipse Adoptium (2), Firefox (1), Firefox ESR (2), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), Java 8 (1), Java Development Kit (2), VirtualBox (1), RedHat OpenJDK (3)  Security (w/o CVEs): 7-Zip (1), CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace app LTSR (1), Citrix Workspace App (1), Docker for Windows Stable (2), Docker for Windows (1), Dropbox (2), Evernote (1), Firefox (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), GoodSync (3), GIT for windows (1), Malwarebytes (1), Nitro Pro (1), Nitro Pro Enterprise (1), Node.JS (Current) (2), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (3), Plex Media Server (2), PeaZip (1), Royal TS (1), Skype (1), SeaMonkey (1), Splunk Universal Forwarder (2), Tableau Desktop (6), Tableau Prep Builder (2), Tableau Reader (2), Thunderbird (1), TeamViewer (1), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (1), Zoom VDI (1)  Non-Security Updates: AIMP (1), Amazon WorkSpaces (3), Beyond Compare (1), Boxcryptor (1), Camtasia (1), Google Drive File Stream (1), GeoGebra Classic (3), Inkscape (1), BlueJeans (1), NextCloud Desktop Client (2), Python (1), RingCentral App (Machine-Wide Installer) (1), Recuva (1), Cisco WebEx Teams (1), WinMerge (1)
  • 37. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 103.0.5060.134  CHROME-220719, QGC10305060134  Fixes 6 Vulnerabilities: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE- 2022-2479, CVE-2022-2480, CVE-2022-2481  Google Chrome 104.0.5112.81  CHROME-220802, QGC1040511281  Fixes 22 Vulnerabilities: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE- 2022-2606, CVE-2022-2607, CVE-2022-2608, CVE-2022-2609, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2613, CVE-2022-2614, CVE-2022- 2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE- 2022-2620, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624
  • 38. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Java 8 Update 341  JAVA8-220719, QJDK8U341  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541,CVE-2022-34169, CVE-2022-21540, CVE- 2022-21541, CVE-2022-34169  Java Development Kit 11 Update 11.0.16  JDK11-220719, QJDK11016  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169  Java Development Kit 17 Update 17.0.4  JDK17-220719, QJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169
  • 39. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Corretto 17.0.4.8.1  CRTO17-220719, QCRTOJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169  Corretto 11.0.16.8.1  CRTO11-220719, QCRTOJDK11016  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169  Corretto 8.342.07.1  CRTO8-220719, QCRTOJDK8342  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169
  • 40. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Eclipse Adoptium 17.0.4.8  ECL17-220725, QECLJDK17048  Fixes 8 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022- 34169  Eclipse Adoptium 11.0.16.8  ECL11-220725, QECLJDK110168  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  VirtualBox 6.1.36  OVB61-220720, QOVB6136  Fixes 2 Vulnerabilities: CVE-2022-21554, CVE-2022-21571
  • 41. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox 103.0  FF-220726, QFF1030  Fixes 8 Vulnerabilities: CVE-2022-2505, CVE-2022-36314, CVE-2022-36315, CVE-2022- 36316, CVE-2022-36317, CVE-2022-36318, CVE-2022-36319, CVE-2022-36320  Firefox ESR 102.1.0  FFE-220725, QFFE10210  Fixes 4 Vulnerabilities: CVE-2022-2505, CVE-2022-36314, CVE-2022-36318, CVE-2022- 36319  Firefox ESR 91.12.0  FF-220726, QFFE91120  Fixes 2 Vulnerabilities: CVE-2022-36318, CVE-2022-36319
  • 42. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  RedHat OpenJDK 17.0.4.0.8  RHTJDK17-220728, QRHTJDK170408  Fixes 8 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169  RedHat OpenJDK 11.0.16.8  RHTJDK11-220728, QRHTJDK110168  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  RedHat OpenJDK 8.0.342  RHTJDK8-220728, QRHTJDK180342  Fixes 3 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169
  • 43. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Azul Zulu 17.0.4  ZULU17-220725, QZULUJDK1704  Fixes 4 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE- 2022-34169  Azul Zulu 11.0.16  ZULU11-220725, QZULUJDK11016  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169  Azul Zulu 8.64.0.15 (8u342)  ZULU8-220719, QZULUJDK864015  Fixes 6 Vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE- 2022-21540, CVE-2022-21541, CVE-2022-34169
  • 44. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Foxit PDF Editor 12.0.1.12430  FPDFE-220729, QFPDFE1201  Fixes 2 Vulnerabilities: CVE-2022-26979, CVE-2022-27944  Apache Tomcat 10.0.23.0  TOMCAT10-220726, QTOMCAT100230  Fixes 1 Vulnerability: CVE-2022-34305  Apache Tomcat 9.0.65.0  TOMCAT9-220721, QTOMCAT90650  Fixes 1 Vulnerability: CVE-2022-34305
  • 45. Q & A
  • 46. Copyright © 2022 Ivanti. All rights reserved. Thank You!