SlideShare a Scribd company logo

2022 October Patch Tuesday

Download as PPTX, PDF
Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Technology
1 of 42
Patch Tuesday Webinar Wednesday, October 12, 2022 Hosted by Chris Goettl and Todd Schell
Agenda October 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2022 Ivanti. All rights reserved. October Patch Tuesday 2022 October is Cybersecurity Awareness month. In this month’s blog we will be sharing not only the details of the Patch Tuesday release, but also some great cybersecurity tips! Check out the blog to find more details on Microsoft's Zero-day fix, Adobe's security updates and EoL announcement, as well as details on the upcoming Oracle CPU and what that will mean later this month.
In the News
Copyright © 2022 Ivanti. All rights reserved. In the News  Exchange (ProxyNotShell) Zero-Day Vulnerabilities still unpatched  https://www.darkreading.com/vulnerabilities-threats/microsoft-zero-days-exchange-server- exploit-chain-remains-unpatched  https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to- deploy-lockbit-ransomware/  https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day- vulnerabilities-in-microsoft-exchange-server  Fortinet Zero-Day vulnerability exploited in attack  https://www.securityweek.com/fortinet-confirms-zero-day-vulnerability-exploited-one-attack  Oracle Critical Patch Updates (CPU)  18 October  https://www.oracle.com/security-alerts/
Copyright © 2022 Ivanti. All rights reserved. Exchange Zero-Day Details:  CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability  CVSS 3.1 Scores:  Severity: Not yet rated  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  CVE-2022-41082 Microsoft Exchange Server Remote Code Execution Vulnerability  CVSS 3.1 Scores:  Severity: Not yet rated  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  Subject to the ProxyNotShell attack  Mitigation published  https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in- microsoft-exchange-server/  Microsoft is working on a resolution
Copyright © 2022 Ivanti. All rights reserved. Known Exploited Vulnerability  CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts all Windows workstation and server operating systems  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability  CVSS 3.1 Scores: 6.5 / 5.7  Severity: Important  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  Re-issue from August 2022  CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability  CVSS 3.1 Scores: 3.3 / 2.9  Severity: Important  Office 2019 for Mac and Office LTSC for Mac 2021
Copyright © 2022 Ivanti. All rights reserved. Adobe Acrobat and Reader 2017 Classic EoL:  End of Support for Adobe Acrobat 2017 Classic and Acrobat Reader 2017 Classic  https://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-2017-reader-2017.html  Adobe Recommendation: Adobe strongly recommends that you update to the latest versions of Adobe Acrobat and Acrobat Reader. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures.  Risk of EoL software:  https://www.cisostreet.com/end-of-life-software-risks-dangers-and-what-to-do-next/  Operational risk and business interruption  Security risks  Compliance Risk
Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Windows 8.1/Server 2012 R2  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure Arc-enabled Kubernetes (multiple)  Azure Stack Edge  Azure StorSimple 8000 Series  Jupyter Extension for VS Code  Visual Studio 2019 (multiple)  Visual Studio 2022 (multiple)  Visual Studio Code Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Basic Authentication Deprecation in Exchange Online  Service was disabled October 1  https://techcommunity.microsoft.com/t5/exchange-team- blog/basic-authentication-deprecation-in-exchange-online- september/ba-p/3609437  First announcement 3 years ago  Basic authentication subject to man-in-the-middle attacks  3-month waiver for single service available from Microsoft  Fully disabled in January 2023
Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023 22H2 9/20/2022 10/8/2024  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2022 Ivanti. All rights reserved. APSB22-46: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 2 Critical and 4 Important vulnerabilities. See https://helpx.adobe.com/security/products/acrobat/apsb22-46.html for complete details.  Impact: Remote Code Execution, Denial of Service and Information Disclosure  Fixes 6 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
Copyright © 2022 Ivanti. All rights reserved. MS22-10-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium  Description: This bulletin references KB 5018418 (21H2) and KB 5018427 (22H2).  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 66 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 11  KB 5018418 – Windows 11 version 21H2  [File Copy Fail] After installing this update, file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in User Configuration > Preferences > Windows Settings in Group Policy Editor. Workaround: See KB for multiple mitigations. Microsoft is working on a resolution.  KB 5018427 – Windows 11 version 22H2  [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution.  [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools that do not use cache manager (buffered I/O). See KB for multiple mitigations. Microsoft is working on a resolution.
Copyright © 2022 Ivanti. All rights reserved. MS22-10-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022 and Edge Chromium  Description: This bulletin references 5 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 67 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 10  KB 5018419 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 10 (cont)  KB 5017308 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 all editions, Windows 10, version 21H2 all editions  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. Or install Microsoft Edge if you have encountered affected media. See KB for details.  [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5017358 (released September 13, 2022). Bulletin is based on KB 5018450.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5018446.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR7-ESU: Monthly Rollup for Win 7 MS22-10-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5017361 (released September 13, 2022). Bulletin is based on KB 5018454.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO7-ESU: Security-only Update for Win 7 MS22-10-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5018479.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5017370 (released September 13, 2022). Bulletin is based on KB 5018457.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 49 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5018478.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 49 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5017367 (released September 13, 2022). Bulletin is based on KB 5018474.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 50 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5018476.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 50 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
Copyright © 2022 Ivanti. All rights reserved. MS22-10-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Office 2013 and 2016, Office 2019 for Mac, and Office 2021 LTSC for Mac  Description: This security update resolves Microsoft Office remote code execution and information disclosure vulnerabilities. Consult the Security Update Guide for specific details on each. This bulletin references 3 KB articles and release notes.  Impact: Remote Code Execution and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2022-41043 is publicly disclosed. CVE-2022-38048 and CVE-2022-41031 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-10-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Spoofing  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-38001, CVE-2022-38048, CVE-2022-38049 and CVE-2022- 41031 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2022 Ivanti. All rights reserved. MS22-10-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: This security update resolves a series of 4 Microsoft SharePoint Server remote code execution vulnerabilities. There are multiple non-security issues resolved as well. Check KB for each version for details. This bulletin is based on 6 KB articles.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-38053, CVE-2022-41036, CVE-2022-41037, and CVE-2022- 41038 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
Copyright © 2022 Ivanti. All rights reserved. October Known Issues for SharePoint Server  SharePoint Server – Check specific KBs for details  [Workflow] This update might affect some SharePoint 2010 workflow scenarios. It also generates "6ksbk" event tags in SharePoint Unified Logging System (ULS) logs. For more information, see SharePoint 2010 workflows might be blocked by enhanced security policy (KB 5020238).
Copyright © 2022 Ivanti. All rights reserved. MS22-10-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.  Description: This security update fixes vulnerabilities as well as some non- security issues in Microsoft Exchange. This bulletin is based on KB 5019076 and KB 5019077.  Impact: Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: CVE-2022-30134 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
Between Patch Tuesdays
Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Firefox (1), Firefox ESR (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), SeaMonkey (1), Thunderbird (1)  Security (w/o CVEs): Audacity (2), CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Dropbox (3), Evernote (2), Firefox (2), FileZilla Client (1), GoodSync (3), GIT for Windows (1), LibreOffice (1), LogMeIn (1), Node.JS (Current) (1), Notepad++ (1), Opera (2), Plex Media Server (1), Royal TS (2), Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (6), Tableau Prep Builder (1)Tableau Reader (1)Thunderbird (2), TortoiseSVN (2), WinSCP (1), Zoom Client (1), Zoom VDI (1)  Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Bandicut (2), Box Sync (1), Camtasia (2), Google Drive File Stream (2), GeoGebra Classic (1), BlueJeans (1), PDF-Xchange PRO (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (2), RealVNC Server (1), ScreenPresso (2), TreeSize Free (2), RealVNC Viewer (1)
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 106.0.5249.62  CHROME-220927, QGC1060524962  Fixes 16 Vulnerabilities: CVE-2022-3201, CVE-2022-3304, CVE-2022-3305, CVE- 2022-3306, CVE-2022-3307, CVE-2022-3308, CVE-2022-3309, CVE-2022-3310, CVE-2022-3311, CVE-2022-3312, CVE-2022-3313, CVE-2022-3314, CVE-2022- 3315, CVE-2022-3316, CVE-2022-3317, CVE-2022-3318  Google Chrome 105.0.5195.91  CHROME-220930, QGC1050519591  Fixes 2 Vulnerabilities: CVE-2022-3370, CVE-2022-3373  Firefox 105.0  FF-220920, QFF1050  Fixes 6 Vulnerabilities: CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE- 2022-40959, CVE-2022-40960, CVE-2022-40962
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox ESR 102.3.0  FFE-220920, QFFE10230  Fixes 6 Vulnerabilities: CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022- 40959, CVE-2022-40960, CVE-2022-40962  SeaMonkey 2.53.14  SM-220929, QSM25314  Fixes 10 Vulnerabilities: CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019- 11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE- 2019-11730, CVE-2019-9811  Thunderbird 102.3.1  TB-220929, QTB10231  Fixes 4 Vulnerabilities: CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022- 39251
Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 18.9.1 (Current)  NOJSC-220926, QNODEJSC1891  Fixes 6 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-32215, CVE-2022- 32222, CVE-2022-35255, CVE-2022-35256  Node.JS 14.20.1 (LTS Lower)  NOJSLL-220926, QNODEJSLL14201  Fixes 3 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-35256  Node.JS 16.17.1 (LTS Upper)  NOJSLU-220926, QNODEJSLU16171  Fixes 4 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-35255, CVE-2022- 35256
Q & A
Copyright © 2022 Ivanti. All rights reserved. Thank You!

Recommended

2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
Ivanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
Ivanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch Tuesday
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 

Recommended

2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
2022 November Patch Tuesday
2022 November Patch Tuesday2022 November Patch Tuesday
2022 November Patch Tuesday
Ivanti
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
Ivanti
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch Tuesday
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
Ivanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能![SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
TAKUYA OHTA
 
Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)
Emi Morishita
 
M04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイドM04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイド
日本マイクロソフト株式会社
 
V sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについてV sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについて
Satoshi Imai
 
祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について
Tomotaka Suzuki(御成門プログラマー)
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesAndrew McDaniel
 
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
TAKUYA OHTA
 
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
Saki Homma
 
プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編
Yurika Kakiuchi
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 

More Related Content

What's hot

2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
Ivanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能![SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
TAKUYA OHTA
 
Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)
Emi Morishita
 
M04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイドM04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイド
日本マイクロソフト株式会社
 
V sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについてV sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについて
Satoshi Imai
 
祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について
Tomotaka Suzuki(御成門プログラマー)
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesAndrew McDaniel
 
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
TAKUYA OHTA
 
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
Saki Homma
 
プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編
Yurika Kakiuchi
 

What's hot (20)

2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能![SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
 
Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)Windows Virtual Desktop 構築手順書(202001)
Windows Virtual Desktop 構築手順書(202001)
 
M04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイドM04_失敗しないための Azure Virtual Desktop 設計ガイド
M04_失敗しないための Azure Virtual Desktop 設計ガイド
 
V sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについてV sphere 7 update 3 へのアップグレードについて
V sphere 7 update 3 へのアップグレードについて
 
祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について祝GA!! Azure Communication Services のメール送信機能について
祝GA!! Azure Communication Services のメール送信機能について
 
Dell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready NodesDell VMware Virtual SAN Ready Nodes
Dell VMware Virtual SAN Ready Nodes
 
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
IT エンジニアのための 流し読み Windows 10 - 入門!Windows Server Update Services (WSUS)
 
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
はじめてのAzure Web App for Containers! -コンテナの基礎から DevOps 環境の構築まで-
 
プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編プラットフォームセキュリティin Windows ブートタイム保護 概要編
プラットフォームセキュリティin Windows ブートタイム保護 概要編
 

Similar to 2022 October Patch Tuesday

2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
Ivanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
Ivanti
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
Ivanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
Ivanti
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
Ivanti
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
Ivanti
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
Ivanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
Ivanti
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 

Similar to 2022 October Patch Tuesday (20)

2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
Analyse Patch Tuesday - juin
Analyse Patch Tuesday - juinAnalyse Patch Tuesday - juin
Analyse Patch Tuesday - juin
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
2022 July Patch Tuesday
2022 July Patch Tuesday2022 July Patch Tuesday
2022 July Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2021 September Patch Tuesday
2021 September Patch Tuesday2021 September Patch Tuesday
2021 September Patch Tuesday
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
 
2021 July Patch Tuesday
2021 July Patch Tuesday2021 July Patch Tuesday
2021 July Patch Tuesday
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 
March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
 

More from Ivanti

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
Ivanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
Ivanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 

Recently uploaded

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 

Recently uploaded (20)

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 

2022 October Patch Tuesday

  • 1. Patch Tuesday Webinar Wednesday, October 12, 2022 Hosted by Chris Goettl and Todd Schell
  • 2. Agenda October 2022 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2022 Ivanti. All rights reserved. October Patch Tuesday 2022 October is Cybersecurity Awareness month. In this month’s blog we will be sharing not only the details of the Patch Tuesday release, but also some great cybersecurity tips! Check out the blog to find more details on Microsoft's Zero-day fix, Adobe's security updates and EoL announcement, as well as details on the upcoming Oracle CPU and what that will mean later this month.
  • 6. Copyright © 2022 Ivanti. All rights reserved. In the News  Exchange (ProxyNotShell) Zero-Day Vulnerabilities still unpatched  https://www.darkreading.com/vulnerabilities-threats/microsoft-zero-days-exchange-server- exploit-chain-remains-unpatched  https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to- deploy-lockbit-ransomware/  https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day- vulnerabilities-in-microsoft-exchange-server  Fortinet Zero-Day vulnerability exploited in attack  https://www.securityweek.com/fortinet-confirms-zero-day-vulnerability-exploited-one-attack  Oracle Critical Patch Updates (CPU)  18 October  https://www.oracle.com/security-alerts/
  • 7. Copyright © 2022 Ivanti. All rights reserved. Exchange Zero-Day Details:  CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability  CVSS 3.1 Scores:  Severity: Not yet rated  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  CVE-2022-41082 Microsoft Exchange Server Remote Code Execution Vulnerability  CVSS 3.1 Scores:  Severity: Not yet rated  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  Subject to the ProxyNotShell attack  Mitigation published  https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in- microsoft-exchange-server/  Microsoft is working on a resolution
  • 8. Copyright © 2022 Ivanti. All rights reserved. Known Exploited Vulnerability  CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability  CVSS 3.1 Scores: 7.8 / 6.8  Severity: Important  Impacts all Windows workstation and server operating systems  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
  • 9. Copyright © 2022 Ivanti. All rights reserved. Publicly Disclosed Vulnerabilities  CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability  CVSS 3.1 Scores: 6.5 / 5.7  Severity: Important  Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12  Re-issue from August 2022  CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability  CVSS 3.1 Scores: 3.3 / 2.9  Severity: Important  Office 2019 for Mac and Office LTSC for Mac 2021
  • 10. Copyright © 2022 Ivanti. All rights reserved. Adobe Acrobat and Reader 2017 Classic EoL:  End of Support for Adobe Acrobat 2017 Classic and Acrobat Reader 2017 Classic  https://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-2017-reader-2017.html  Adobe Recommendation: Adobe strongly recommends that you update to the latest versions of Adobe Acrobat and Acrobat Reader. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures.  Risk of EoL software:  https://www.cisostreet.com/end-of-life-software-risks-dangers-and-what-to-do-next/  Operational risk and business interruption  Security risks  Compliance Risk
  • 11. Copyright © 2022 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Windows 8.1/Server 2012 R2  Azure and Development Tool Updates  .NET Core 3.1  .NET 6.0  Azure Arc-enabled Kubernetes (multiple)  Azure Stack Edge  Azure StorSimple 8000 Series  Jupyter Extension for VS Code  Visual Studio 2019 (multiple)  Visual Studio 2022 (multiple)  Visual Studio Code Source: Microsoft
  • 12. Copyright © 2022 Ivanti. All rights reserved. Basic Authentication Deprecation in Exchange Online  Service was disabled October 1  https://techcommunity.microsoft.com/t5/exchange-team- blog/basic-authentication-deprecation-in-exchange-online- september/ba-p/3609437  First announcement 3 years ago  Basic authentication subject to man-in-the-middle attacks  3-month waiver for single service available from Microsoft  Fully disabled in January 2023
  • 13. Copyright © 2022 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 14. Copyright © 2022 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 21H2 11/16/2021 6/11/2024 21H1 5/18/2021 12/13/2022 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 21H2 11/16/2021 6/13/2023 21H1 5/18/2021 12/13/2022 Windows Datacenter and Standard Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 21H2 10/4/2021 10/10/2023 22H2 9/20/2022 10/8/2024  Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 15. Copyright © 2022 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 17. Copyright © 2022 Ivanti. All rights reserved. APSB22-46: Security Update for Adobe Acrobat and Reader  Maximum Severity: Critical  Affected Products: Adobe Acrobat and Reader (all current versions)  Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address 2 Critical and 4 Important vulnerabilities. See https://helpx.adobe.com/security/products/acrobat/apsb22-46.html for complete details.  Impact: Remote Code Execution, Denial of Service and Information Disclosure  Fixes 6 Vulnerabilities: See link to Adobe bulletin  Restart Required: Requires application restart
  • 18. Copyright © 2022 Ivanti. All rights reserved. MS22-10-W11: Windows 11 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium  Description: This bulletin references KB 5018418 (21H2) and KB 5018427 (22H2).  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 66 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
  • 19. Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 11  KB 5018418 – Windows 11 version 21H2  [File Copy Fail] After installing this update, file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in User Configuration > Preferences > Windows Settings in Group Policy Editor. Workaround: See KB for multiple mitigations. Microsoft is working on a resolution.  KB 5018427 – Windows 11 version 22H2  [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution.  [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools that do not use cache manager (buffered I/O). See KB for multiple mitigations. Microsoft is working on a resolution.
  • 20. Copyright © 2022 Ivanti. All rights reserved. MS22-10-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022 and Edge Chromium  Description: This bulletin references 5 KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 67 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slide
  • 21. Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 10  KB 5018419 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019  [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  • 22. Copyright © 2022 Ivanti. All rights reserved. October Known Issues for Windows 10 (cont)  KB 5017308 –Windows 10 version 20H2, Windows Server version 20H2, Windows 10 version 21H1 all editions, Windows 10, version 21H2 all editions  [Edge Removed] Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. Devices that connect directly to Windows Update to receive updates are not affected. Workaround: Slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. Or install Microsoft Edge if you have encountered affected media. See KB for details.  [File Copy Fail]
  • 23. Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This cumulative security update contains improvements that are part of update KB 5017358 (released September 13, 2022). Bulletin is based on KB 5018450.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 24. Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 5018446.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 37 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 25. Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR7-ESU: Monthly Rollup for Win 7 MS22-10-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11  Description: This cumulative security update contains improvements that are part of update KB 5017361 (released September 13, 2022). Bulletin is based on KB 5018454.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 26. Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO7-ESU: Security-only Update for Win 7 MS22-10-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 5018479.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 44 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 27. Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR8: Monthly Rollup for Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012 and IE  Description: This cumulative security update contains improvements that are part of update KB 5017370 (released September 13, 2022). Bulletin is based on KB 5018457.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 49 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 28. Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Critical  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 5018478.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 49 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail]
  • 29. Copyright © 2022 Ivanti. All rights reserved. MS22-10-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This cumulative security update includes improvements that are part of update KB 5017367 (released September 13, 2022). Bulletin is based on KB 5018474.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 50 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 30. Copyright © 2022 Ivanti. All rights reserved. MS22-10-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Critical  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 5018476.  Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 50 Vulnerabilities: CVE-2022-41033 is known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Copy Fail] NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.
  • 31. Copyright © 2022 Ivanti. All rights reserved. MS22-10-OFF: Security Updates for Microsoft Office  Maximum Severity: Critical  Affected Products: Office 2013 and 2016, Office 2019 for Mac, and Office 2021 LTSC for Mac  Description: This security update resolves Microsoft Office remote code execution and information disclosure vulnerabilities. Consult the Security Update Guide for specific details on each. This bulletin references 3 KB articles and release notes.  Impact: Remote Code Execution and Information Disclosure  Fixes 3 Vulnerabilities: CVE-2022-41043 is publicly disclosed. CVE-2022-38048 and CVE-2022-41031 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 32. Copyright © 2022 Ivanti. All rights reserved. MS22-10-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Maximum Severity: Critical  Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021  Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution and Spoofing  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-38001, CVE-2022-38048, CVE-2022-38049 and CVE-2022- 41031 are fixed in this release.  Restart Required: Requires application restart  Known Issues: None reported
  • 33. Copyright © 2022 Ivanti. All rights reserved. MS22-10-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019  Description: This security update resolves a series of 4 Microsoft SharePoint Server remote code execution vulnerabilities. There are multiple non-security issues resolved as well. Check KB for each version for details. This bulletin is based on 6 KB articles.  Impact: Remote Code Execution  Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. CVE-2022-38053, CVE-2022-41036, CVE-2022-41037, and CVE-2022- 41038 are fixed in this release.  Restart Required: Requires restart  Known Issues: See next slide
  • 34. Copyright © 2022 Ivanti. All rights reserved. October Known Issues for SharePoint Server  SharePoint Server – Check specific KBs for details  [Workflow] This update might affect some SharePoint 2010 workflow scenarios. It also generates "6ksbk" event tags in SharePoint Unified Logging System (ULS) logs. For more information, see SharePoint 2010 workflows might be blocked by enhanced security policy (KB 5020238).
  • 35. Copyright © 2022 Ivanti. All rights reserved. MS22-10-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 CU23, Exchange Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.  Description: This security update fixes vulnerabilities as well as some non- security issues in Microsoft Exchange. This bulletin is based on KB 5019076 and KB 5019077.  Impact: Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: CVE-2022-30134 is publicly disclosed. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: None reported
  • 37. Copyright © 2022 Ivanti. All rights reserved. Release Summary  Security Updates (with CVEs): Google Chrome (2), Firefox (1), Firefox ESR (1), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), SeaMonkey (1), Thunderbird (1)  Security (w/o CVEs): Audacity (2), CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Dropbox (3), Evernote (2), Firefox (2), FileZilla Client (1), GoodSync (3), GIT for Windows (1), LibreOffice (1), LogMeIn (1), Node.JS (Current) (1), Notepad++ (1), Opera (2), Plex Media Server (1), Royal TS (2), Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (6), Tableau Prep Builder (1)Tableau Reader (1)Thunderbird (2), TortoiseSVN (2), WinSCP (1), Zoom Client (1), Zoom VDI (1)  Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Bandicut (2), Box Sync (1), Camtasia (2), Google Drive File Stream (2), GeoGebra Classic (1), BlueJeans (1), PDF-Xchange PRO (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (2), RealVNC Server (1), ScreenPresso (2), TreeSize Free (2), RealVNC Viewer (1)
  • 38. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information  Google Chrome 106.0.5249.62  CHROME-220927, QGC1060524962  Fixes 16 Vulnerabilities: CVE-2022-3201, CVE-2022-3304, CVE-2022-3305, CVE- 2022-3306, CVE-2022-3307, CVE-2022-3308, CVE-2022-3309, CVE-2022-3310, CVE-2022-3311, CVE-2022-3312, CVE-2022-3313, CVE-2022-3314, CVE-2022- 3315, CVE-2022-3316, CVE-2022-3317, CVE-2022-3318  Google Chrome 105.0.5195.91  CHROME-220930, QGC1050519591  Fixes 2 Vulnerabilities: CVE-2022-3370, CVE-2022-3373  Firefox 105.0  FF-220920, QFF1050  Fixes 6 Vulnerabilities: CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE- 2022-40959, CVE-2022-40960, CVE-2022-40962
  • 39. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Firefox ESR 102.3.0  FFE-220920, QFFE10230  Fixes 6 Vulnerabilities: CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022- 40959, CVE-2022-40960, CVE-2022-40962  SeaMonkey 2.53.14  SM-220929, QSM25314  Fixes 10 Vulnerabilities: CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019- 11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE- 2019-11730, CVE-2019-9811  Thunderbird 102.3.1  TB-220929, QTB10231  Fixes 4 Vulnerabilities: CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022- 39251
  • 40. Copyright © 2022 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 18.9.1 (Current)  NOJSC-220926, QNODEJSC1891  Fixes 6 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-32215, CVE-2022- 32222, CVE-2022-35255, CVE-2022-35256  Node.JS 14.20.1 (LTS Lower)  NOJSLL-220926, QNODEJSLL14201  Fixes 3 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-35256  Node.JS 16.17.1 (LTS Upper)  NOJSLU-220926, QNODEJSLU16171  Fixes 4 Vulnerabilities: CVE-2022-32212, CVE-2022-32213, CVE-2022-35255, CVE-2022- 35256
  • 41. Q & A
  • 42. Copyright © 2022 Ivanti. All rights reserved. Thank You!