2024 May Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, May 15, 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ May 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A

Leading up to May Patch Tuesday we have a shared
zero-day vulnerability in Google Chrome and Microsoft
Edge, as well as an updated 2024 zero-day vulnerability
in macOS Ventura. Microsoft also addressed a pair of
zero-day vulnerabilities in their update resulting in 61
CVEs resolved. Mozilla and Adobe complete the lineup
of third-party updates. Priorities are the browser and OS
updates this month.
For more details check out this month's Patch Tuesday
blog.
May Patch Tuesday 2024

In the News

In the News
§ 5th and 6th Chrome Zero-day in 2024
§ https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
§ https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-
escape
§ Apple resolves RTKit Zero-day for older versions of iOS, iPad and macOS
§ https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-zero-day-exploited-in-attacks-to-older-
iphones/
§ Microsoft resolves two Zero-day vulnerabilities
§ https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/

§ CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.2
§ Severity: Important
§ Impact: Elevation of privilege
§ Affected Systems: All Windows 10, Server 2016, and newer operating systems
§ Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited and Publicly Disclosed Vulnerability

§ CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Impact: Security Feature Bypass
§ Affected Systems: All Windows 10, Server 2016, and newer operating systems
§ Per Microsoft – This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office
which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user
to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or
Instant Messenger message, and then convince the user to manipulate the specially crafted file, but
not necessarily click or open the malicious file.
Known Exploited Vulnerability

CVE-2024-2961
§ CVSS 3: 8.8
§ Identified in the iconv() function of glibc 2.39 and
older
§ The issue: a specific set of parameters could
lead to a buffer overflow, leading to a crash of
the application calling iconv().
Background:
iconv() is a function to convert text between different
encodings, like UTF8 or plain ASCII, and is used
widely in applications and services that need to, for
example, accept or parse input in multiple
languages.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2024-27316
§ CVSS 3: 7.5
§ It’s possible to cause a memory leak in an
Apache webserver configured to serve http/2
content, by sending repeated headers until a
preconfigured buffer is exhausted.
§ If the client continues to send more headers
after this point, then Apache will continue to
extend the buffer, eventually exhausting all
available memory resources.
Background:
Memory leaks like this occur when a program fails
to release memory it no longer needs, leading to
gradual consumption of system resources.
Mitigation
Upgrade package to most up-to-date version on all
distributions

CVE-2024-32487
§ CVSS 3: 8.6
§ The utility "less" (a counterpart to "more") can be
tricked into executing commands if it receives a
malicious file as parameter, crafted in such a
way as to include a "newline" character in the
filename.
§ The part after the "newline" character is
interpreted by "less" as a command to be
executed, which it does. Since "less" is
commonly used chained with other commands
to perform tasks sequentially, this can be quite
damaging if it is being run in a privileged
process.
Exploitation
An attacker can execute arbitrary OS commands
by using attacker-controlled file names, such as
those extracted from an untrusted archive.
Exploitation typically requires use with attacker-
controlled file names, such as the files extracted
from an untrusted archive. Exploitation also
requires the LESSOPEN environment variable, but
this is set by default in many common cases.
Mitigation
To mitigate CVE-2024-32487, you should update
"less" to version 654, as the bug is present on all
previous versions. Don’t simply unset $LESSOPEN.

Microsoft Patch Tuesday Updates of Interest
Azure and Development Tool Updates
§ .NET 6.0, 7.0, & 8.0
§ Azure Migrate
§ Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
§ Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
§ Microsoft Visual Studio 2022 17.4 – 17.9

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2024 Ivanti. All rights reserved.
CHROME-240514: Security Update for Chrome Desktop
§ Maximum Severity: Critical
§ Affected Products: Google Chrome
§ Description: The Stable channel has been updated to 124.0.6367.207/.208 for Mac and
Windows and 124.0.6367.207 for Linux. The Extended Stable channel has been updated to
124.0.6367.207 for Mac and Windows. See
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html for
more details. This update contains one security fix with the reported CVE rated High.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-4761 is known exploited.
§ Restart Required: Requires application restart
1

HT214107: Security Update macOS Ventura 13.6.7
§ Affected Products: Apple macOS Ventura version 13
§ Description: This update addresses security vulnerabilities in the Apple Ventura operating
system.
§ Impact: Security Feature Bypass, Information Disclosure
§ Fixes 3 Vulnerabilities: CVE-2024-27789, CVE-2023-42861, and CVE-2024-23296. CVE-2024-
23296 is known exploited. See the Apple Security Update https://support.apple.com/en-
us/HT214107 for complete details.
§ Restart Required: Requires restart
§ Known Issues: None
1

APSB24-29: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Moderate
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 12 vulnerabilities; 9 are rated Critical.
§ Impact: Arbitrary Code Execution, Memory Leak
§ Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
for more details. .
1
2

MFSA-2024-21: Security Update Firefox 126
§ Maximum Severity: Important
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 16 vulnerabilities; 3 are rated High.
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, Information
Disclosure
§ Fixes 16 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-21/ for complete details.
1
2

MFSA-2024-22: Security Update Firefox ESR 115.11
§ Affected Products: Security Update Firefox ESR
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR
browser on multiple platforms.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§ Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-22/ for complete details.
1
2

HT214106: Security Update macOS Sonoma 14.5
§ Affected Products: Apple macOS Sonoma version 14
§ Description: This update addresses security vulnerabilities in the Apple Sonoma operating
system.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, Information Disclosure
§ Fixes 22 Vulnerabilities: See the Apple Security Update https://support.apple.com/en-
us/HT214106 for complete details.
1
2

HT214105: Security Update macOS Monterey 12.7.5
§ Affected Products: Apple macOS Monterey version 12
§ Description: This update addresses security vulnerabilities in the Apple Monterey operating
system.
§ Impact: Information Disclosure
§ Fixes 2 Vulnerabilities: CVE-2024-23229 and CVE-2024-27789. See the Apple Security Update
https://support.apple.com/en-us/HT214105 for complete details.
1
2

HT214103: Security Update Apple Safari 17.5
§ Affected Products: Apple Safari
§ Description: This update addresses security vulnerabilities in Apple Safari running on the
Ventura or Monterey operating systems.
§ Impact: Security Feature Bypass
§ Fixes 1 Vulnerability: CVE-2024-27834. See the Apple Security Update
https://support.apple.com/en-us/HT214103 for complete details.
1
2

§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§ Description: This security update resolves a Microsoft SharePoint Server information disclosure
vulnerability and Microsoft SharePoint Server remote code execution vulnerability. This bulletin
is based on 3 KB articles.
§ Impact: Remote Code Execution and Information Disclosure
§ Fixes 2 Vulnerabilities: CVE-2024-30043 and CVE-2024-30044. They are not known to be
exploited or publicly disclosed
§ Known Issues: None reported
MS24-05-SPT: Security Updates for Sharepoint Server
1

MS24-05-W11: Windows 11 Update
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5037770 (21H2) and KB 5037771 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
§ Fixes 41 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Known Issues: See next slide
1
2

May Known Issues for Windows 11
§ KB 5037770 – Windows 11 version 21H2, all editions
§ [Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520. Workaround: Microsoft is working on a resolution.
§ KB 5037771 – Windows 11 version 22H2, all editions; Windows 11 version 23H2, all editions
§ [Prof_Pic]

MS24-05-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 47 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Known Issues: See next slide
1
2

May Known Issues for Windows 10
§ KB 5037768 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ [Cache] After you install KB5034203 (dated 01/23/2024) or later updates, some Windows
devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC)
nodes in their network might be unable to use those nodes. Instead, these Windows
devices will download updates and apps from the public internet. Workaround: See KB for
configuration options.
§ [Prof_Pic]
§ Microsoft is working on a resolution for all issues.

May Known Issues for Windows 10 (cont)
§ KB 5037782 – Windows Server 2022
§ [Prof_Pic]

§ Affected Products: Excel 2016 and Office Online Server
§ Description: This security update resolves a Microsoft Excel remote code execution vulnerability.
This bulletin references KB 5002587 and KB 5002503.
§ Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
MS24-05-O365: Security Updates for Microsoft Office
1
2

§ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021, and Office LTSC for Mac
2021
§ Description: This month’s update resolves a vulnerability which could allow a remote user to
perform code execution. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
MS24-05-O365: Security Updates for Microsoft 365 Apps
1
2

Between
Patch Tuesdays

Windows Release Summary
§ Security Updates (with CVEs): Apple Mobile Device Support (1), AutoCAD (1), Azul Zulu (4), Google
Chrome (5), Corretto (4), Eclipse Adoptium (4), Firefox (1), Firefox ESR (1), FileZilla Client (1), Foxit
PDF Editor (4), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1),Apple ITunes (1),
Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1),
VirtualBox (1), PuTTY (1), RedHat OpenJDK (4), Snagit (4), Thunderbird (1), TortoiseGit (2),
TortoiseSVN (1), WinSCP (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3),
Audacity (2), CCleaner (1), Google Chrome (1), ClickShareApp Machine-Wide Installer (1), Falcon
Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Evernote (8),
Firefox (2), GoodSync (1), GIMP (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (2),
LibreOffice (2), LogMeIn (1), Malwarebytes (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3),
VirtualBox (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide
Installer (2), Snagit (1), Sourcetree for WindowsEnterprise (1), Tableau Desktop (5), Tableau Prep
Builder (1), Tableau Reader (1), Thunderbird (2), TeamViewer (2), VMware Horizon Client (1), Zoom
Client (3), Zoom Rooms Client (2), Zoom VDI (1)

Windows Release Summary (cont)
§ Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Bandicut (1), Box
Drive (1), Bitwarden (2), Camtasia (2), Cisco Webex Teams (1), Google Drive File Stream (1),
GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop Client (1), R for Windows (1), RingCentral
App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer (1), TreeSize Free (1),
WinMerge (1)

Windows Third Party CVE Information
§ AutoCAD 2025.0.1
§ ADAC25-240506, QACAD202501
§ Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§ Apple Mobile Device Support 17.5.0.12
§ AMDS-240510, QAMDS175012
§ Fixes 1 Vulnerability: CVE-2024-27793
§ Google Chrome 124.0.6367.61
§ CHROME-240416, QGC1240636761
CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-
3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-2024-3914

Windows Third Party CVE Information (cont)
§ CHROME-240423, QGC1240636779
§ Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§ CHROME-240430, QGC12406367119
§ Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
§ CHROME-240507, QGC12406367156
§ CHROME-240509

§ Azul Zulu 21.34.19 (21.0.3) Note: FX version of JDK also supported
§ ZULU21-240416, QZULUJDK213419
§ Fixes 9 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-
2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-
21085, CVE-2024-21094
§ ZULU17-240416, QZULUJDK175019 and QZULUJRE175019
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094

§ Azul Zulu 8.78.0.19 (8u412) Note: FX version of JDK also supported
CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21085, CVE-2024-21094, CVE-2024-21098, CVE-2024-21892
§ Java Development Kit 21 Update 21.0.3
§ JDK17-240416, QJDK2103
§ Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
§ JDK17-240416, QJDK17011
2024-21094, CVE-2024-21098, CVE-2024-21892

§ JDK11-240416, QJDK11023
2024-21094
§ Java 8 Update 411 – JRE and JDK
§ JAVA8-240416, QJDK8U411 and QJRE8U411
§ Corretto 21.0.3.9.1
§ CRTO21-240416, QCRTOJDK2103
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094

§ Corretto 17.0.11.9.1
§ Corretto 11.0.23.9.1
2024-21094
§ Corretto 8.412.08.1 – JRE and JDK
§ CRTO8-240416, QCRTOJRE8412
CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094

§ Eclipse Adoptium 21.0.3.9
§ ECL21-240418, QECLJDK21039 and QECLJRE21039
2024-21094

§ RedHat OpenJDK 21.0.3.0
§ RHTJDK21-240419, QRHTJDK210309 and QRHTJRE210309
2024-21094
§ RedHat OpenJDK 8.0.412
§ RHTJDK8-240419, QRHTJDK180412
2024-21094

§ Firefox 125.0.1
§ FF-240416, QFF12501
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§ Firefox ESR 115.10.0
§ FFE115-240416, QFFE115100
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ FileZilla Client 3.67.0
§ FILEZ-240416, QFILEZ3670X64 and QFILEZ3670X86

§ Foxit PDF Editor 13.1.0.22420
§ FPDFE-240505, QFPDFE131022420
§ Foxit PDF Editor (Subscription) 2024.2.0.25138
§ FPDFES-240429, QFPDFE202420
§ Foxit PDF Reader Consumer 2024.2.0.25138
§ FPDFRC-240429, QFPDFRC20242
§ Foxit PDF Reader Enterprise 2024.2.0.25138
§ FPDFRE-240430, QFPDFRES20242

§ Apple iTunes 12.13.2.3
§ ITUNES-240508, QITUNES121323
§ VirtualBox 7.0.16
§ OVB70-240416, QOVB7016
2024-21114, CVE-2024-21115, CVE-2024-21116, CVE-2024-21121
§ PuTTY 0.81.0.0
§ PUTTY-240416, QPUTTY08100
§ TortoiseGit 2.16.0
§ TGIT-240503, QTGIT21600

§ TortoiseSVN 1.14.7
§ TORT-240416, QTORT1147
§ Thunderbird 115.10.0
§ TB-240416, QTB115100
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ WinSCP 6.3.3
§ WINSCP-240416, QWINSCP633EXE and QWINSCP633MSI
§ Snagit 2024.1.2
§ SNAG24-240425, QSNAG202412

Apple Release Summary
§ Security Updates (with CVEs): AutoCAD for Mac (3), Google Chrome (6), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), VMware Fusion (1), Microsoft Edge (3)
§ Security Updates (w/o CVEs): Google Chrome (1), Emacs For Mac (1), Thunderbird (3),
Zoom Client for Mac (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), Brave (6),
Calendar 366 II (2),Google Chrome (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (3),
Evernote (8), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Grammarly (6), Hazel (1),
IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), Obsidian for
Mac (1), OneDrive for Mac (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019
Outlook (3), Parallels Desktop (1), PyCharm Professional for Mac (1), Microsoft Office 2019
PowerPoint (2), PowerShell (1), Python (1), Slack (2), Spotify (2), Microsoft Teams (Mac) (1),
Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1), Zoom Client
for Mac (2)

Apple Third Party CVE Information
§ AutoCAD 2022.4.1
§ ADACMAC2022-240412
§ AutoCAD 2023.3.1
§ ADACMAC2023-240412
§ Fixes 19 Vulnerabilities: Same as listed above
§ AutoCAD 2025.0.1
§ ADACMAC2025-240507
§ Fixes 19 Vulnerabilities: Same as listed above

Apple Third Party CVE Information (cont)
§ CHROMEMAC-240415
§ CHROMEMAC-240424
§ CHROMEMAC-240430
§ CHROMEMAC-240502

§ CHROMEMAC-240507
§ CHROMEMAC-240509
§ Microsoft Office 2019 Excel 16.84
§ EXCEL19-240416

§ Firefox 125.0.1
§ FF-240416
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§ Firefox ESR 115.10.0
§ FFE-240416
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ VMware Fusion 13.5.1
§ FUSION-240425

§ Microsoft Edge 123.0.2420.97
§ MEDGEMAC-240412
§ MEDGEMAC-240418
§ Fixes 15 Vulnerabilities: CVE-2024-29987, CVE-2024-3832, CVE-2024-3833, CVE-2024-
3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841,
2024-3914
§ MEDGEMAC-240426

Q & A

Thank You!

2024 May Patch Tuesday

More Related Content

Similar to 2024 May Patch Tuesday

More from Ivanti

Recently uploaded

2024 May Patch Tuesday