SlideShare a Scribd company logo
Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, May 15, 2024
Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ May 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A
Copyright © 2024 Ivanti. All rights reserved. 3
Leading up to May Patch Tuesday we have a shared
zero-day vulnerability in Google Chrome and Microsoft
Edge, as well as an updated 2024 zero-day vulnerability
in macOS Ventura. Microsoft also addressed a pair of
zero-day vulnerabilities in their update resulting in 61
CVEs resolved. Mozilla and Adobe complete the lineup
of third-party updates. Priorities are the browser and OS
updates this month.
For more details check out this month's Patch Tuesday
blog.
May Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4
In the News
Copyright © 2024 Ivanti. All rights reserved. 5
In the News
§ 5th and 6th Chrome Zero-day in 2024
§ https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
§ https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-
escape
§ Apple resolves RTKit Zero-day for older versions of iOS, iPad and macOS
§ https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-zero-day-exploited-in-attacks-to-older-
iphones/
§ Microsoft resolves two Zero-day vulnerabilities
§ https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/
Copyright © 2024 Ivanti. All rights reserved. 6
§ CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.2
§ Severity: Important
§ Impact: Elevation of privilege
§ Affected Systems: All Windows 10, Server 2016, and newer operating systems
§ Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited and Publicly Disclosed Vulnerability
Copyright © 2024 Ivanti. All rights reserved. 7
§ CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Impact: Security Feature Bypass
§ Affected Systems: All Windows 10, Server 2016, and newer operating systems
§ Per Microsoft – This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office
which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user
to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or
Instant Messenger message, and then convince the user to manipulate the specially crafted file, but
not necessarily click or open the malicious file.
Known Exploited Vulnerability
Copyright © 2024 Ivanti. All rights reserved. 8
CVE-2024-2961
§ CVSS 3: 8.8
§ Identified in the iconv() function of glibc 2.39 and
older
§ The issue: a specific set of parameters could
lead to a buffer overflow, leading to a crash of
the application calling iconv().
Background:
iconv() is a function to convert text between different
encodings, like UTF8 or plain ASCII, and is used
widely in applications and services that need to, for
example, accept or parse input in multiple
languages.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 9
CVE-2024-27316
§ CVSS 3: 7.5
§ It’s possible to cause a memory leak in an
Apache webserver configured to serve http/2
content, by sending repeated headers until a
preconfigured buffer is exhausted.
§ If the client continues to send more headers
after this point, then Apache will continue to
extend the buffer, eventually exhausting all
available memory resources.
Background:
Memory leaks like this occur when a program fails
to release memory it no longer needs, leading to
gradual consumption of system resources.
Mitigation
Upgrade package to most up-to-date version on all
distributions
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 10
CVE-2024-32487
§ CVSS 3: 8.6
§ The utility "less" (a counterpart to "more") can be
tricked into executing commands if it receives a
malicious file as parameter, crafted in such a
way as to include a "newline" character in the
filename.
§ The part after the "newline" character is
interpreted by "less" as a command to be
executed, which it does. Since "less" is
commonly used chained with other commands
to perform tasks sequentially, this can be quite
damaging if it is being run in a privileged
process.
Exploitation
An attacker can execute arbitrary OS commands
by using attacker-controlled file names, such as
those extracted from an untrusted archive.
Exploitation typically requires use with attacker-
controlled file names, such as the files extracted
from an untrusted archive. Exploitation also
requires the LESSOPEN environment variable, but
this is set by default in many common cases.
Mitigation
To mitigate CVE-2024-32487, you should update
"less" to version 654, as the bug is present on all
previous versions. Don’t simply unset $LESSOPEN.
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 11
Microsoft Patch Tuesday Updates of Interest
Azure and Development Tool Updates
§ .NET 6.0, 7.0, & 8.0
§ Azure Migrate
§ Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
§ Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
§ Microsoft Visual Studio 2022 17.4 – 17.9
Copyright © 2024 Ivanti. All rights reserved. 12
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 13
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 14
Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 15
Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved.
CHROME-240514: Security Update for Chrome Desktop
§ Maximum Severity: Critical
§ Affected Products: Google Chrome
§ Description: The Stable channel has been updated to 124.0.6367.207/.208 for Mac and
Windows and 124.0.6367.207 for Linux. The Extended Stable channel has been updated to
124.0.6367.207 for Mac and Windows. See
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html for
more details. This update contains one security fix with the reported CVE rated High.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-4761 is known exploited.
§ Restart Required: Requires application restart
1
Copyright © 2024 Ivanti. All rights reserved.
HT214107: Security Update macOS Ventura 13.6.7
§ Maximum Severity: Critical
§ Affected Products: Apple macOS Ventura version 13
§ Description: This update addresses security vulnerabilities in the Apple Ventura operating
system.
§ Impact: Security Feature Bypass, Information Disclosure
§ Fixes 3 Vulnerabilities: CVE-2024-27789, CVE-2023-42861, and CVE-2024-23296. CVE-2024-
23296 is known exploited. See the Apple Security Update https://support.apple.com/en-
us/HT214107 for complete details.
§ Restart Required: Requires restart
§ Known Issues: None
1
Copyright © 2024 Ivanti. All rights reserved.
APSB24-29: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Moderate
§ Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 12 vulnerabilities; 9 are rated Critical.
§ Impact: Arbitrary Code Execution, Memory Leak
§ Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
for more details. .
§ Restart Required: Requires application restart
1
2
Copyright © 2024 Ivanti. All rights reserved.
MFSA-2024-21: Security Update Firefox 126
§ Maximum Severity: Important
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 16 vulnerabilities; 3 are rated High.
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, Information
Disclosure
§ Fixes 16 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-21/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None
1
2
Copyright © 2024 Ivanti. All rights reserved.
MFSA-2024-22: Security Update Firefox ESR 115.11
§ Maximum Severity: Important
§ Affected Products: Security Update Firefox ESR
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR
browser on multiple platforms.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§ Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en-
US/security/advisories/mfsa2024-22/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None
1
2
Copyright © 2024 Ivanti. All rights reserved.
HT214106: Security Update macOS Sonoma 14.5
§ Maximum Severity: Important
§ Affected Products: Apple macOS Sonoma version 14
§ Description: This update addresses security vulnerabilities in the Apple Sonoma operating
system.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, Information Disclosure
§ Fixes 22 Vulnerabilities: See the Apple Security Update https://support.apple.com/en-
us/HT214106 for complete details.
§ Restart Required: Requires restart
§ Known Issues: None
1
2
Copyright © 2024 Ivanti. All rights reserved.
HT214105: Security Update macOS Monterey 12.7.5
§ Maximum Severity: Important
§ Affected Products: Apple macOS Monterey version 12
§ Description: This update addresses security vulnerabilities in the Apple Monterey operating
system.
§ Impact: Information Disclosure
§ Fixes 2 Vulnerabilities: CVE-2024-23229 and CVE-2024-27789. See the Apple Security Update
https://support.apple.com/en-us/HT214105 for complete details.
§ Restart Required: Requires restart
§ Known Issues: None
1
2
Copyright © 2024 Ivanti. All rights reserved.
HT214103: Security Update Apple Safari 17.5
§ Maximum Severity: Important
§ Affected Products: Apple Safari
§ Description: This update addresses security vulnerabilities in Apple Safari running on the
Ventura or Monterey operating systems.
§ Impact: Security Feature Bypass
§ Fixes 1 Vulnerability: CVE-2024-27834. See the Apple Security Update
https://support.apple.com/en-us/HT214103 for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None
1
2
Copyright © 2024 Ivanti. All rights reserved. 24
§ Maximum Severity: Critical
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§ Description: This security update resolves a Microsoft SharePoint Server information disclosure
vulnerability and Microsoft SharePoint Server remote code execution vulnerability. This bulletin
is based on 3 KB articles.
§ Impact: Remote Code Execution and Information Disclosure
§ Fixes 2 Vulnerabilities: CVE-2024-30043 and CVE-2024-30044. They are not known to be
exploited or publicly disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-05-SPT: Security Updates for Sharepoint Server
1
Copyright © 2024 Ivanti. All rights reserved. 25
MS24-05-W11: Windows 11 Update
§ Maximum Severity: Moderate
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5037770 (21H2) and KB 5037771 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
§ Fixes 41 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
1
2
Copyright © 2024 Ivanti. All rights reserved. 26
May Known Issues for Windows 11
§ KB 5037770 – Windows 11 version 21H2, all editions
§ [Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520. Workaround: Microsoft is working on a resolution.
§ KB 5037771 – Windows 11 version 22H2, all editions; Windows 11 version 23H2, all editions
§ [Prof_Pic]
Copyright © 2024 Ivanti. All rights reserved. 27
MS24-05-W10: Windows 10 Update
§ Maximum Severity: Moderate
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 47 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited,
and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list
of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
1
2
Copyright © 2024 Ivanti. All rights reserved. 28
May Known Issues for Windows 10
§ KB 5037768 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ [Cache] After you install KB5034203 (dated 01/23/2024) or later updates, some Windows
devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC)
nodes in their network might be unable to use those nodes. Instead, these Windows
devices will download updates and apps from the public internet. Workaround: See KB for
configuration options.
§ [Prof_Pic]
§ Microsoft is working on a resolution for all issues.
Copyright © 2024 Ivanti. All rights reserved. 29
May Known Issues for Windows 10 (cont)
§ KB 5037782 – Windows Server 2022
§ [Prof_Pic]
Copyright © 2024 Ivanti. All rights reserved. 30
§ Maximum Severity: Important
§ Affected Products: Excel 2016 and Office Online Server
§ Description: This security update resolves a Microsoft Excel remote code execution vulnerability.
This bulletin references KB 5002587 and KB 5002503.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft Office
1
2
Copyright © 2024 Ivanti. All rights reserved. 31
§ Maximum Severity: Important
§ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021, and Office LTSC for Mac
2021
§ Description: This month’s update resolves a vulnerability which could allow a remote user to
perform code execution. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-05-O365: Security Updates for Microsoft 365 Apps
1
2
Copyright © 2024 Ivanti. All rights reserved. 32
Between
Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 33
Windows Release Summary
§ Security Updates (with CVEs): Apple Mobile Device Support (1), AutoCAD (1), Azul Zulu (4), Google
Chrome (5), Corretto (4), Eclipse Adoptium (4), Firefox (1), Firefox ESR (1), FileZilla Client (1), Foxit
PDF Editor (4), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1),Apple ITunes (1),
Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1),
VirtualBox (1), PuTTY (1), RedHat OpenJDK (4), Snagit (4), Thunderbird (1), TortoiseGit (2),
TortoiseSVN (1), WinSCP (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3),
Audacity (2), CCleaner (1), Google Chrome (1), ClickShareApp Machine-Wide Installer (1), Falcon
Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Evernote (8),
Firefox (2), GoodSync (1), GIMP (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (2),
LibreOffice (2), LogMeIn (1), Malwarebytes (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3),
VirtualBox (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide
Installer (2), Snagit (1), Sourcetree for WindowsEnterprise (1), Tableau Desktop (5), Tableau Prep
Builder (1), Tableau Reader (1), Thunderbird (2), TeamViewer (2), VMware Horizon Client (1), Zoom
Client (3), Zoom Rooms Client (2), Zoom VDI (1)
Copyright © 2024 Ivanti. All rights reserved. 34
Windows Release Summary (cont)
§ Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Bandicut (1), Box
Drive (1), Bitwarden (2), Camtasia (2), Cisco Webex Teams (1), Google Drive File Stream (1),
GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop Client (1), R for Windows (1), RingCentral
App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer (1), TreeSize Free (1),
WinMerge (1)
Copyright © 2024 Ivanti. All rights reserved. 35
Windows Third Party CVE Information
§ AutoCAD 2025.0.1
§ ADAC25-240506, QACAD202501
§ Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§ Apple Mobile Device Support 17.5.0.12
§ AMDS-240510, QAMDS175012
§ Fixes 1 Vulnerability: CVE-2024-27793
§ Google Chrome 124.0.6367.61
§ CHROME-240416, QGC1240636761
§ Fixes 14 Vulnerabilities: CVE-2024-3832, CVE-2024-3833, CVE-2024-3834, CVE-2024-3837,
CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-
3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-2024-3914
Copyright © 2024 Ivanti. All rights reserved. 36
Windows Third Party CVE Information (cont)
§ Google Chrome 124.0.6367.79
§ CHROME-240423, QGC1240636779
§ Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§ Google Chrome 124.0.6367.119
§ CHROME-240430, QGC12406367119
§ Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
§ Google Chrome 124.0.6367.156
§ CHROME-240507, QGC12406367156
§ Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§ Google Chrome 124.0.6367.202
§ CHROME-240509
§ Fixes 1 Vulnerability: CVE-2024-4671
Copyright © 2024 Ivanti. All rights reserved. 37
Windows Third Party CVE Information (cont)
§ Azul Zulu 21.34.19 (21.0.3) Note: FX version of JDK also supported
§ ZULU21-240416, QZULUJDK213419
§ Fixes 9 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-
2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-
21085, CVE-2024-21094
§ Azul Zulu 17.50.19 (17.0.11) Note: FX version of JDK also supported
§ ZULU17-240416, QZULUJDK175019 and QZULUJRE175019
§ Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
§ Azul Zulu 11.72.19 (11.0.23) Note: FX version of JDK also supported
§ ZULU11-240416, QZULUJDK117219 and QZULUJRE117219
§ Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-
2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-
21068, CVE-2024-21085, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 38
Windows Third Party CVE Information (cont)
§ Azul Zulu 8.78.0.19 (8u412) Note: FX version of JDK also supported
§ ZULU8-240416, QZULUJDK878019 and QZULUJRE878019
§ Fixes 13 Vulnerabilities: CVE-2023-41993, CVE-2024-20954, CVE-2024-21002, CVE-2024-21003,
CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21085, CVE-2024-21094, CVE-2024-21098, CVE-2024-21892
§ Java Development Kit 21 Update 21.0.3
§ JDK17-240416, QJDK2103
§ Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
§ Java Development Kit 17 Update 17.0.11
§ JDK17-240416, QJDK17011
§ Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-
2024-21094, CVE-2024-21098, CVE-2024-21892
Copyright © 2024 Ivanti. All rights reserved. 39
Windows Third Party CVE Information (cont)
§ Java Development Kit 11 Update 11.0.23
§ JDK11-240416, QJDK11023
§ Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§ Java 8 Update 411 – JRE and JDK
§ JAVA8-240416, QJDK8U411 and QJRE8U411
§ Fixes 9 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-2024-21004,
CVE-2024-21005, CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§ Corretto 21.0.3.9.1
§ CRTO21-240416, QCRTOJDK2103
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 40
Windows Third Party CVE Information (cont)
§ Corretto 17.0.11.9.1
§ CRTO17-240416, QCRTOJDK17011
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§ Corretto 11.0.23.9.1
§ CRTO11-240416, QCRTOJDK11023
§ Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§ Corretto 8.412.08.1 – JRE and JDK
§ CRTO8-240416, QCRTOJRE8412
§ CRTO8-240416, QCRTOJDK8412
§ Fixes 8 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005,
CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 41
Windows Third Party CVE Information (cont)
§ Eclipse Adoptium 21.0.3.9
§ ECL21-240418, QECLJDK21039 and QECLJRE21039
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§ Eclipse Adoptium 17.0.11.9
§ ECL17-240418, QECLJDK170119 and QECLJRE170119
§ Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§ Eclipse Adoptium 11.0.23.9
§ ECL11-240422, QECLJDK110239 and QECLJRE110239
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
§ Eclipse Adoptium 8.412.08.1
§ ECL8-240416, QECLJDK804128 and QECLJRE804128
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
Copyright © 2024 Ivanti. All rights reserved. 42
Windows Third Party CVE Information (cont)
§ RedHat OpenJDK 21.0.3.0
§ RHTJDK21-240419, QRHTJDK210309 and QRHTJRE210309
§ Fixes 3 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068
§ RedHat OpenJDK 17.0.11.0
§ RHTJDK17-240419, QRHTJDK1701109 and QRHTJRE1701109
§ Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
§ RedHat OpenJDK 11.0.23.9
§ RHTJDK11-240419, QRHTJDK110239 and QRHTJRE110239
§ Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
§ RedHat OpenJDK 8.0.412
§ RHTJDK8-240419, QRHTJDK180412
§ Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-
2024-21094
Copyright © 2024 Ivanti. All rights reserved. 43
Windows Third Party CVE Information (cont)
§ Firefox 125.0.1
§ FF-240416, QFF12501
§ Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§ Firefox ESR 115.10.0
§ FFE115-240416, QFFE115100
§ Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ FileZilla Client 3.67.0
§ FILEZ-240416, QFILEZ3670X64 and QFILEZ3670X86
§ Fixes 1 Vulnerability: CVE-2024-31497
Copyright © 2024 Ivanti. All rights reserved. 44
Windows Third Party CVE Information (cont)
§ Foxit PDF Editor 13.1.0.22420
§ FPDFE-240505, QFPDFE131022420
§ Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§ Foxit PDF Editor (Subscription) 2024.2.0.25138
§ FPDFES-240429, QFPDFE202420
§ Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§ Foxit PDF Reader Consumer 2024.2.0.25138
§ FPDFRC-240429, QFPDFRC20242
§ Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
§ Foxit PDF Reader Enterprise 2024.2.0.25138
§ FPDFRE-240430, QFPDFRES20242
§ Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
Copyright © 2024 Ivanti. All rights reserved. 45
Windows Third Party CVE Information (cont)
§ Apple iTunes 12.13.2.3
§ ITUNES-240508, QITUNES121323
§ Fixes 1 Vulnerability: CVE-2024-27793
§ VirtualBox 7.0.16
§ OVB70-240416, QOVB7016
§ Fixes 13 Vulnerabilities: CVE-2024-21103, CVE-2024-21106, CVE-2024-21107, CVE-2024-21108,
CVE-2024-21109, CVE-2024-21110, CVE-2024-21111, CVE-2024-21112, CVE-2024-21113, CVE-
2024-21114, CVE-2024-21115, CVE-2024-21116, CVE-2024-21121
§ PuTTY 0.81.0.0
§ PUTTY-240416, QPUTTY08100
§ Fixes 1 Vulnerability: CVE-2024-31497
§ TortoiseGit 2.16.0
§ TGIT-240503, QTGIT21600
§ Fixes 1 Vulnerability: CVE-2024-31497
Copyright © 2024 Ivanti. All rights reserved. 46
Windows Third Party CVE Information (cont)
§ TortoiseSVN 1.14.7
§ TORT-240416, QTORT1147
§ Fixes 1 Vulnerability: CVE-2024-31497
§ Thunderbird 115.10.0
§ TB-240416, QTB115100
§ Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ WinSCP 6.3.3
§ WINSCP-240416, QWINSCP633EXE and QWINSCP633MSI
§ Fixes 1 Vulnerability: CVE-2024-31497
§ Snagit 2024.1.2
§ SNAG24-240425, QSNAG202412
§ Fixes 2 Vulnerabilities: CVE-2024-29187, CVE-2024-29188
Copyright © 2024 Ivanti. All rights reserved. 47
Apple Release Summary
§ Security Updates (with CVEs): AutoCAD for Mac (3), Google Chrome (6), Microsoft Office
2019 Excel (1), Firefox (1), Firefox ESR (1), VMware Fusion (1), Microsoft Edge (3)
§ Security Updates (w/o CVEs): Google Chrome (1), Emacs For Mac (1), Thunderbird (3),
Zoom Client for Mac (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), Brave (6),
Calendar 366 II (2),Google Chrome (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (3),
Evernote (8), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Grammarly (6), Hazel (1),
IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), Obsidian for
Mac (1), OneDrive for Mac (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019
Outlook (3), Parallels Desktop (1), PyCharm Professional for Mac (1), Microsoft Office 2019
PowerPoint (2), PowerShell (1), Python (1), Slack (2), Spotify (2), Microsoft Teams (Mac) (1),
Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1), Zoom Client
for Mac (2)
Copyright © 2024 Ivanti. All rights reserved. 48
Apple Third Party CVE Information
§ AutoCAD 2022.4.1
§ ADACMAC2022-240412
§ Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132,
CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137
§ AutoCAD 2023.3.1
§ ADACMAC2023-240412
§ Fixes 19 Vulnerabilities: Same as listed above
§ AutoCAD 2025.0.1
§ ADACMAC2025-240507
§ Fixes 19 Vulnerabilities: Same as listed above
Copyright © 2024 Ivanti. All rights reserved. 49
Apple Third Party CVE Information (cont)
§ Google Chrome 123.0.6312.124
§ CHROMEMAC-240415
§ Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§ Google Chrome 124.0.6367.79
§ CHROMEMAC-240424
§ Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
§ Google Chrome 124.0.6367.94
§ CHROMEMAC-240430
§ Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4331, CVE-2024-4368
§ Google Chrome 124.0.6367.119
§ CHROMEMAC-240502
§ Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
Copyright © 2024 Ivanti. All rights reserved. 50
Apple Third Party CVE Information (cont)
§ Google Chrome 124.0.6367.155
§ CHROMEMAC-240507
§ Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559
§ Google Chrome 124.0.6367.201
§ CHROMEMAC-240509
§ Fixes 1 Vulnerability: CVE-2024-4671
§ Microsoft Office 2019 Excel 16.84
§ EXCEL19-240416
§ Fixes 1 Vulnerability: CVE-2024-26257
Copyright © 2024 Ivanti. All rights reserved. 51
Apple Third Party CVE Information (cont)
§ Firefox 125.0.1
§ FF-240416
§ Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024-
3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865
§ Firefox ESR 115.10.0
§ FFE-240416
§ Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-
2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864
§ VMware Fusion 13.5.1
§ FUSION-240425
§ Fixes 1 Vulnerability: CVE-2024-22251
Copyright © 2024 Ivanti. All rights reserved. 52
Apple Third Party CVE Information (cont)
§ Microsoft Edge 123.0.2420.97
§ MEDGEMAC-240412
§ Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516
§ Microsoft Edge 124.0.2478.51
§ MEDGEMAC-240418
§ Fixes 15 Vulnerabilities: CVE-2024-29987, CVE-2024-3832, CVE-2024-3833, CVE-2024-
3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841,
CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-
2024-3914
§ Microsoft Edge 124.0.2478.67
§ MEDGEMAC-240426
§ Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
Copyright © 2024 Ivanti. All rights reserved. 53
Q & A
Copyright © 2024 Ivanti. All rights reserved.
Copyright © 2024 Ivanti. All rights reserved. 54
Thank You!

More Related Content

What's hot

2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
Ivanti
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
Ivanti
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
Ivanti
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
Ivanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
Ivanti
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
Ivanti
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
Ivanti
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
Ivanti
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
anandvaidya
 
Sw update elce2017
Sw update elce2017Sw update elce2017
Sw update elce2017
Stefano Babic
 
Windows 2008 basics
Windows 2008 basicsWindows 2008 basics
Windows 2008 basics
anilinvns
 
Svn Basic Tutorial
Svn Basic TutorialSvn Basic Tutorial
Svn Basic Tutorial
Marco Pivetta
 
Dotnet Frameworks Version History
Dotnet Frameworks Version HistoryDotnet Frameworks Version History
Dotnet Frameworks Version History
voltaincx
 
VMware vSphere Storage Appliance (VSA) - Technical Presentation,Almacenamien...
VMware vSphere Storage Appliance (VSA) -  Technical Presentation,Almacenamien...VMware vSphere Storage Appliance (VSA) -  Technical Presentation,Almacenamien...
VMware vSphere Storage Appliance (VSA) - Technical Presentation,Almacenamien...
Suministros Obras y Sistemas
 

What's hot (20)

2023 April Patch Tuesday
2023 April Patch Tuesday2023 April Patch Tuesday
2023 April Patch Tuesday
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
2023 March Patch Tuesday
2023 March Patch Tuesday2023 March Patch Tuesday
2023 March Patch Tuesday
 
2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday2023 Ivanti August Patch Tuesday
2023 Ivanti August Patch Tuesday
 
2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday2023 Ivanti September Patch Tuesday
2023 Ivanti September Patch Tuesday
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2023 July Patch Tuesday
2023 July Patch Tuesday2023 July Patch Tuesday
2023 July Patch Tuesday
 
2023 February Patch Tuesday
2023 February Patch Tuesday2023 February Patch Tuesday
2023 February Patch Tuesday
 
2023 October Patch Tuesday
2023 October Patch Tuesday2023 October Patch Tuesday
2023 October Patch Tuesday
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday2023 Ivanti December Patch Tuesday
2023 Ivanti December Patch Tuesday
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
 
Sw update elce2017
Sw update elce2017Sw update elce2017
Sw update elce2017
 
Windows 2008 basics
Windows 2008 basicsWindows 2008 basics
Windows 2008 basics
 
Svn Basic Tutorial
Svn Basic TutorialSvn Basic Tutorial
Svn Basic Tutorial
 
Dotnet Frameworks Version History
Dotnet Frameworks Version HistoryDotnet Frameworks Version History
Dotnet Frameworks Version History
 
VMware vSphere Storage Appliance (VSA) - Technical Presentation,Almacenamien...
VMware vSphere Storage Appliance (VSA) -  Technical Presentation,Almacenamien...VMware vSphere Storage Appliance (VSA) -  Technical Presentation,Almacenamien...
VMware vSphere Storage Appliance (VSA) - Technical Presentation,Almacenamien...
 

Similar to 2024 May Patch Tuesday

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
Ivanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
Ivanti
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 

Similar to 2024 May Patch Tuesday (20)

Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
FR September 2023 Patch Tuesday
FR September 2023 Patch TuesdayFR September 2023 Patch Tuesday
FR September 2023 Patch Tuesday
 
Français Patch Tuesday – Novembre
Français Patch Tuesday – NovembreFrançais Patch Tuesday – Novembre
Français Patch Tuesday – Novembre
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 

More from Ivanti

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
Ivanti
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
Ivanti
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
Ivanti
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
Ivanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
Ivanti
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
Ivanti
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
Ivanti
 

More from Ivanti (8)

Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________Français Patch Tuesday - Juin___________
Français Patch Tuesday - Juin___________
 
Patch Tuesday de Junio
Patch Tuesday de JunioPatch Tuesday de Junio
Patch Tuesday de Junio
 
Patch Tuesday Italia Giugno
Patch Tuesday Italia GiugnoPatch Tuesday Italia Giugno
Patch Tuesday Italia Giugno
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 
2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre2023 Patch Tuesday Italia Dicembre
2023 Patch Tuesday Italia Dicembre
 
Patch Tuesday Italia Novembre
Patch Tuesday Italia NovembrePatch Tuesday Italia Novembre
Patch Tuesday Italia Novembre
 

Recently uploaded

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 

Recently uploaded (20)

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 

2024 May Patch Tuesday

  • 1. Hosted by Chris Goettl and Todd Schell Patch Tuesday Webinar Wednesday, May 15, 2024
  • 2. Copyright © 2024 Ivanti. All rights reserved. 2 Agenda § May 2024 Patch Tuesday Overview § In the News § Bulletins and Releases § Between Patch Tuesdays § Q & A
  • 3. Copyright © 2024 Ivanti. All rights reserved. 3 Leading up to May Patch Tuesday we have a shared zero-day vulnerability in Google Chrome and Microsoft Edge, as well as an updated 2024 zero-day vulnerability in macOS Ventura. Microsoft also addressed a pair of zero-day vulnerabilities in their update resulting in 61 CVEs resolved. Mozilla and Adobe complete the lineup of third-party updates. Priorities are the browser and OS updates this month. For more details check out this month's Patch Tuesday blog. May Patch Tuesday 2024
  • 4. Copyright © 2024 Ivanti. All rights reserved. 4 In the News
  • 5. Copyright © 2024 Ivanti. All rights reserved. 5 In the News § 5th and 6th Chrome Zero-day in 2024 § https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html § https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox- escape § Apple resolves RTKit Zero-day for older versions of iOS, iPad and macOS § https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-zero-day-exploited-in-attacks-to-older- iphones/ § Microsoft resolves two Zero-day vulnerabilities § https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/
  • 6. Copyright © 2024 Ivanti. All rights reserved. 6 § CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of privilege § Affected Systems: All Windows 10, Server 2016, and newer operating systems § Per Microsoft – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Known Exploited and Publicly Disclosed Vulnerability
  • 7. Copyright © 2024 Ivanti. All rights reserved. 7 § CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Impact: Security Feature Bypass § Affected Systems: All Windows 10, Server 2016, and newer operating systems § Per Microsoft – This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. Known Exploited Vulnerability
  • 8. Copyright © 2024 Ivanti. All rights reserved. 8 CVE-2024-2961 § CVSS 3: 8.8 § Identified in the iconv() function of glibc 2.39 and older § The issue: a specific set of parameters could lead to a buffer overflow, leading to a crash of the application calling iconv(). Background: iconv() is a function to convert text between different encodings, like UTF8 or plain ASCII, and is used widely in applications and services that need to, for example, accept or parse input in multiple languages. Mitigation Upgrade package to most up-to-date version on all distributions New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
  • 9. Copyright © 2024 Ivanti. All rights reserved. 9 CVE-2024-27316 § CVSS 3: 7.5 § It’s possible to cause a memory leak in an Apache webserver configured to serve http/2 content, by sending repeated headers until a preconfigured buffer is exhausted. § If the client continues to send more headers after this point, then Apache will continue to extend the buffer, eventually exhausting all available memory resources. Background: Memory leaks like this occur when a program fails to release memory it no longer needs, leading to gradual consumption of system resources. Mitigation Upgrade package to most up-to-date version on all distributions New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
  • 10. Copyright © 2024 Ivanti. All rights reserved. 10 CVE-2024-32487 § CVSS 3: 8.6 § The utility "less" (a counterpart to "more") can be tricked into executing commands if it receives a malicious file as parameter, crafted in such a way as to include a "newline" character in the filename. § The part after the "newline" character is interpreted by "less" as a command to be executed, which it does. Since "less" is commonly used chained with other commands to perform tasks sequentially, this can be quite damaging if it is being run in a privileged process. Exploitation An attacker can execute arbitrary OS commands by using attacker-controlled file names, such as those extracted from an untrusted archive. Exploitation typically requires use with attacker- controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Mitigation To mitigate CVE-2024-32487, you should update "less" to version 654, as the bug is present on all previous versions. Don’t simply unset $LESSOPEN. New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
  • 11. Copyright © 2024 Ivanti. All rights reserved. 11 Microsoft Patch Tuesday Updates of Interest Azure and Development Tool Updates § .NET 6.0, 7.0, & 8.0 § Azure Migrate § Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) § Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) § Microsoft Visual Studio 2022 17.4 – 17.9
  • 12. Copyright © 2024 Ivanti. All rights reserved. 12 Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 21H2 11/16/2021 6/11/2024 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 13. Copyright © 2024 Ivanti. All rights reserved. 13 Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info § Focused on server long-term stability § Major version releases every 2-3 years § 5 years mainstream and 5 years extended support § Server core or server with desktop experience available Source: Microsoft
  • 14. Copyright © 2024 Ivanti. All rights reserved. 14 Patch Content Announcements Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
  • 15. Copyright © 2024 Ivanti. All rights reserved. 15 Bulletins and Releases
  • 16. Copyright © 2024 Ivanti. All rights reserved. CHROME-240514: Security Update for Chrome Desktop § Maximum Severity: Critical § Affected Products: Google Chrome § Description: The Stable channel has been updated to 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux. The Extended Stable channel has been updated to 124.0.6367.207 for Mac and Windows. See https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html for more details. This update contains one security fix with the reported CVE rated High. § Impact: Remote Code Execution § Fixes 1 Vulnerability: CVE-2024-4761 is known exploited. § Restart Required: Requires application restart 1
  • 17. Copyright © 2024 Ivanti. All rights reserved. HT214107: Security Update macOS Ventura 13.6.7 § Maximum Severity: Critical § Affected Products: Apple macOS Ventura version 13 § Description: This update addresses security vulnerabilities in the Apple Ventura operating system. § Impact: Security Feature Bypass, Information Disclosure § Fixes 3 Vulnerabilities: CVE-2024-27789, CVE-2023-42861, and CVE-2024-23296. CVE-2024- 23296 is known exploited. See the Apple Security Update https://support.apple.com/en- us/HT214107 for complete details. § Restart Required: Requires restart § Known Issues: None 1
  • 18. Copyright © 2024 Ivanti. All rights reserved. APSB24-29: Security Update for Adobe Acrobat and Reader § Maximum Severity: Moderate § Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020) § Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses 12 vulnerabilities; 9 are rated Critical. § Impact: Arbitrary Code Execution, Memory Leak § Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-29.html for more details. . § Restart Required: Requires application restart 1 2
  • 19. Copyright © 2024 Ivanti. All rights reserved. MFSA-2024-21: Security Update Firefox 126 § Maximum Severity: Important § Affected Products: Security Update Firefox § Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on multiple platforms. Fixes 16 vulnerabilities; 3 are rated High. § Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, Information Disclosure § Fixes 16 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en- US/security/advisories/mfsa2024-21/ for complete details. § Restart Required: Requires application restart § Known Issues: None 1 2
  • 20. Copyright © 2024 Ivanti. All rights reserved. MFSA-2024-22: Security Update Firefox ESR 115.11 § Maximum Severity: Important § Affected Products: Security Update Firefox ESR § Description: This update from Mozilla addresses security vulnerabilities in the Firefox ESR browser on multiple platforms. § Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 6 Vulnerabilities: See the Mozilla Security Advisory https://www.mozilla.org/en- US/security/advisories/mfsa2024-22/ for complete details. § Restart Required: Requires application restart § Known Issues: None 1 2
  • 21. Copyright © 2024 Ivanti. All rights reserved. HT214106: Security Update macOS Sonoma 14.5 § Maximum Severity: Important § Affected Products: Apple macOS Sonoma version 14 § Description: This update addresses security vulnerabilities in the Apple Sonoma operating system. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, Information Disclosure § Fixes 22 Vulnerabilities: See the Apple Security Update https://support.apple.com/en- us/HT214106 for complete details. § Restart Required: Requires restart § Known Issues: None 1 2
  • 22. Copyright © 2024 Ivanti. All rights reserved. HT214105: Security Update macOS Monterey 12.7.5 § Maximum Severity: Important § Affected Products: Apple macOS Monterey version 12 § Description: This update addresses security vulnerabilities in the Apple Monterey operating system. § Impact: Information Disclosure § Fixes 2 Vulnerabilities: CVE-2024-23229 and CVE-2024-27789. See the Apple Security Update https://support.apple.com/en-us/HT214105 for complete details. § Restart Required: Requires restart § Known Issues: None 1 2
  • 23. Copyright © 2024 Ivanti. All rights reserved. HT214103: Security Update Apple Safari 17.5 § Maximum Severity: Important § Affected Products: Apple Safari § Description: This update addresses security vulnerabilities in Apple Safari running on the Ventura or Monterey operating systems. § Impact: Security Feature Bypass § Fixes 1 Vulnerability: CVE-2024-27834. See the Apple Security Update https://support.apple.com/en-us/HT214103 for complete details. § Restart Required: Requires application restart § Known Issues: None 1 2
  • 24. Copyright © 2024 Ivanti. All rights reserved. 24 § Maximum Severity: Critical § Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and SharePoint Server 2019 § Description: This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. This bulletin is based on 3 KB articles. § Impact: Remote Code Execution and Information Disclosure § Fixes 2 Vulnerabilities: CVE-2024-30043 and CVE-2024-30044. They are not known to be exploited or publicly disclosed § Restart Required: Requires application restart § Known Issues: None reported MS24-05-SPT: Security Updates for Sharepoint Server 1
  • 25. Copyright © 2024 Ivanti. All rights reserved. 25 MS24-05-W11: Windows 11 Update § Maximum Severity: Moderate § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium § Description: This bulletin references KB 5037770 (21H2) and KB 5037771 (22H2/23H2). § Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and Information Disclosure § Fixes 41 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited, and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1 2
  • 26. Copyright © 2024 Ivanti. All rights reserved. 26 May Known Issues for Windows 11 § KB 5037770 – Windows 11 version 21H2, all editions § [Prof_Pic] After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520. Workaround: Microsoft is working on a resolution. § KB 5037771 – Windows 11 version 22H2, all editions; Windows 11 version 23H2, all editions § [Prof_Pic]
  • 27. Copyright © 2024 Ivanti. All rights reserved. 27 MS24-05-W10: Windows 10 Update § Maximum Severity: Moderate § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references 7 KB articles. See KBs for the list of changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of Privilege, and Information Disclosure § Fixes 47 Vulnerabilities: CVE-2024-30051 is reported publicly disclosed and known exploited, and CVE-2024-300040 is known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1 2
  • 28. Copyright © 2024 Ivanti. All rights reserved. 28 May Known Issues for Windows 10 § KB 5037768 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise, version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2, all editions § [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen. Workaround: To access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or bottom of your screen. § [Icon Display] Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview). § [Cache] After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. Workaround: See KB for configuration options. § [Prof_Pic] § Microsoft is working on a resolution for all issues.
  • 29. Copyright © 2024 Ivanti. All rights reserved. 29 May Known Issues for Windows 10 (cont) § KB 5037782 – Windows Server 2022 § [Prof_Pic]
  • 30. Copyright © 2024 Ivanti. All rights reserved. 30 § Maximum Severity: Important § Affected Products: Excel 2016 and Office Online Server § Description: This security update resolves a Microsoft Excel remote code execution vulnerability. This bulletin references KB 5002587 and KB 5002503. § Impact: Remote Code Execution § Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed § Restart Required: Requires application restart § Known Issues: None reported MS24-05-O365: Security Updates for Microsoft Office 1 2
  • 31. Copyright © 2024 Ivanti. All rights reserved. 31 § Maximum Severity: Important § Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021, and Office LTSC for Mac 2021 § Description: This month’s update resolves a vulnerability which could allow a remote user to perform code execution. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution § Fixes 1 Vulnerability: CVE-2024-30042 is not known to be exploited or publicly disclosed § Restart Required: Requires application restart § Known Issues: None reported MS24-05-O365: Security Updates for Microsoft 365 Apps 1 2
  • 32. Copyright © 2024 Ivanti. All rights reserved. 32 Between Patch Tuesdays
  • 33. Copyright © 2024 Ivanti. All rights reserved. 33 Windows Release Summary § Security Updates (with CVEs): Apple Mobile Device Support (1), AutoCAD (1), Azul Zulu (4), Google Chrome (5), Corretto (4), Eclipse Adoptium (4), Firefox (1), Firefox ESR (1), FileZilla Client (1), Foxit PDF Editor (4), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1),Apple ITunes (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1), PuTTY (1), RedHat OpenJDK (4), Snagit (4), Thunderbird (1), TortoiseGit (2), TortoiseSVN (1), WinSCP (1) § Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3), Audacity (2), CCleaner (1), Google Chrome (1), ClickShareApp Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker For Windows (1), Dropbox (2), Evernote (8), Firefox (2), GoodSync (1), GIMP (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (2), LibreOffice (2), LogMeIn (1), Malwarebytes (1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3), VirtualBox (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (2), Snagit (1), Sourcetree for WindowsEnterprise (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (2), TeamViewer (2), VMware Horizon Client (1), Zoom Client (3), Zoom Rooms Client (2), Zoom VDI (1)
  • 34. Copyright © 2024 Ivanti. All rights reserved. 34 Windows Release Summary (cont) § Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Bandicut (1), Box Drive (1), Bitwarden (2), Camtasia (2), Cisco Webex Teams (1), Google Drive File Stream (1), GeoGebra Classic (1), KeePassXC (1), NextCloud Desktop Client (1), R for Windows (1), RingCentral App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer (1), TreeSize Free (1), WinMerge (1)
  • 35. Copyright © 2024 Ivanti. All rights reserved. 35 Windows Third Party CVE Information § AutoCAD 2025.0.1 § ADAC25-240506, QACAD202501 § Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122, CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132, CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137 § Apple Mobile Device Support 17.5.0.12 § AMDS-240510, QAMDS175012 § Fixes 1 Vulnerability: CVE-2024-27793 § Google Chrome 124.0.6367.61 § CHROME-240416, QGC1240636761 § Fixes 14 Vulnerabilities: CVE-2024-3832, CVE-2024-3833, CVE-2024-3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024- 3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE-2024-3914
  • 36. Copyright © 2024 Ivanti. All rights reserved. 36 Windows Third Party CVE Information (cont) § Google Chrome 124.0.6367.79 § CHROME-240423, QGC1240636779 § Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060 § Google Chrome 124.0.6367.119 § CHROME-240430, QGC12406367119 § Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368 § Google Chrome 124.0.6367.156 § CHROME-240507, QGC12406367156 § Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559 § Google Chrome 124.0.6367.202 § CHROME-240509 § Fixes 1 Vulnerability: CVE-2024-4671
  • 37. Copyright © 2024 Ivanti. All rights reserved. 37 Windows Third Party CVE Information (cont) § Azul Zulu 21.34.19 (21.0.3) Note: FX version of JDK also supported § ZULU21-240416, QZULUJDK213419 § Fixes 9 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE- 2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024- 21085, CVE-2024-21094 § Azul Zulu 17.50.19 (17.0.11) Note: FX version of JDK also supported § ZULU17-240416, QZULUJDK175019 and QZULUJRE175019 § Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE- 2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024- 21068, CVE-2024-21085, CVE-2024-21094 § Azul Zulu 11.72.19 (11.0.23) Note: FX version of JDK also supported § ZULU11-240416, QZULUJDK117219 and QZULUJRE117219 § Fixes 10 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE- 2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024- 21068, CVE-2024-21085, CVE-2024-21094
  • 38. Copyright © 2024 Ivanti. All rights reserved. 38 Windows Third Party CVE Information (cont) § Azul Zulu 8.78.0.19 (8u412) Note: FX version of JDK also supported § ZULU8-240416, QZULUJDK878019 and QZULUJRE878019 § Fixes 13 Vulnerabilities: CVE-2023-41993, CVE-2024-20954, CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE- 2024-21085, CVE-2024-21094, CVE-2024-21098, CVE-2024-21892 § Java Development Kit 21 Update 21.0.3 § JDK17-240416, QJDK2103 § Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE- 2024-21094, CVE-2024-21098, CVE-2024-21892 § Java Development Kit 17 Update 17.0.11 § JDK17-240416, QJDK17011 § Fixes 7 Vulnerabilities: CVE-2024-20954, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE- 2024-21094, CVE-2024-21098, CVE-2024-21892
  • 39. Copyright © 2024 Ivanti. All rights reserved. 39 Windows Third Party CVE Information (cont) § Java Development Kit 11 Update 11.0.23 § JDK11-240416, QJDK11023 § Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE- 2024-21094 § Java 8 Update 411 – JRE and JDK § JAVA8-240416, QJDK8U411 and QJRE8U411 § Fixes 9 Vulnerabilities: CVE-2023-41993, CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 § Corretto 21.0.3.9.1 § CRTO21-240416, QCRTOJDK2103 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
  • 40. Copyright © 2024 Ivanti. All rights reserved. 40 Windows Third Party CVE Information (cont) § Corretto 17.0.11.9.1 § CRTO17-240416, QCRTOJDK17011 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094 § Corretto 11.0.23.9.1 § CRTO11-240416, QCRTOJDK11023 § Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE- 2024-21094 § Corretto 8.412.08.1 – JRE and JDK § CRTO8-240416, QCRTOJRE8412 § CRTO8-240416, QCRTOJDK8412 § Fixes 8 Vulnerabilities: CVE-2024-21002, CVE-2024-21003, CVE-2024-21004, CVE-2024-21005, CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094
  • 41. Copyright © 2024 Ivanti. All rights reserved. 41 Windows Third Party CVE Information (cont) § Eclipse Adoptium 21.0.3.9 § ECL21-240418, QECLJDK21039 and QECLJRE21039 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094 § Eclipse Adoptium 17.0.11.9 § ECL17-240418, QECLJDK170119 and QECLJRE170119 § Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE- 2024-21094 § Eclipse Adoptium 11.0.23.9 § ECL11-240422, QECLJDK110239 and QECLJRE110239 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094 § Eclipse Adoptium 8.412.08.1 § ECL8-240416, QECLJDK804128 and QECLJRE804128 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21094
  • 42. Copyright © 2024 Ivanti. All rights reserved. 42 Windows Third Party CVE Information (cont) § RedHat OpenJDK 21.0.3.0 § RHTJDK21-240419, QRHTJDK210309 and QRHTJRE210309 § Fixes 3 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068 § RedHat OpenJDK 17.0.11.0 § RHTJDK17-240419, QRHTJDK1701109 and QRHTJRE1701109 § Fixes 4 Vulnerabilities: CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 § RedHat OpenJDK 11.0.23.9 § RHTJDK11-240419, QRHTJDK110239 and QRHTJRE110239 § Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE- 2024-21094 § RedHat OpenJDK 8.0.412 § RHTJDK8-240419, QRHTJDK180412 § Fixes 5 Vulnerabilities: CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE- 2024-21094
  • 43. Copyright © 2024 Ivanti. All rights reserved. 43 Windows Third Party CVE Information (cont) § Firefox 125.0.1 § FF-240416, QFF12501 § Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854, CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024- 3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865 § Firefox ESR 115.10.0 § FFE115-240416, QFFE115100 § Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE- 2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864 § FileZilla Client 3.67.0 § FILEZ-240416, QFILEZ3670X64 and QFILEZ3670X86 § Fixes 1 Vulnerability: CVE-2024-31497
  • 44. Copyright © 2024 Ivanti. All rights reserved. 44 Windows Third Party CVE Information (cont) § Foxit PDF Editor 13.1.0.22420 § FPDFE-240505, QFPDFE131022420 § Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938 § Foxit PDF Editor (Subscription) 2024.2.0.25138 § FPDFES-240429, QFPDFE202420 § Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938 § Foxit PDF Reader Consumer 2024.2.0.25138 § FPDFRC-240429, QFPDFRC20242 § Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938 § Foxit PDF Reader Enterprise 2024.2.0.25138 § FPDFRE-240430, QFPDFRES20242 § Fixes 3 Vulnerabilities: CVE-2024-25575, CVE-2024-25648, CVE-2024-25938
  • 45. Copyright © 2024 Ivanti. All rights reserved. 45 Windows Third Party CVE Information (cont) § Apple iTunes 12.13.2.3 § ITUNES-240508, QITUNES121323 § Fixes 1 Vulnerability: CVE-2024-27793 § VirtualBox 7.0.16 § OVB70-240416, QOVB7016 § Fixes 13 Vulnerabilities: CVE-2024-21103, CVE-2024-21106, CVE-2024-21107, CVE-2024-21108, CVE-2024-21109, CVE-2024-21110, CVE-2024-21111, CVE-2024-21112, CVE-2024-21113, CVE- 2024-21114, CVE-2024-21115, CVE-2024-21116, CVE-2024-21121 § PuTTY 0.81.0.0 § PUTTY-240416, QPUTTY08100 § Fixes 1 Vulnerability: CVE-2024-31497 § TortoiseGit 2.16.0 § TGIT-240503, QTGIT21600 § Fixes 1 Vulnerability: CVE-2024-31497
  • 46. Copyright © 2024 Ivanti. All rights reserved. 46 Windows Third Party CVE Information (cont) § TortoiseSVN 1.14.7 § TORT-240416, QTORT1147 § Fixes 1 Vulnerability: CVE-2024-31497 § Thunderbird 115.10.0 § TB-240416, QTB115100 § Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE- 2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864 § WinSCP 6.3.3 § WINSCP-240416, QWINSCP633EXE and QWINSCP633MSI § Fixes 1 Vulnerability: CVE-2024-31497 § Snagit 2024.1.2 § SNAG24-240425, QSNAG202412 § Fixes 2 Vulnerabilities: CVE-2024-29187, CVE-2024-29188
  • 47. Copyright © 2024 Ivanti. All rights reserved. 47 Apple Release Summary § Security Updates (with CVEs): AutoCAD for Mac (3), Google Chrome (6), Microsoft Office 2019 Excel (1), Firefox (1), Firefox ESR (1), VMware Fusion (1), Microsoft Edge (3) § Security Updates (w/o CVEs): Google Chrome (1), Emacs For Mac (1), Thunderbird (3), Zoom Client for Mac (1) § Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), Brave (6), Calendar 366 II (2),Google Chrome (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (3), Evernote (8), Firefox (2), Figma (1), Google Drive (1), GIMP (1), Grammarly (6), Hazel (1), IntelliJ IDEA (1), LibreOffice (1), Microsoft AutoUpdate (1), Microsoft Edge (1), Obsidian for Mac (1), OneDrive for Mac (1), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (3), Parallels Desktop (1), PyCharm Professional for Mac (1), Microsoft Office 2019 PowerPoint (2), PowerShell (1), Python (1), Slack (2), Spotify (2), Microsoft Teams (Mac) (1), Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1), Zoom Client for Mac (2)
  • 48. Copyright © 2024 Ivanti. All rights reserved. 48 Apple Third Party CVE Information § AutoCAD 2022.4.1 § ADACMAC2022-240412 § Fixes 19 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122, CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23132, CVE-2024-23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137 § AutoCAD 2023.3.1 § ADACMAC2023-240412 § Fixes 19 Vulnerabilities: Same as listed above § AutoCAD 2025.0.1 § ADACMAC2025-240507 § Fixes 19 Vulnerabilities: Same as listed above
  • 49. Copyright © 2024 Ivanti. All rights reserved. 49 Apple Third Party CVE Information (cont) § Google Chrome 123.0.6312.124 § CHROMEMAC-240415 § Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516 § Google Chrome 124.0.6367.79 § CHROMEMAC-240424 § Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060 § Google Chrome 124.0.6367.94 § CHROMEMAC-240430 § Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4331, CVE-2024-4368 § Google Chrome 124.0.6367.119 § CHROMEMAC-240502 § Fixes 2 Vulnerabilities: CVE-2024-4331, CVE-2024-4368
  • 50. Copyright © 2024 Ivanti. All rights reserved. 50 Apple Third Party CVE Information (cont) § Google Chrome 124.0.6367.155 § CHROMEMAC-240507 § Fixes 2 Vulnerabilities: CVE-2024-4558, CVE-2024-4559 § Google Chrome 124.0.6367.201 § CHROMEMAC-240509 § Fixes 1 Vulnerability: CVE-2024-4671 § Microsoft Office 2019 Excel 16.84 § EXCEL19-240416 § Fixes 1 Vulnerability: CVE-2024-26257
  • 51. Copyright © 2024 Ivanti. All rights reserved. 51 Apple Third Party CVE Information (cont) § Firefox 125.0.1 § FF-240416 § Fixes 15 Vulnerabilities: CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854, CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858, CVE-2024-3859, CVE-2024- 3860, CVE-2024-3861, CVE-2024-3862, CVE-2024-3863, CVE-2024-3864, CVE-2024-3865 § Firefox ESR 115.10.0 § FFE-240416 § Fixes 9 Vulnerabilities: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE- 2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864 § VMware Fusion 13.5.1 § FUSION-240425 § Fixes 1 Vulnerability: CVE-2024-22251
  • 52. Copyright © 2024 Ivanti. All rights reserved. 52 Apple Third Party CVE Information (cont) § Microsoft Edge 123.0.2420.97 § MEDGEMAC-240412 § Fixes 3 Vulnerabilities: CVE-2024-3157, CVE-2024-3515, CVE-2024-3516 § Microsoft Edge 124.0.2478.51 § MEDGEMAC-240418 § Fixes 15 Vulnerabilities: CVE-2024-29987, CVE-2024-3832, CVE-2024-3833, CVE-2024- 3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847, CVE- 2024-3914 § Microsoft Edge 124.0.2478.67 § MEDGEMAC-240426 § Fixes 3 Vulnerabilities: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
  • 53. Copyright © 2024 Ivanti. All rights reserved. 53 Q & A
  • 54. Copyright © 2024 Ivanti. All rights reserved. Copyright © 2024 Ivanti. All rights reserved. 54 Thank You!