SlideShare a Scribd company logo
1 of 42
Download to read offline
Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, February 14, 2024
Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ February 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A
Copyright © 2024 Ivanti. All rights reserved. 3
February 2024 Patch Tuesday is feeling like a return to
normalcy. Microsoft has resolved 73 new CVEs, two of
which are confirmed Zero-day vulnerabilities. Most of
the risk this month can be wiped off your systems by
deploying the Windows OS updates, but there are
additional concerns to investigate in Windows AppX
Installer and Exchange Server.
For more details check out this month's Patch Tuesday
blog.
February Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4
In the News
Copyright © 2024 Ivanti. All rights reserved. 5
In the News
§ Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
§ Fat Patch Tuesday, February 2024 Edition
§ Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
§ Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
§ Hong Kong Video Deepfake Scam Nets $25M
§ Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities
§ Linux Kernel Becomes Its Own CNA
Copyright © 2024 Ivanti. All rights reserved. 6
§ CVE-2024-21351 Windows Smartscreen Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 7.6 / 6.6
§ Severity: Moderate
§ Impact: All Windows 10 operating systems and newer
§ Per Microsoft – The vulnerability allows a malicious actor to inject code into SmartScreen and
potentially gain code execution, which could potentially lead to some data exposure, lack of system
availability, or both. An attacker must send the user a malicious file and convince the user to open it.
Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 7
§ CVE-2024-21412 Internet Shortcut Files Security Bypass Vulnerability
§ CVSS 3.1 Scores: 8.1 / 7.1
§ Severity: Important
§ Impact: All Windows 10 operating systems and newer
§ Per Microsoft – An unauthenticated attacker could send the targeted user a specially crafted file that is
designed to bypass displayed security checks. However, the attacker would have no way to force a
user to view the attacker-controlled content. Instead, the attacker would have to convince them to take
action by clicking on the file link.
Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 8
CVE-2023-40547
§ CVSS 3: 9.8 (8.3 Red Hat)
§ Flaw in Shim (a small open-source bootloader
maintained by Red Hat)
§ Enables an attacker to craft a specific malicious
HTTP request, leading to a completely controlled
out-of-bounds write primitive and complete
system compromise.
Exploitation:
Only exploitable during early boot phase. An
attacker needs to perform a Man-in-the-Middle or
compromise the boot server to be able to exploit this
vulnerability successfully.
Five other vulnerabilities affecting Shim were
discovered this week:
CVE-2023-40551
CVE-2023-40550
CVE-2023-40549
CVE-2023-40548
CVE-2023-40546
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 9
CVE-2023-6780
§ CVSS 3: 9.8
§ glibc vulnerability that affects most distributions
out there.
§ It is possible to abuse a buffer to trigger
undefined behavior which can then further be
exploited to gain elevated privileges in a local
system.
Mitigation
This function is called by the syslog and vsyslog
functions. The problem happens when these
functions are called with a very long message,
causing an incorrect calculation of the buffer size to
store the message, resulting in the undefined
behavior.
How to Mitigate:
Upgrade glibc to version 2.39 or higher
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 10
CVE-2024-1086
§ CVSS 3: 7.8
§ Use-after-free that can lead to crashes or
undefined behavior
§ Found in the Netfilter subsystem in the Linux
kernel (concerning the firewall and packet
filtering) The nf_tables component can be
exploited to achieve local privilege escalation.
§ This bug happens in the "TO" module (one way
to perform packet redirection with netfilter),
which was found to contain a code-path with a
use-after-free bug.
Additional Context:
Netfilter enables various networking-related
operations to be implemented in the form of
customized handlers, providing functions and
operations for packet filtering, network address
translation, and port translation, which provide the
functionality required for directing packets through a
network and prohibiting packets from reaching
sensitive locations within a network.
Mitigation
Either prevent the affected Netfilter (“to(nf_tables)”)
kernel module from being loaded or disable user
namespaces.
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 11
Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
§ ESU OS and Windows 10 (see graphic)
Azure and Development Tool Updates
§ .NET 6, 7, & 8
§ ASP.NET 6, 7, & 8
§ Azure Active Directory B2C
§ Azure File Sync v14.0 - v17.0
§ Azure Kubernetes Service Confidential
Containers
§ Azure Site Recovery
§ Microsoft Entra Jira Single-Sign-On
Plugin
§ Visual Studio 2022 v17.4 – v17.8
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 12
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 13
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 14
Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 15
Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved.
APSB24-07: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 13 vulnerabilities; 5 are critical. See
https://helpx.adobe.com/security/products/acrobat/apsb24-07.html for more details.
§ Impact: Remote Code Execution, Denial of Service, Information Disclosure
§ Fixes 13 Vulnerabilities: See bulleting link for details.
§ Restart Required: Requires application restart
1
Copyright © 2024 Ivanti. All rights reserved. 17
MS24-02-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5034766 (21H2) and KB 5034765 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 41 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
1
Copyright © 2024 Ivanti. All rights reserved. 18
MS24-02-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 44 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
1
Copyright © 2024 Ivanti. All rights reserved. 19
February Known Issues for Windows 10
§ KB 5034763 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ Microsoft is working on a resolution for both issues.
Copyright © 2024 Ivanti. All rights reserved. 20
February Known Issues for Windows 10 (cont)
§ KB 5034770 – Windows Server 2022
§ [Image File Execution] After you install KB5034129 (Jan), chromium-based internet
browsers, such as Microsoft Edge, might not open correctly. Browsers affected by this issue
might display a white screen and become unresponsive when you open them.
Devices that have browser specific Image File Execution Options (IFEO) might be affected
by this issue. When an entry for Microsoft Edge (msedge.exe) or other chromium-based
browsers is found in the Windows registry, the issue might occur. A registry entry can be
created by developer tools or when certain debugging and diagnostic settings are in place
for browsers.Microsoft is working on a resolution for both issues.
§ Workaround: See KB for registry editing options. Microsoft is working on a resolution and
will provide an update shortly.
Copyright © 2024 Ivanti. All rights reserved. 21
MS24-02-EXCH: Security Updates for Exchange Server
§ Maximum Severity: Critical
§ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU13 &
CU14
§ Description: This bulletin references KB 5035606. This cumulative update addresses 18
reported issues listed in the KB and now enables Extended Protection by default. See the KB
article and the Exchange Server blog for details.
§ Impact: Elevation of Privilege
§ Fixes 1 Vulnerability: CVE-2024-21410 is not publicly disclosed or known exploited.
§ Restart Required: Requires restart
§ Known Issues: When Setup.exe is used to run /PrepareAD, /PrepareSchema or
/PrepareDomain, the installer reports that Extended Protection was configured by the installer,
and it displays the following error message:
Exchange Setup has enabled Extended Protection on all the virtual directories on this machine.
1
Copyright © 2024 Ivanti. All rights reserved. 22
§ Maximum Severity: Critical
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance
issues in Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Elevation of Privilege
§ Fixes 6 Vulnerabilities: CVE-2024-20673, CVE-2024-21378, CVE-2024-21379, CVE-2024-
21384, CVE-2024-21402, and CVE-2024-21413 are not known to be exploited or publicly
disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-02-O365: Security Updates Microsoft 365 Apps,
Office 2019 and Office LTSC 2021
1
Copyright © 2024 Ivanti. All rights reserved. 23
§ Maximum Severity: Critical
§ Affected Products: Excel 2016, Office 2016, Outlook 2016, Powerpoint 2016, Publisher 2016,
Teams for Android, Visio 2016, Word 2016, and Skype for Business 2016
§ Description: This security update resolves multiple security issues in Microsoft Office suite. This
bulletin references 12 KB articles and Release Notes for Android.
§ Impact: Remote Code Execution, Information Disclosure
§ Fixes 6 Vulnerabilities: CVE-2024-20673, CVE-2024-20695, CVE-2024-21374, CVE-2024-
21378, CVE-2024-21379, and CVE-2024-21413 are not known to be exploited or publicly
disclosed.
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-02-OFF: Security Updates for Microsoft Office
1
Copyright © 2024 Ivanti. All rights reserved. 24
Between
Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 25
Windows Release Summary
§ Security Updates (with CVEs): Azul Zulu (4), Corretto (4), Google Chrome (4), Firefox (1), Firefox
ESR (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Java 8 (1), Java Development Kit 11
(1), Java Development Kit 17 (1), Java Development Kit 21 (1), Pulse Secure VPN (1), Thunderbird (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), CCleaner (1), Cisco
Webex Meetings Desktop App (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for
Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Eclipse Adoptium (4),
Evernote (6), Firefox (1), FileZilla (1), GoodSync (2), Google Earth Pro (1), Grammarly for Windows
(4), Jabra Direct (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), VirtualBox (2), Python (2),
RedHat OpenJDK (4), Skype (4), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (3),
Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (1), VMware Horizon
Client (1), Zoom Client (1), Zoom Client (3), Zoom VDI (3)
§ Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Box Drive (1), Bitwarden (1),
Camtasia (2), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra Classic (1), GoTo
Connect (1), KeePass Pro (1), KeePass Classic (1), NextCloud Desktop Client (1), PDF-Xchange PRO
(1), Password Safe (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1),
WeCom (1), WinMerge (1)
Copyright © 2024 Ivanti. All rights reserved. 26
Windows Third Party CVE Information
§ Azul Zulu 21.32.17 (21.0.2) Note: FX version of JDK also supported
§ ZULU21-240122, QZULUJDK213217
§ Fixes 8 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952
§ Azul Zulu 17.48.15 (17.0.10) Note: FX version of JDK also supported
§ ZULU17-240122, QZULUJDK174815 and QZULUJRE174815
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-
20945, CVE-2024-20952
§ Azul Zulu 11.70.15 (11.0.22) Note: FX version of JDK also supported
§ ZULU11-240122, QZULUJDK117015 and QZULUJRE117015
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-
2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-
20945, CVE-2024-20952
Copyright © 2024 Ivanti. All rights reserved. 27
Windows Third Party CVE Information (cont)
§ Azul Zulu 8.76.0.17 (8u402) Note: FX version of JDK also supported
§ ZULU8-240124, QZULUJDK876017 and QZULUJRE876017
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922,
CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
§ Java Development Kit 21 Update 21.0.2
§ JDK17-240116, QJDK2102
§ Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932,
CVE-2024-20945, CVE-2024-20952
§ Java Development Kit 17 Update 17.0.10
§ JDK17-240116, QJDK17010
§ Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926,
CVE-2024-20945, CVE-2024-20952
Copyright © 2024 Ivanti. All rights reserved. 28
Windows Third Party CVE Information (cont)
§ Java Development Kit 11 Update 11.0.22
§ JDK11-240116, QJDK11022
§ Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926,
CVE-2024-20945, CVE-2024-20952
§ Java 8 Update 401 – JRE and JDK
§ JAVA8-240116, QJDK8U401 and QJRE8U401
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922,
CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
§ Corretto 21.0.2.13.1
§ CRTO21-240116, QCRTOJDK2102
§ Fixes 5 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20945,
CVE-2024-20952
Copyright © 2024 Ivanti. All rights reserved. 29
Windows Third Party CVE Information (cont)
§ Corretto 17.0.10.7.1
§ CRTO17-240116, QCRTOJDK17010
§ Fixes 5 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20945,
CVE-2024-20952
§ Corretto 11.0.22.7.1
§ CRTO11-240116, QCRTOJDK11022
§ Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926,
CVE-2024-20945, CVE-2024-20952
§ Corretto 8.402.06.1 – JRE and JDK
§ CRTO8-240116, QCRTOJRE8402
§ CRTO8-240116, QCRTOJDK8402
§ Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922,
CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
Copyright © 2024 Ivanti. All rights reserved. 30
Windows Third Party CVE Information
§ Google Chrome 120.0.6099.225
§ CHROME-240116, QGC12006099225
§ Fixes 3 Vulnerabilities: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
§ Google Chrome 121.0.6167.86
§ CHROME-240123, QGC1210616786
§ Fixes 11 Vulnerabilities: CVE-2024-0804, CVE-2024-0805, CVE-2024-0806, CVE-2024-0807,
CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024-
0813, CVE-2024-0814
§ Google Chrome 121.0.6167.140
§ CHROME-240130, QGC12106167140
§ Fixes 3 Vulnerabilities: CVE-2024-1059, CVE-2024-1060, CVE-2024-1077
§ Google Chrome 121.0.6167.161
§ CHROME-240206, QGC12106167161
§ Fixes 2 Vulnerabilities: CVE-2024-1283, CVE-2024-1284
Copyright © 2024 Ivanti. All rights reserved. 31
Windows Third Party CVE Information (cont)
§ Firefox 122.0
§ FF-240123, QFF1220
§ Fixes 15 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744,
CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-
0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755
§ Firefox ESR 115.7.0
§ FFE-240123, QFFE11570
§ Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
§ Thunderbird 115.7.0
§ TB-240123, QTB11570
§ Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
Copyright © 2024 Ivanti. All rights reserved. 32
Windows Third Party CVE Information (cont)
§ Foxit PDF Editor 12.1.4
§ FPDFE-240130, QFPDFE1214MSP
§ Fixes 29 Vulnerabilities: CVE-2023-32616, CVE-2023-35985, CVE-2023-38573, CVE-2023-39542,
CVE-2023-40194, CVE-2023-41257, CVE-2023-42089, CVE-2023-42090, CVE-2023-42091,
CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096,
CVE-2023-42097, CVE-2023-42098, CVE-2023-51549, CVE-2023-51550, CVE-2023-51551,
CVE-2023-51552, CVE-2023-51553, CVE-2023-51554, CVE-2023-51555, CVE-2023-51556,
CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51560, CVE-2023-51562
§ Foxit PDF Reader Consumer 12.1.4.15400
§ FPDFRC-240122, QFPDFRC12141540
§ Fixes 29 Vulnerabilities: See Previous
§ Pulse Secure VPN Desktop Client 22.7.1.28369
§ PSVPN-240202, QPSVPN22711
§ Fixes 2 Vulnerabilities: CVE-2023-46805, CVE-2024-21887
Copyright © 2024 Ivanti. All rights reserved. 33
Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Ventura (1), Apple
macOS Sonoma (1), Google Chrome (3), Docker Desktop (1), Evernote (1), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), Microsoft Edge (3), Microsoft Office 2019 OneNote
(1), Microsoft Office 2019 Outlook (1), Microsoft Office 2019 PowerPoint (1), Safari for
Monterey (1), Thunderbird (1), Microsoft Office 2019 Word (1)
§ Security Updates (w/o CVEs): Brave (1), SeaMonkey (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), Apple macOS
Sonoma (1), Brave (3), Docker Desktop for Mac (1), draw.io (2), Dropbox (2), Evernote (4),
Firefox (1), Google Drive (1), Grammarly (7), Hazel (1), IntelliJ IDEA (1), LibreOffice (1),
Microsoft AutoUpdate (1), Microsoft Edge (2), OneDrive for Mac (2), Microsoft Office 2019
Outlook (2), PyCharm Professional for Mac (2), PowerShell (1), Python (2), Slack (1), Spotify
(2), Microsoft Teams (Mac) (2), Visual Studio Code (3), Zoom Client for Mac (1)
Copyright © 2024 Ivanti. All rights reserved. 34
Apple Updates with CVE Information
§ macOS Monterey 12.7.3
§ HT214057
§ Fixes 9 Vulnerabilities: CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-
2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23207, CVE-2024-
23212, CVE-2024-23222
§ macOS Ventura 13.6.4
§ HT214058
§ Fixes 13 Vulnerabilities: CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-
2023-40528, CVE-2023-42887, CVE-2023-42888, CVE-2023-42915, CVE-2023-
42935, CVE-2023-42937, CVE-2024-23207, CVE-2024-23212, CVE-2024-23222,
CVE-2024-23224
§ Safari 17.3 for Ventura and Monterey
§ HT214056
§ Fixes 4 Vulnerabilities: CVE-2024-23206, CVE-2024-23211, CVE-2024-23213, CVE-
2024-23222
Copyright © 2024 Ivanti. All rights reserved. 35
Apple Updates with CVE Information (cont)
§ macOS Sonoma 14.3
§ HT214061
§ Fixes 17 Vulnerabilities: CVE-2024-23203, CVE-2024-23204, CVE-2024-23206, CVE-
2024-23207, CVE-2024-23208, CVE-2024-23209, CVE-2024-23210, CVE-2024-
23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23215,
CVE-2024-23217, CVE-2024-23218, CVE-2024-23222, CVE-2024-23223, CVE-2024-
23224
Copyright © 2024 Ivanti. All rights reserved. 36
Apple Third Party CVE Information
§ Google Chrome 120.0.6099.234
§ CHROMEMAC-240116
§ Fixes 3 Vulnerabilities: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
§ Google Chrome 121.0.6167.139
§ CHROMEMAC-240130
§ Fixes 3 Vulnerabilities: CVE-2024-1059, CVE-2024-1060, CVE-2024-1077
§ Google Chrome 121.0.6167.160
§ CHROMEMAC-240206
§ Fixes 2 Vulnerabilities: CVE-2024-1283, CVE-2024-1284
Copyright © 2024 Ivanti. All rights reserved. 37
Apple Third Party CVE Information (cont)
§ Docker Desktop 4.27.2
§ DOCKERMAC-240208
§ Fixes 4 Vulnerabilities: CVE-2020-8911, CVE-2020-8912, CVE-2024-21626, CVE-2024-
24557
§ Evernote 10.74.1
§ ENOT-240131
§ Fixes 1 Vulnerability: CVE-2023-50643
§ Microsoft Office 2019 Excel 16.81
§ EXCEL19-240116
§ Fixes 1 Vulnerability: CVE-2024-20677
§ Microsoft Office 2019 OneNote 16.81
§ ONENOTE19-240116
§ Fixes 1 Vulnerability: CVE-2024-20677
Copyright © 2024 Ivanti. All rights reserved. 38
Apple Third Party CVE Information (cont)
§ Microsoft Office 2019 Outlook 16.81
§ OUTLOOK19-240116
§ Fixes 1 Vulnerability: CVE-2024-20677
§ Microsoft Office 2019 Powerpoint 16.81
§ POWERPOINT19-240116
§ Fixes 1 Vulnerability: CVE-2024-20677
§ Microsoft Office 2019 Word 16.81
§ WORD19-240116
§ Fixes 1 Vulnerability: CVE-2024-20677
Copyright © 2024 Ivanti. All rights reserved. 39
Apple Third Party CVE Information (cont)
§ Microsoft Edge 120.0.2210.144
§ MEDGEMAC-240117
§ Fixes 1 Vulnerability: CVE-2024-0519
§ Microsoft Edge 121.0.2277.83
§ MEDGEMAC-240126
§ Fixes 7 Vulnerabilities: CVE-2024-21326, CVE-2024-21336, CVE-2024-21382, CVE-2024-
21383, CVE-2024-21385, CVE-2024-21387, CVE-2024-21388
§ Microsoft Edge 121.0.2277.98
§ MEDGEMAC-240201
§ Fixes 1 Vulnerability: CVE-2024-21399
Copyright © 2024 Ivanti. All rights reserved. 40
Apple Third Party CVE Information (cont)
§ Firefox 122.0
§ FF-240123
§ Fixes 15 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744,
CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-
0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755
§ Firefox ESR 115.7.0
§ FFE-240123
§ Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
§ Thunderbird 115.7.0
§ TB-240123
§ Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-
2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
Copyright © 2024 Ivanti. All rights reserved. 41
Q & A
Copyright © 2024 Ivanti. All rights reserved.
Copyright © 2024 Ivanti. All rights reserved. 42
Thank You!

More Related Content

What's hot

2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch TuesdayIvanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch TuesdayIvanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch TuesdayIvanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch TuesdayIvanti
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch TuesdayIvanti
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch TuesdayIvanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch TuesdayIvanti
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Tuan Yang
 
Citrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.XCitrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.XIzaak Salman
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...The Linux Foundation
 
Understanding .Net Standards, .Net Core & .Net Framework
Understanding .Net Standards, .Net Core & .Net FrameworkUnderstanding .Net Standards, .Net Core & .Net Framework
Understanding .Net Standards, .Net Core & .Net Frameworkpunedevscom
 
Configuring wifi in open embedded builds
Configuring wifi in open embedded buildsConfiguring wifi in open embedded builds
Configuring wifi in open embedded buildsMender.io
 

What's hot (20)

2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
2023 January Patch Tuesday
2023 January Patch Tuesday2023 January Patch Tuesday
2023 January Patch Tuesday
 
2022 June Patch Tuesday
2022 June Patch Tuesday2022 June Patch Tuesday
2022 June Patch Tuesday
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)
 
Citrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.XCitrix XenApp and XenDesktop 7.X
Citrix XenApp and XenDesktop 7.X
 
.Net Core
.Net Core.Net Core
.Net Core
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
 
Cucm 9.x licensing
Cucm 9.x licensingCucm 9.x licensing
Cucm 9.x licensing
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
 
Android
AndroidAndroid
Android
 
Programming guide for linux usb device drivers
Programming guide for linux usb device driversProgramming guide for linux usb device drivers
Programming guide for linux usb device drivers
 
step by step to install the ubuntu
step by step to install the ubuntustep by step to install the ubuntu
step by step to install the ubuntu
 
Understanding .Net Standards, .Net Core & .Net Framework
Understanding .Net Standards, .Net Core & .Net FrameworkUnderstanding .Net Standards, .Net Core & .Net Framework
Understanding .Net Standards, .Net Core & .Net Framework
 
Linux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating SystemLinux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating System
 
Configuring wifi in open embedded builds
Configuring wifi in open embedded buildsConfiguring wifi in open embedded builds
Configuring wifi in open embedded builds
 

Similar to 2024 February Patch Tuesday

Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayIvanti
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – OctobreIvanti
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayIvanti
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch TuesdayIvanti
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de OctubreIvanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – NovembreIvanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - maiIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 

Similar to 2024 February Patch Tuesday (20)

Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
 
Français Patch Tuesday – Octobre
Français Patch Tuesday – OctobreFrançais Patch Tuesday – Octobre
Français Patch Tuesday – Octobre
 
ES September 2023 Patch Tuesday
ES September 2023 Patch TuesdayES September 2023 Patch Tuesday
ES September 2023 Patch Tuesday
 
2023 Mars Patch Tuesday
2023 Mars Patch Tuesday2023 Mars Patch Tuesday
2023 Mars Patch Tuesday
 
2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre2023 Patch Tuesday de Octubre
2023 Patch Tuesday de Octubre
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 

More from Ivanti

Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia DicembreIvanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia NovembreIvanti
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de NoviembreIvanti
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch TuesdayIvanti
 

More from Ivanti (9)

Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 
Patch Tuesday de Noviembre
Patch Tuesday de NoviembrePatch Tuesday de Noviembre
Patch Tuesday de Noviembre
 
2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday2023 Ottobre Patch Tuesday
2023 Ottobre Patch Tuesday
 

Recently uploaded

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Recently uploaded (20)

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

2024 February Patch Tuesday

  • 1. Hosted by Chris Goettl and Todd Schell Patch Tuesday Webinar Wednesday, February 14, 2024
  • 2. Copyright © 2024 Ivanti. All rights reserved. 2 Agenda § February 2024 Patch Tuesday Overview § In the News § Bulletins and Releases § Between Patch Tuesdays § Q & A
  • 3. Copyright © 2024 Ivanti. All rights reserved. 3 February 2024 Patch Tuesday is feeling like a return to normalcy. Microsoft has resolved 73 new CVEs, two of which are confirmed Zero-day vulnerabilities. Most of the risk this month can be wiped off your systems by deploying the Windows OS updates, but there are additional concerns to investigate in Windows AppX Installer and Exchange Server. For more details check out this month's Patch Tuesday blog. February Patch Tuesday 2024
  • 4. Copyright © 2024 Ivanti. All rights reserved. 4 In the News
  • 5. Copyright © 2024 Ivanti. All rights reserved. 5 In the News § Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs § Fat Patch Tuesday, February 2024 Edition § Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days § Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC § Hong Kong Video Deepfake Scam Nets $25M § Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities § Linux Kernel Becomes Its Own CNA
  • 6. Copyright © 2024 Ivanti. All rights reserved. 6 § CVE-2024-21351 Windows Smartscreen Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 7.6 / 6.6 § Severity: Moderate § Impact: All Windows 10 operating systems and newer § Per Microsoft – The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both. An attacker must send the user a malicious file and convince the user to open it. Known Exploited Vulnerabilities
  • 7. Copyright © 2024 Ivanti. All rights reserved. 7 § CVE-2024-21412 Internet Shortcut Files Security Bypass Vulnerability § CVSS 3.1 Scores: 8.1 / 7.1 § Severity: Important § Impact: All Windows 10 operating systems and newer § Per Microsoft – An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. Known Exploited Vulnerabilities
  • 8. Copyright © 2024 Ivanti. All rights reserved. 8 CVE-2023-40547 § CVSS 3: 9.8 (8.3 Red Hat) § Flaw in Shim (a small open-source bootloader maintained by Red Hat) § Enables an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. Exploitation: Only exploitable during early boot phase. An attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. Five other vulnerabilities affecting Shim were discovered this week: CVE-2023-40551 CVE-2023-40550 CVE-2023-40549 CVE-2023-40548 CVE-2023-40546 New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
  • 9. Copyright © 2024 Ivanti. All rights reserved. 9 CVE-2023-6780 § CVSS 3: 9.8 § glibc vulnerability that affects most distributions out there. § It is possible to abuse a buffer to trigger undefined behavior which can then further be exploited to gain elevated privileges in a local system. Mitigation This function is called by the syslog and vsyslog functions. The problem happens when these functions are called with a very long message, causing an incorrect calculation of the buffer size to store the message, resulting in the undefined behavior. How to Mitigate: Upgrade glibc to version 2.39 or higher New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
  • 10. Copyright © 2024 Ivanti. All rights reserved. 10 CVE-2024-1086 § CVSS 3: 7.8 § Use-after-free that can lead to crashes or undefined behavior § Found in the Netfilter subsystem in the Linux kernel (concerning the firewall and packet filtering) The nf_tables component can be exploited to achieve local privilege escalation. § This bug happens in the "TO" module (one way to perform packet redirection with netfilter), which was found to contain a code-path with a use-after-free bug. Additional Context: Netfilter enables various networking-related operations to be implemented in the form of customized handlers, providing functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network. Mitigation Either prevent the affected Netfilter (“to(nf_tables)”) kernel module from being loaded or disable user namespaces. New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
  • 11. Copyright © 2024 Ivanti. All rights reserved. 11 Microsoft Patch Tuesday Updates of Interest Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update- guide/en-US/vulnerability/ADV990001 § ESU OS and Windows 10 (see graphic) Azure and Development Tool Updates § .NET 6, 7, & 8 § ASP.NET 6, 7, & 8 § Azure Active Directory B2C § Azure File Sync v14.0 - v17.0 § Azure Kubernetes Service Confidential Containers § Azure Site Recovery § Microsoft Entra Jira Single-Sign-On Plugin § Visual Studio 2022 v17.4 – v17.8 Source: Microsoft
  • 12. Copyright © 2024 Ivanti. All rights reserved. 12 Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 21H2 11/16/2021 6/11/2024 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 13. Copyright © 2024 Ivanti. All rights reserved. 13 Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info § Focused on server long-term stability § Major version releases every 2-3 years § 5 years mainstream and 5 years extended support § Server core or server with desktop experience available Source: Microsoft
  • 14. Copyright © 2024 Ivanti. All rights reserved. 14 Patch Content Announcements Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
  • 15. Copyright © 2024 Ivanti. All rights reserved. 15 Bulletins and Releases
  • 16. Copyright © 2024 Ivanti. All rights reserved. APSB24-07: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020) § Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses 13 vulnerabilities; 5 are critical. See https://helpx.adobe.com/security/products/acrobat/apsb24-07.html for more details. § Impact: Remote Code Execution, Denial of Service, Information Disclosure § Fixes 13 Vulnerabilities: See bulleting link for details. § Restart Required: Requires application restart 1
  • 17. Copyright © 2024 Ivanti. All rights reserved. 17 MS24-02-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium § Description: This bulletin references KB 5034766 (21H2) and KB 5034765 (22H2/23H2). § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure § Fixes 41 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: None reported 1
  • 18. Copyright © 2024 Ivanti. All rights reserved. 18 MS24-02-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 6 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure § Fixes 44 Vulnerabilities: CVE-2024-21351 and CVE-2024-21412 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1
  • 19. Copyright © 2024 Ivanti. All rights reserved. 19 February Known Issues for Windows 10 § KB 5034763 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise, version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2, all editions § [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen. Workaround: To access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or bottom of your screen. § [Icon Display] Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview). § Microsoft is working on a resolution for both issues.
  • 20. Copyright © 2024 Ivanti. All rights reserved. 20 February Known Issues for Windows 10 (cont) § KB 5034770 – Windows Server 2022 § [Image File Execution] After you install KB5034129 (Jan), chromium-based internet browsers, such as Microsoft Edge, might not open correctly. Browsers affected by this issue might display a white screen and become unresponsive when you open them. Devices that have browser specific Image File Execution Options (IFEO) might be affected by this issue. When an entry for Microsoft Edge (msedge.exe) or other chromium-based browsers is found in the Windows registry, the issue might occur. A registry entry can be created by developer tools or when certain debugging and diagnostic settings are in place for browsers.Microsoft is working on a resolution for both issues. § Workaround: See KB for registry editing options. Microsoft is working on a resolution and will provide an update shortly.
  • 21. Copyright © 2024 Ivanti. All rights reserved. 21 MS24-02-EXCH: Security Updates for Exchange Server § Maximum Severity: Critical § Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU13 & CU14 § Description: This bulletin references KB 5035606. This cumulative update addresses 18 reported issues listed in the KB and now enables Extended Protection by default. See the KB article and the Exchange Server blog for details. § Impact: Elevation of Privilege § Fixes 1 Vulnerability: CVE-2024-21410 is not publicly disclosed or known exploited. § Restart Required: Requires restart § Known Issues: When Setup.exe is used to run /PrepareAD, /PrepareSchema or /PrepareDomain, the installer reports that Extended Protection was configured by the installer, and it displays the following error message: Exchange Setup has enabled Extended Protection on all the virtual directories on this machine. 1
  • 22. Copyright © 2024 Ivanti. All rights reserved. 22 § Maximum Severity: Critical § Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021 § Description: This month’s update resolved various bugs and performance issues in Office applications. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2024-20673, CVE-2024-21378, CVE-2024-21379, CVE-2024- 21384, CVE-2024-21402, and CVE-2024-21413 are not known to be exploited or publicly disclosed § Restart Required: Requires application restart § Known Issues: None reported MS24-02-O365: Security Updates Microsoft 365 Apps, Office 2019 and Office LTSC 2021 1
  • 23. Copyright © 2024 Ivanti. All rights reserved. 23 § Maximum Severity: Critical § Affected Products: Excel 2016, Office 2016, Outlook 2016, Powerpoint 2016, Publisher 2016, Teams for Android, Visio 2016, Word 2016, and Skype for Business 2016 § Description: This security update resolves multiple security issues in Microsoft Office suite. This bulletin references 12 KB articles and Release Notes for Android. § Impact: Remote Code Execution, Information Disclosure § Fixes 6 Vulnerabilities: CVE-2024-20673, CVE-2024-20695, CVE-2024-21374, CVE-2024- 21378, CVE-2024-21379, and CVE-2024-21413 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-02-OFF: Security Updates for Microsoft Office 1
  • 24. Copyright © 2024 Ivanti. All rights reserved. 24 Between Patch Tuesdays
  • 25. Copyright © 2024 Ivanti. All rights reserved. 25 Windows Release Summary § Security Updates (with CVEs): Azul Zulu (4), Corretto (4), Google Chrome (4), Firefox (1), Firefox ESR (1), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), Pulse Secure VPN (1), Thunderbird (1) § Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), CCleaner (1), Cisco Webex Meetings Desktop App (1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Eclipse Adoptium (4), Evernote (6), Firefox (1), FileZilla (1), GoodSync (2), Google Earth Pro (1), Grammarly for Windows (4), Jabra Direct (1), Node.JS (Current) (1), Notepad++ (1), Opera (4), VirtualBox (2), Python (2), RedHat OpenJDK (4), Skype (4), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (3), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (1), VMware Horizon Client (1), Zoom Client (1), Zoom Client (3), Zoom VDI (3) § Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Box Drive (1), Bitwarden (1), Camtasia (2), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra Classic (1), GoTo Connect (1), KeePass Pro (1), KeePass Classic (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), Password Safe (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), WeCom (1), WinMerge (1)
  • 26. Copyright © 2024 Ivanti. All rights reserved. 26 Windows Third Party CVE Information § Azul Zulu 21.32.17 (21.0.2) Note: FX version of JDK also supported § ZULU21-240122, QZULUJDK213217 § Fixes 8 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE- 2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952 § Azul Zulu 17.48.15 (17.0.10) Note: FX version of JDK also supported § ZULU17-240122, QZULUJDK174815 and QZULUJRE174815 § Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE- 2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024- 20945, CVE-2024-20952 § Azul Zulu 11.70.15 (11.0.22) Note: FX version of JDK also supported § ZULU11-240122, QZULUJDK117015 and QZULUJRE117015 § Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE- 2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024- 20945, CVE-2024-20952
  • 27. Copyright © 2024 Ivanti. All rights reserved. 27 Windows Third Party CVE Information (cont) § Azul Zulu 8.76.0.17 (8u402) Note: FX version of JDK also supported § ZULU8-240124, QZULUJDK876017 and QZULUJRE876017 § Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 § Java Development Kit 21 Update 21.0.2 § JDK17-240116, QJDK2102 § Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 § Java Development Kit 17 Update 17.0.10 § JDK17-240116, QJDK17010 § Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
  • 28. Copyright © 2024 Ivanti. All rights reserved. 28 Windows Third Party CVE Information (cont) § Java Development Kit 11 Update 11.0.22 § JDK11-240116, QJDK11022 § Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 § Java 8 Update 401 – JRE and JDK § JAVA8-240116, QJDK8U401 and QJRE8U401 § Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 § Corretto 21.0.2.13.1 § CRTO21-240116, QCRTOJDK2102 § Fixes 5 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20945, CVE-2024-20952
  • 29. Copyright © 2024 Ivanti. All rights reserved. 29 Windows Third Party CVE Information (cont) § Corretto 17.0.10.7.1 § CRTO17-240116, QCRTOJDK17010 § Fixes 5 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20945, CVE-2024-20952 § Corretto 11.0.22.7.1 § CRTO11-240116, QCRTOJDK11022 § Fixes 6 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 § Corretto 8.402.06.1 – JRE and JDK § CRTO8-240116, QCRTOJRE8402 § CRTO8-240116, QCRTOJDK8402 § Fixes 9 Vulnerabilities: CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
  • 30. Copyright © 2024 Ivanti. All rights reserved. 30 Windows Third Party CVE Information § Google Chrome 120.0.6099.225 § CHROME-240116, QGC12006099225 § Fixes 3 Vulnerabilities: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519 § Google Chrome 121.0.6167.86 § CHROME-240123, QGC1210616786 § Fixes 11 Vulnerabilities: CVE-2024-0804, CVE-2024-0805, CVE-2024-0806, CVE-2024-0807, CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024- 0813, CVE-2024-0814 § Google Chrome 121.0.6167.140 § CHROME-240130, QGC12106167140 § Fixes 3 Vulnerabilities: CVE-2024-1059, CVE-2024-1060, CVE-2024-1077 § Google Chrome 121.0.6167.161 § CHROME-240206, QGC12106167161 § Fixes 2 Vulnerabilities: CVE-2024-1283, CVE-2024-1284
  • 31. Copyright © 2024 Ivanti. All rights reserved. 31 Windows Third Party CVE Information (cont) § Firefox 122.0 § FF-240123, QFF1220 § Fixes 15 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024- 0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755 § Firefox ESR 115.7.0 § FFE-240123, QFFE11570 § Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE- 2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 § Thunderbird 115.7.0 § TB-240123, QTB11570 § Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE- 2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
  • 32. Copyright © 2024 Ivanti. All rights reserved. 32 Windows Third Party CVE Information (cont) § Foxit PDF Editor 12.1.4 § FPDFE-240130, QFPDFE1214MSP § Fixes 29 Vulnerabilities: CVE-2023-32616, CVE-2023-35985, CVE-2023-38573, CVE-2023-39542, CVE-2023-40194, CVE-2023-41257, CVE-2023-42089, CVE-2023-42090, CVE-2023-42091, CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096, CVE-2023-42097, CVE-2023-42098, CVE-2023-51549, CVE-2023-51550, CVE-2023-51551, CVE-2023-51552, CVE-2023-51553, CVE-2023-51554, CVE-2023-51555, CVE-2023-51556, CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51560, CVE-2023-51562 § Foxit PDF Reader Consumer 12.1.4.15400 § FPDFRC-240122, QFPDFRC12141540 § Fixes 29 Vulnerabilities: See Previous § Pulse Secure VPN Desktop Client 22.7.1.28369 § PSVPN-240202, QPSVPN22711 § Fixes 2 Vulnerabilities: CVE-2023-46805, CVE-2024-21887
  • 33. Copyright © 2024 Ivanti. All rights reserved. 33 Apple Release Summary § Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Ventura (1), Apple macOS Sonoma (1), Google Chrome (3), Docker Desktop (1), Evernote (1), Microsoft Office 2019 Excel (1), Firefox (1), Firefox ESR (1), Microsoft Edge (3), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (1), Microsoft Office 2019 PowerPoint (1), Safari for Monterey (1), Thunderbird (1), Microsoft Office 2019 Word (1) § Security Updates (w/o CVEs): Brave (1), SeaMonkey (1) § Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), Apple macOS Sonoma (1), Brave (3), Docker Desktop for Mac (1), draw.io (2), Dropbox (2), Evernote (4), Firefox (1), Google Drive (1), Grammarly (7), Hazel (1), IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (2), OneDrive for Mac (2), Microsoft Office 2019 Outlook (2), PyCharm Professional for Mac (2), PowerShell (1), Python (2), Slack (1), Spotify (2), Microsoft Teams (Mac) (2), Visual Studio Code (3), Zoom Client for Mac (1)
  • 34. Copyright © 2024 Ivanti. All rights reserved. 34 Apple Updates with CVE Information § macOS Monterey 12.7.3 § HT214057 § Fixes 9 Vulnerabilities: CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE- 2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23207, CVE-2024- 23212, CVE-2024-23222 § macOS Ventura 13.6.4 § HT214058 § Fixes 13 Vulnerabilities: CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE- 2023-40528, CVE-2023-42887, CVE-2023-42888, CVE-2023-42915, CVE-2023- 42935, CVE-2023-42937, CVE-2024-23207, CVE-2024-23212, CVE-2024-23222, CVE-2024-23224 § Safari 17.3 for Ventura and Monterey § HT214056 § Fixes 4 Vulnerabilities: CVE-2024-23206, CVE-2024-23211, CVE-2024-23213, CVE- 2024-23222
  • 35. Copyright © 2024 Ivanti. All rights reserved. 35 Apple Updates with CVE Information (cont) § macOS Sonoma 14.3 § HT214061 § Fixes 17 Vulnerabilities: CVE-2024-23203, CVE-2024-23204, CVE-2024-23206, CVE- 2024-23207, CVE-2024-23208, CVE-2024-23209, CVE-2024-23210, CVE-2024- 23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23215, CVE-2024-23217, CVE-2024-23218, CVE-2024-23222, CVE-2024-23223, CVE-2024- 23224
  • 36. Copyright © 2024 Ivanti. All rights reserved. 36 Apple Third Party CVE Information § Google Chrome 120.0.6099.234 § CHROMEMAC-240116 § Fixes 3 Vulnerabilities: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519 § Google Chrome 121.0.6167.139 § CHROMEMAC-240130 § Fixes 3 Vulnerabilities: CVE-2024-1059, CVE-2024-1060, CVE-2024-1077 § Google Chrome 121.0.6167.160 § CHROMEMAC-240206 § Fixes 2 Vulnerabilities: CVE-2024-1283, CVE-2024-1284
  • 37. Copyright © 2024 Ivanti. All rights reserved. 37 Apple Third Party CVE Information (cont) § Docker Desktop 4.27.2 § DOCKERMAC-240208 § Fixes 4 Vulnerabilities: CVE-2020-8911, CVE-2020-8912, CVE-2024-21626, CVE-2024- 24557 § Evernote 10.74.1 § ENOT-240131 § Fixes 1 Vulnerability: CVE-2023-50643 § Microsoft Office 2019 Excel 16.81 § EXCEL19-240116 § Fixes 1 Vulnerability: CVE-2024-20677 § Microsoft Office 2019 OneNote 16.81 § ONENOTE19-240116 § Fixes 1 Vulnerability: CVE-2024-20677
  • 38. Copyright © 2024 Ivanti. All rights reserved. 38 Apple Third Party CVE Information (cont) § Microsoft Office 2019 Outlook 16.81 § OUTLOOK19-240116 § Fixes 1 Vulnerability: CVE-2024-20677 § Microsoft Office 2019 Powerpoint 16.81 § POWERPOINT19-240116 § Fixes 1 Vulnerability: CVE-2024-20677 § Microsoft Office 2019 Word 16.81 § WORD19-240116 § Fixes 1 Vulnerability: CVE-2024-20677
  • 39. Copyright © 2024 Ivanti. All rights reserved. 39 Apple Third Party CVE Information (cont) § Microsoft Edge 120.0.2210.144 § MEDGEMAC-240117 § Fixes 1 Vulnerability: CVE-2024-0519 § Microsoft Edge 121.0.2277.83 § MEDGEMAC-240126 § Fixes 7 Vulnerabilities: CVE-2024-21326, CVE-2024-21336, CVE-2024-21382, CVE-2024- 21383, CVE-2024-21385, CVE-2024-21387, CVE-2024-21388 § Microsoft Edge 121.0.2277.98 § MEDGEMAC-240201 § Fixes 1 Vulnerability: CVE-2024-21399
  • 40. Copyright © 2024 Ivanti. All rights reserved. 40 Apple Third Party CVE Information (cont) § Firefox 122.0 § FF-240123 § Fixes 15 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024- 0750, CVE-2024-0751, CVE-2024-0752, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755 § Firefox ESR 115.7.0 § FFE-240123 § Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE- 2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 § Thunderbird 115.7.0 § TB-240123 § Fixes 9 Vulnerabilities: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE- 2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
  • 41. Copyright © 2024 Ivanti. All rights reserved. 41 Q & A
  • 42. Copyright © 2024 Ivanti. All rights reserved. Copyright © 2024 Ivanti. All rights reserved. 42 Thank You!