SlideShare a Scribd company logo

2023 Mars Patch Tuesday

Ivanti
Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, there we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Technology
1 of 39
Download to read offline
Patch Tuesday Webinar jeudi, 15 mars 2023 Présenté par Lauriane Mounier et Olivier Frelastre
Agenda March 2023 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
Overview
Copyright © 2023 Ivanti. All rights reserved. March Patch Tuesday 2023 Microsoft has resolved 80 new CVEs this month including two confirmed zero-day exploits that impact Microsoft Office and Windows Smart Screen. Both exploits are user targeted. Mozilla has also released updates for Firefox and Firefox ESR resolving 13 unique CVEs. Priorities for this month are Microsoft Office and 365 Apps, and the Windows OS.
In the News
Copyright © 2023 Ivanti. All rights reserved. In the News § Silicon Valley Bank collapse poses challenge for cybersecurity defenders, firms § https://www.washingtonpost.com/politics/2023/03/15/silicon-valley-bank-collapse-poses-challenge-cybersecurity-defenders-firms/ § More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm § https://www.infosecurity-magazine.com/news/uk-crypto-firm-loses-200m/ § https://cointelegraph.com/news/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm § ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection Filters § https://cybersecuritynews.com/chatgpt-powered-polymorphic-malware/ § Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day § https://www.securityweek.com/adobe-warns-of-very-limited-attacks-exploiting-coldfusion-zero-day/ § Fortinet: New FortiOS bug used as zero-day to attack govt networks § https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/
Copyright © 2023 Ivanti. All rights reserved. In the News § Windows 11 Moment 2 Features Update § https://blogs.windows.com/windowsexperience/2023/02/28/introducing-a-big- update-to-windows-11-making-the-everyday-easier-including-bringing-the-new-ai- powered-bing-to-the-taskbar/ § New Search Box and AI-Powered Bing § Phone Link for iOS § Enhanced touch screen experience § Major upgrades to Notepad § No reported security changes § Included in the March cumulative update § How to block Moment features: https://oofhours.com/2023/03/02/want-to-block- windows-11-moments-that-add-new-features/
Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 5.4 / 5.0 § Severity: Moderate § Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022 § Per Microsoft - “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability § CVE-2023-23397 Windows Outlook Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 9.8 / 9.1 § Severity: Critical § Outlook 2013 & 2016, Office 2016, 2019 & LTSC 2022, Office 365 Apps § Per Microsoft - “An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.”
Copyright © 2023 Ivanti. All rights reserved. Known Publicly Disclosed Vulnerability § CVE-2022-43552 Open-Source Curl Remote Code Execution Vulnerability § CVSS 3.1 Scores: 5.9 / 5.9 § Severity: Important § Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022 § Per NIST - “A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.”
Copyright © 2023 Ivanti. All rights reserved. Reissued Microsoft Exchange Update § Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB 5024296) § CVE-2023-21707 Microsoft Exchange Server Remote Code Execution Vulnerability § Per Microsoft - “We are re-releasing this CVE to inform customers that there are new updates to install for this vulnerability. A small subset of customers were experiencing problems with Exchange Web Services due to the updates that were released in February. The new updates address these problems. Customers who are experiencing issues with the February updates are encouraged to install the March Exchange Server updates listed in the Security Updates table.”
Copyright © 2023 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest § Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 § Windows Server 2012/2012 R2, Windows 10, and Windows 10 Version 1607/Server 2016 § Azure and Development Tool Updates § Azure HDInsights § Azure Service Fabric 9.1 § Visual Studio 2017 (multiple) § Visual Studio 2019 (multiple) § Visual Studio 2022 (multiple) Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
Copyright © 2023 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 5/13/2025 21H2 11/16/2021 6/11/2024 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 5/14/2024 21H2 11/16/2021 6/13/2023 Windows Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 22H2 9/20/2022 10/8/2024 21H2 10/4/2021 10/10/2023 § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2023 Ivanti. All rights reserved. Patch Content Announcements § Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s)
Bulletins and Releases
Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-09: Security Update Firefox 111 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox § Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on multiple platforms. § Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure § Fixes 13 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/ for complete details. § Restart Required: Requires application restart § Known Issues: None
Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-10: Security Update Firefox ESR 102.9 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox ESR § Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR browser on multiple platforms. § Impact: Remote Code Execution, Denial of Service, Spoofing and Information Disclosure § Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/ for complete details. § Restart Required: Requires application restart § Known Issues: None
Copyright © 2023 Ivanti. All rights reserved. MS23-03-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium § Description: This bulletin references KB 5023698 (21H2) and KB 5023706 (22H2). § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 53 Vulnerabilities: CVE-2023-24880 is known exploited and publicly disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 11 § KB 5023706 – Windows 11 version 22H2 § [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution. § [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools that do not use cache manager (buffered I/O). See KB for multiple mitigations. Microsoft is working on a resolution. § [Missing UUP] Updates released February 14, 2023 or later might download to WSUS but not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded and are missing the Unified Update Platform (UUP) MIME types Microsoft Configuration Manager is not affected by this issue. Workaround: See KB on how to add the UUP file types to the WSUS systems. Microsoft is working on a resolution.
Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 11 (cont) § KB 5023706 – Windows 11 version 22H2 (cont) § [App Fail] Windows devices with some third-party UI customization apps might not start up. These third-party apps might cause errors with explorer.exe that might repeat multiple times in a loop. The known affected third-party UI customization apps are ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI customization app before installing this or later updates. Microsoft is investigating and will provide more info in the future.
Copyright © 2023 Ivanti. All rights reserved. MS23-03-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 6 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 54 Vulnerabilities: CVE-2023-24880 is known exploited and publicly disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 10 § KB 5023702 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont) § KB 5023705 – Windows Server 2022 § [Missing UUP] § [ESXi Fail] After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
Copyright © 2023 Ivanti. All rights reserved. MS23-03-MR8: Monthly Rollup for Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 and IE § Description: This cumulative security update contains improvements that are part of update KB 5022903 (released February 14, 2023). This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023756. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Server 2012 § KB 5023756 – Windows Server 2012 (Monthly Rollup) § [Domain Join] After this update or a later Windows update is installed, domain join operations might be unsuccessful and error "0xaac (2732): NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An account with the same name exists in Active Directory. Re-using the account was blocked by security policy" might be displayed. Workaround: Microsoft has added guidance to KB 5020276 and recommends upgrading to a later version of Windows as this nears EOS. § KB 5023752 – Windows Server 2012 (Security-only Update) § [Domain Join]
Copyright © 2023 Ivanti. All rights reserved. MS23-03-SO8: Security-only Update for Windows Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 § Description: This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023752. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: [Domain Join]
Copyright © 2023 Ivanti. All rights reserved. MS23-03-MR81: Monthly Rollup for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 and IE § Description: This cumulative security update contains improvements that are part of update KB 5022899 (released February 14, 2023). This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023765. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved. MS23-03-SO81: Security-only for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 § Description: This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023764. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
Copyright © 2023 Ivanti. All rights reserved. MS23-03-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Maximum Severity: Critical § Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Spoofing, Elevation of Privilege § Fixes 3 Vulnerabilities: CVE-2023-23397, CVE-2023-23398, and CVE-2023- 23399. CVE-2023-23397 is known exploited. § Restart Required: Requires application restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-03-OFF: Security Updates for Microsoft Office § Maximum Severity: Critical § Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office LTSC 2021 for Mac, Office for Android and Universal, Office Online Server and Office Web Apps Server § Description: This security update resolves multiple security issues in Microsoft Excel, Outlook, and the Office suite. This bulletin references 8 KB articles, and release notes for the Mac and Android updates. § Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2023-23391, CVE-2023-23396, CVE-2023-23397, CVE-2023-23398, CVE-2023-23399, and CVE-2023-24910. CVE-2023-23397 is known exploited. § Restart Required: Requires application restart § Known Issues: None reported
Copyright © 2023 Ivanti. All rights reserved. MS23-03-SPT: Security Updates for SharePoint Server § Maximum Severity: Important § Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This update corrects an issue where an attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. This bulletin is based on 6 KB articles. § Impact: Spoofing § Fixes 1 Vulnerability: CVE-2023-23395 is not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
Between Patch Tuesdays
Copyright © 2023 Ivanti. All rights reserved. Windows Release Summary § Security Updates (with CVEs): Google Chrome (2), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1) § Security (w/o CVEs): Apache OpenOffice (1), Apache Tomcat (5), Docker for Windows (1), Dropbox (2), Evernote (1), Firefox (1), FileZilla Client (2), Foxit PDF Editor (1), Foxit PDF Reader (1), Foxit PDF Reader Enterprise (1), GoodSync (2), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3), Paint.net (1), Plex Media Server (2), PeaZip (1), Royal TS (1), Snagit (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (2), UltraVNC (1), Wireshark (2), WinRAR (1), Zoom Client (2), Zoom Outlook Plugin (1), Zoom Rooms Client (1) § Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Beyond Compare (1), Camtasia (1), Cisco WebEx Teams (1), Google Drive File Stream (1), BlueJeans (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), PSPad (1), TightVNC (1)
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information § Google Chrome 110.0.5481.178 § CHROME-230222, QGC11005481178 § Fixes 8 Vulnerabilities: CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE- 2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941 § Google Chrome 111.0.5563.65 § CHROME-230307, QGC1110556365 § Fixes 24 Vulnerabilities: CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE- 2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023- 1225, CVE-2023-1226, CVE-2023-1227, CVE-2023-1228, CVE-2023-1229, CVE- 2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236
Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Node.JS 19.6.1 (Current) § NOJSC-230221, QNODEJSC1961 § Fixes 3 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 § Node.JS 16.19.1 (LTS Lower) § NOJSLL-230221, QNODEJSLL16191 § Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023- 23936, CVE-2023-24807 § Node.JS 18.14.1 (LTS Upper) § NOJSLU-230221, QNODEJSLU18141 § Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023- 23936, CVE-2023-24807 § Node.JS 14.21.3 (Maintain) § NOJSM-230221, QNODEJSM14213 § Fixes 2 Vulnerabilities: CVE-2023-23918, CVE-2023-23920
Copyright © 2023 Ivanti. All rights reserved. Apple Release Summary § Non-Security Updates: aText (2), BBEdit (1), Dropbox (2), Firefox (1), LibreOffice (1), Microsoft Edge (3), Skype (1), Spotify (1), Visual Studio Code (2), Zoom Client for Mac (2)
Q & A
Copyright © 2023 Ivanti. All rights reserved. Thank You!

Recommended

2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
Ivanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
Ivanti
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de Noviembre
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 

Recommended

2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
Ivanti
 
2023 November Patch Tuesday
2023 November Patch Tuesday2023 November Patch Tuesday
2023 November Patch Tuesday
Ivanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
Ivanti
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de Noviembre
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août
Ivanti
 
2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto
Ivanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de Julio
Ivanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
Ivanti
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
Ivanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
Ivanti
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - Juillet
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
Ivanti
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
Ivanti
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
Ivanti
 

More Related Content

Similar to 2023 Mars Patch Tuesday

2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août
Ivanti
 
2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto
Ivanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de Julio
Ivanti
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
Ivanti
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
Ivanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
Ivanti
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - Juillet
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
Ivanti
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 

Similar to 2023 Mars Patch Tuesday (20)

2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août2023 Français Patch Tuesday – Août
2023 Français Patch Tuesday – Août
 
2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto2023 Patch Tuesday de Agosto
2023 Patch Tuesday de Agosto
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
Patch Tuesday de Julio
Patch Tuesday de JulioPatch Tuesday de Julio
Patch Tuesday de Julio
 
2023 avril Patch Tuesday
2023 avril Patch Tuesday2023 avril Patch Tuesday
2023 avril Patch Tuesday
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch Tuesday
 
Analyse Patch Tuesday - Juillet
Analyse Patch Tuesday - JuilletAnalyse Patch Tuesday - Juillet
Analyse Patch Tuesday - Juillet
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 

More from Ivanti

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
Ivanti
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
Ivanti
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
Ivanti
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 

More from Ivanti (20)

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 

Recently uploaded

Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 

Recently uploaded (20)

Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 

2023 Mars Patch Tuesday

  • 1. Patch Tuesday Webinar jeudi, 15 mars 2023 Présenté par Lauriane Mounier et Olivier Frelastre
  • 2. Agenda March 2023 Patch Tuesday Overview In the News Bulletins and Releases Between Patch Tuesdays Q & A
  • 4. Copyright © 2023 Ivanti. All rights reserved. March Patch Tuesday 2023 Microsoft has resolved 80 new CVEs this month including two confirmed zero-day exploits that impact Microsoft Office and Windows Smart Screen. Both exploits are user targeted. Mozilla has also released updates for Firefox and Firefox ESR resolving 13 unique CVEs. Priorities for this month are Microsoft Office and 365 Apps, and the Windows OS.
  • 6. Copyright © 2023 Ivanti. All rights reserved. In the News § Silicon Valley Bank collapse poses challenge for cybersecurity defenders, firms § https://www.washingtonpost.com/politics/2023/03/15/silicon-valley-bank-collapse-poses-challenge-cybersecurity-defenders-firms/ § More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm § https://www.infosecurity-magazine.com/news/uk-crypto-firm-loses-200m/ § https://cointelegraph.com/news/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm § ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection Filters § https://cybersecuritynews.com/chatgpt-powered-polymorphic-malware/ § Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day § https://www.securityweek.com/adobe-warns-of-very-limited-attacks-exploiting-coldfusion-zero-day/ § Fortinet: New FortiOS bug used as zero-day to attack govt networks § https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/
  • 7. Copyright © 2023 Ivanti. All rights reserved. In the News § Windows 11 Moment 2 Features Update § https://blogs.windows.com/windowsexperience/2023/02/28/introducing-a-big- update-to-windows-11-making-the-everyday-easier-including-bringing-the-new-ai- powered-bing-to-the-taskbar/ § New Search Box and AI-Powered Bing § Phone Link for iOS § Enhanced touch screen experience § Major upgrades to Notepad § No reported security changes § Included in the March cumulative update § How to block Moment features: https://oofhours.com/2023/03/02/want-to-block- windows-11-moments-that-add-new-features/
  • 8. Copyright © 2023 Ivanti. All rights reserved. Known Exploited and Publicly Disclosed Vulnerability § CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 5.4 / 5.0 § Severity: Moderate § Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022 § Per Microsoft - “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
  • 9. Copyright © 2023 Ivanti. All rights reserved. Known Exploited Vulnerability § CVE-2023-23397 Windows Outlook Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 9.8 / 9.1 § Severity: Critical § Outlook 2013 & 2016, Office 2016, 2019 & LTSC 2022, Office 365 Apps § Per Microsoft - “An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.”
  • 10. Copyright © 2023 Ivanti. All rights reserved. Known Publicly Disclosed Vulnerability § CVE-2022-43552 Open-Source Curl Remote Code Execution Vulnerability § CVSS 3.1 Scores: 5.9 / 5.9 § Severity: Important § Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022 § Per NIST - “A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.”
  • 11. Copyright © 2023 Ivanti. All rights reserved. Reissued Microsoft Exchange Update § Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB 5024296) § CVE-2023-21707 Microsoft Exchange Server Remote Code Execution Vulnerability § Per Microsoft - “We are re-releasing this CVE to inform customers that there are new updates to install for this vulnerability. A small subset of customers were experiencing problems with Exchange Web Services due to the updates that were released in February. The new updates address these problems. Customers who are experiencing issues with the February updates are encouraged to install the March Exchange Server updates listed in the Security Updates table.”
  • 12. Copyright © 2023 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest § Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001 § Windows Server 2012/2012 R2, Windows 10, and Windows 10 Version 1607/Server 2016 § Azure and Development Tool Updates § Azure HDInsights § Azure Service Fabric 9.1 § Visual Studio 2017 (multiple) § Visual Studio 2019 (multiple) § Visual Studio 2022 (multiple) Source: Microsoft
  • 13. Copyright © 2023 Ivanti. All rights reserved. Server 2012/2012 R2 EOL is Coming § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Source: Microsoft
  • 14. Copyright © 2023 Ivanti. All rights reserved. Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 5/13/2025 21H2 11/16/2021 6/11/2024 20H2 10/20/2020 5/9/2023 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 5/14/2024 21H2 11/16/2021 6/13/2023 Windows Server Version Release Date End of Support Date 2019 11/13/2019 1/9/2024 2022 8/18/2021 10/13/2026 Windows 11 Home and Pro Version Release Date End of Support Date 22H2 9/20/2022 10/8/2024 21H2 10/4/2021 10/10/2023 § Lifecycle Fact Sheet § https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 15. Copyright © 2023 Ivanti. All rights reserved. Patch Content Announcements § Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s)
  • 17. Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-09: Security Update Firefox 111 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox § Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on multiple platforms. § Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege and Information Disclosure § Fixes 13 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/ for complete details. § Restart Required: Requires application restart § Known Issues: None
  • 18. Copyright © 2023 Ivanti. All rights reserved. MFSA-2023-10: Security Update Firefox ESR 102.9 § Maximum Severity: Critical (High) § Affected Products: Security Update Firefox ESR § Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR browser on multiple platforms. § Impact: Remote Code Execution, Denial of Service, Spoofing and Information Disclosure § Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/ for complete details. § Restart Required: Requires application restart § Known Issues: None
  • 19. Copyright © 2023 Ivanti. All rights reserved. MS23-03-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge Chromium § Description: This bulletin references KB 5023698 (21H2) and KB 5023706 (22H2). § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 53 Vulnerabilities: CVE-2023-24880 is known exploited and publicly disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 20. Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 11 § KB 5023706 – Windows 11 version 22H2 § [Provision] Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working on a resolution. § [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools that do not use cache manager (buffered I/O). See KB for multiple mitigations. Microsoft is working on a resolution. § [Missing UUP] Updates released February 14, 2023 or later might download to WSUS but not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded and are missing the Unified Update Platform (UUP) MIME types Microsoft Configuration Manager is not affected by this issue. Workaround: See KB on how to add the UUP file types to the WSUS systems. Microsoft is working on a resolution.
  • 21. Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 11 (cont) § KB 5023706 – Windows 11 version 22H2 (cont) § [App Fail] Windows devices with some third-party UI customization apps might not start up. These third-party apps might cause errors with explorer.exe that might repeat multiple times in a loop. The known affected third-party UI customization apps are ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI customization app before installing this or later updates. Microsoft is investigating and will provide more info in the future.
  • 22. Copyright © 2023 Ivanti. All rights reserved. MS23-03-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 6 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 54 Vulnerabilities: CVE-2023-24880 is known exploited and publicly disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 23. Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 10 § KB 5023702 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found. Workaround: This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB 5003571.
  • 24. Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Windows 10 (cont) § KB 5023705 – Windows Server 2022 § [Missing UUP] § [ESXi Fail] After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
  • 25. Copyright © 2023 Ivanti. All rights reserved. MS23-03-MR8: Monthly Rollup for Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 and IE § Description: This cumulative security update contains improvements that are part of update KB 5022903 (released February 14, 2023). This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023756. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide
  • 26. Copyright © 2023 Ivanti. All rights reserved. March Known Issues for Server 2012 § KB 5023756 – Windows Server 2012 (Monthly Rollup) § [Domain Join] After this update or a later Windows update is installed, domain join operations might be unsuccessful and error "0xaac (2732): NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An account with the same name exists in Active Directory. Re-using the account was blocked by security policy" might be displayed. Workaround: Microsoft has added guidance to KB 5020276 and recommends upgrading to a later version of Windows as this nears EOS. § KB 5023752 – Windows Server 2012 (Security-only Update) § [Domain Join]
  • 27. Copyright © 2023 Ivanti. All rights reserved. MS23-03-SO8: Security-only Update for Windows Server 2012 § Maximum Severity: Critical § Affected Products: Microsoft Windows Server 2012 § Description: This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023752. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: [Domain Join]
  • 28. Copyright © 2023 Ivanti. All rights reserved. MS23-03-MR81: Monthly Rollup for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 and IE § Description: This cumulative security update contains improvements that are part of update KB 5022899 (released February 14, 2023). This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023765. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 29. Copyright © 2023 Ivanti. All rights reserved. MS23-03-SO81: Security-only for Server 2012 R2 § Maximum Severity: Critical § Affected Products: Server 2012 R2 § Description: This update implements the final phase of DCOM hardening as described in KB 5004442. This phase removes the ability to disable changes through the registry. Bulletin is based on KB 5023764. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported NOTE: Windows 8.1 reached EOS on January 10, 2023.
  • 30. Copyright © 2023 Ivanti. All rights reserved. MS23-03-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Maximum Severity: Critical § Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Spoofing, Elevation of Privilege § Fixes 3 Vulnerabilities: CVE-2023-23397, CVE-2023-23398, and CVE-2023- 23399. CVE-2023-23397 is known exploited. § Restart Required: Requires application restart § Known Issues: None reported
  • 31. Copyright © 2023 Ivanti. All rights reserved. MS23-03-OFF: Security Updates for Microsoft Office § Maximum Severity: Critical § Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office LTSC 2021 for Mac, Office for Android and Universal, Office Online Server and Office Web Apps Server § Description: This security update resolves multiple security issues in Microsoft Excel, Outlook, and the Office suite. This bulletin references 8 KB articles, and release notes for the Mac and Android updates. § Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2023-23391, CVE-2023-23396, CVE-2023-23397, CVE-2023-23398, CVE-2023-23399, and CVE-2023-24910. CVE-2023-23397 is known exploited. § Restart Required: Requires application restart § Known Issues: None reported
  • 32. Copyright © 2023 Ivanti. All rights reserved. MS23-03-SPT: Security Updates for SharePoint Server § Maximum Severity: Important § Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This update corrects an issue where an attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. This bulletin is based on 6 KB articles. § Impact: Spoofing § Fixes 1 Vulnerability: CVE-2023-23395 is not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: None reported
  • 34. Copyright © 2023 Ivanti. All rights reserved. Windows Release Summary § Security Updates (with CVEs): Google Chrome (2), Node.JS (Current) (1), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1) § Security (w/o CVEs): Apache OpenOffice (1), Apache Tomcat (5), Docker for Windows (1), Dropbox (2), Evernote (1), Firefox (1), FileZilla Client (2), Foxit PDF Editor (1), Foxit PDF Reader (1), Foxit PDF Reader Enterprise (1), GoodSync (2), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3), Paint.net (1), Plex Media Server (2), PeaZip (1), Royal TS (1), Snagit (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (2), UltraVNC (1), Wireshark (2), WinRAR (1), Zoom Client (2), Zoom Outlook Plugin (1), Zoom Rooms Client (1) § Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Beyond Compare (1), Camtasia (1), Cisco WebEx Teams (1), Google Drive File Stream (1), BlueJeans (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), PSPad (1), TightVNC (1)
  • 35. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information § Google Chrome 110.0.5481.178 § CHROME-230222, QGC11005481178 § Fixes 8 Vulnerabilities: CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE- 2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941 § Google Chrome 111.0.5563.65 § CHROME-230307, QGC1110556365 § Fixes 24 Vulnerabilities: CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE- 2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023- 1225, CVE-2023-1226, CVE-2023-1227, CVE-2023-1228, CVE-2023-1229, CVE- 2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236
  • 36. Copyright © 2023 Ivanti. All rights reserved. Windows Third Party CVE Information (cont) § Node.JS 19.6.1 (Current) § NOJSC-230221, QNODEJSC1961 § Fixes 3 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 § Node.JS 16.19.1 (LTS Lower) § NOJSLL-230221, QNODEJSLL16191 § Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023- 23936, CVE-2023-24807 § Node.JS 18.14.1 (LTS Upper) § NOJSLU-230221, QNODEJSLU18141 § Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023- 23936, CVE-2023-24807 § Node.JS 14.21.3 (Maintain) § NOJSM-230221, QNODEJSM14213 § Fixes 2 Vulnerabilities: CVE-2023-23918, CVE-2023-23920
  • 37. Copyright © 2023 Ivanti. All rights reserved. Apple Release Summary § Non-Security Updates: aText (2), BBEdit (1), Dropbox (2), Firefox (1), LibreOffice (1), Microsoft Edge (3), Skype (1), Spotify (1), Visual Studio Code (2), Zoom Client for Mac (2)
  • 38. Q & A
  • 39. Copyright © 2023 Ivanti. All rights reserved. Thank You!