The April 2023 Patch Tuesday webinar hosted by Ivanti highlights critical security updates from Microsoft, Apple, and third-party vendors addressing multiple vulnerabilities, including two zero-day exploits for Apple products and a significant update for Windows OS resolving 97 new CVEs. Notable vulnerabilities include the exploited CVE-2023-28252 in Windows, with various other updates outlined for Adobe Acrobat and Mozilla Firefox impacting their respective users. The document also includes information on end of support dates for certain Windows versions and known issues arising from the updates.

1. Patch Tuesday Webinar
Wednesday, April 12, 2023
Hosted by Chris Goettl and Todd Schell

2. Agenda
April 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

3. Overview

4. Copyright © 2023 Ivanti. All rights reserved.
April Patch Tuesday 2023
We enter into this April Patch Tuesday on the heels of a CISA advisory and updates from Apple
(released on April 7th and 10th) for macOS, iPad OS, iOS and Safari resolving two Zero Day exploits
(CVE-2023-28205 and CVE-2023-28206). Microsoft has released updates resolving 97 new CVEs with
one new confirmed exploited vulnerability (CVE-2023-28252) resolved in the Windows OS update this
month. Microsoft has updated the affected products list for CVE-2013-3900, a previously resolved
vulnerability that has been confirmed to be exploited. Third-party updates from Mozilla and Adobe have
also released and Oracle's CPU release is coming on April 18th, which will be followed by a stream of
Java alternatives being updated through the rest of the month.

5. In the News

6. Copyright © 2023 Ivanti. All rights reserved.
In the News
 CISA Adds Five Known Exploited Vulnerabilities to Catalog
 https://www.cisa.gov/news-events/alerts/2023/04/07/cisa-adds-five-known-
exploited-vulnerabilities-catalog
 Zero-day releases for Apple iPhone and macOS
 https://www.helpnetsecurity.com/2023/04/11/cve-2023-28205-cve-2023-28206/
 Windows zero-day vulnerability exploited in ransomware attacks
 https://www.bleepingcomputer.com/news/security/windows-zero-day-
vulnerability-exploited-in-ransomware-attacks/
 ALPHV ransomware exploits Veritas Backup Exec bugs for initial
access
 https://www.bleepingcomputer.com/news/security/alphv-ransomware-exploits-
veritas-backup-exec-bugs-for-initial-access/

7. Copyright © 2023 Ivanti. All rights reserved.
In the News
 Exchange 2013 end of support, April 11, 2023
 https://learn.microsoft.com/en-us/microsoft-365/enterprise/exchange-2013-
end-of-support?view=o365-worldwide
 Throttling and Blocking Email from Persistently Vulnerable Exchange
Servers to Exchange Online
 https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-
blocking-email-from-persistently-vulnerable/ba-p/3762078
 Microsoft to Block Unsupported Exchange Servers from Sending
Emails to Exchange Online
 https://petri.com/microsoft-block-emails-old-exchange-servers-
exchange-online/

8. Copyright © 2023 Ivanti. All rights reserved.
In the News
 How to manage the Netlogon protocol changes related to CVE-
2022-38023
 https://support.microsoft.com/en-us/topic/kb5021130-how-to-
manage-the-netlogon-protocol-changes-related-to-cve-2022-
38023-46ea3067-3989-4d40-963c-680fd9e8ee25
 Certificate-based authentication changes on Windows domain
controllers
 https://support.microsoft.com/en-us/topic/kb5014754-certificate-
based-authentication-changes-on-windows-domain-controllers-
ad2c23b0-15d8-4340-a468-4d4f3b188f16

9. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
 CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
 This CVE has been updated and re-issued to address Windows 10 and 11
 CVSS 3.1 Scores: 7.4 / 6.4
 Severity: Important
 All currently supported operating systems
 Per Microsoft - “Microsoft does not plan to enforce the stricter verification behavior as a
default functionality on supported releases of Microsoft Windows. This behavior remains
available as an opt-in feature via reg key setting, and is available on supported editions of
Windows released since December 10, 2013. This includes all currently supported versions
of Windows 10 and Windows 11. The reg key already exists in Window 10 and Window 11,
so no security update is required but the reg key must be set. See the Security Updates
table for the list of affected software.”

10. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability
 CVE-2023-28252 Windows Common Log File System Driver Elevation of
Privilege Vulnerability
 CVSS 3.1 Scores: 7.8 / 7.2
 Severity: Important
 Server 2008/2008 R2, Server 2012/2012 R2, Windows 10, Windows 11, Server 2016, Server
2019, Server 2022
 Per Microsoft - “An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.”

11. Copyright © 2023 Ivanti. All rights reserved.
Known Publicly Disclosed Vulnerability
 CVE-2022-43552 Open-Source Curl Remote Code Execution Vulnerability
 This CVE has been updated and re-issued with security updates
 CVSS 3.1 Scores: 5.9 / 5.9
 Severity: Important
 Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022
 Per Microsoft - “Microsoft is announcing the availability of the April 2023 security updates to
address this vulnerability for all supported versions of Windows 10 version 1809, Windows
10 version 20H2, Windows 10 version 21H2, Windows 10 version 22H2, Windows 11
version 21H2, Windows 11 version 22H2, Windows Server 2019, and Windows Server 2022.
Microsoft strongly recommends that customers install the April 2023 updates to be fully
protected from this vulnerability. Customers whose systems are configured to receive
automatic updates do not need to take any further action.”

12. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
 Microsoft SQL Server Updates
 KBs updated to include CVE-2023-23384 which was omitted (informational only)
 OLE DB Driver and ODBC Drivers 17, 18 and 19 were released
 Azure and Development Tool Updates
 .NET 6.0
 .NET 7.0
 Azure Machine Learning
 Azure Service Connector
 Visual Studio 2017 (multiple)
 Visual Studio 2019 (multiple)
 Visual Studio 2022 (multiple)
 Visual Studio Code
 There are no servicing stack updates this month
Source: Microsoft

13. Copyright © 2023 Ivanti. All rights reserved.
Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

14. Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 5/13/2025
21H2 11/16/2021 6/11/2024
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 5/14/2024
21H2 11/16/2021 6/13/2023
Windows Server
Version Release Date End of Support Date
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
Version Release Date End of Support Date
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

15. Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

16. Bulletins and Releases

17. Copyright © 2023 Ivanti. All rights reserved.
APSB23-24: Security Update for Adobe Acrobat and Reader
 Maximum Severity: Critical
 Affected Products: Adobe Acrobat and Reader (DC Continuous and Classic 2020)
 Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address 16 vulnerabilities, 14 of which are rated
critical. Successful exploitation could lead to arbitrary code execution in the context of
the current user among other impacts. See
https://helpx.adobe.com/security/products/acrobat/apsb23-24.html for more details.
 Impact: Successful exploitation could lead to arbitrary code execution, privilege
escalation, security feature bypass and memory leak according to Adobe.
 Fixes 16 Vulnerabilities: See Adobe site for details
 Restart Required: Requires application restart

18. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-13: Security Update Firefox 112
 Maximum Severity: Critical (High)
 Affected Products: Security Update Firefox
 Description: This update from Mozilla addresses security vulnerabilities in the Firefox
browser on multiple platforms.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, and Information Disclosure
 Fixes 22 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/ for complete details.
 Restart Required: Requires application restart
 Known Issues: None

19. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-14: Security Update Firefox ESR 102.10
 Maximum Severity: Critical (High)
 Affected Products: Security Update Firefox ESR
 Description: This update from Mozilla addresses security vulnerabilities in the Firefox
ESR browser on multiple platforms.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing and Information Disclosure
 Fixes 13 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/ for complete details.
 Restart Required: Requires application restart
 Known Issues: None

20. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
 Description: This bulletin references KB 5025224 (21H2) and KB 5025239 (22H2).
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
 Fixes 59 Vulnerabilities: CVE-2013-3900 has been re-issued and is known
exploited and publicly disclosed. CVE-2023-28252 is known exploited. CVE-2022-
43552 has been re-issued and is publicly disclosed. See the Security Update Guide
for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

21. Copyright © 2023 Ivanti. All rights reserved.
April Known Issues for Windows 11
 KB 5025224 – Windows 11 version 21H2
 [App Fail] Windows devices with some third-party UI customization apps might not
start up. These third-party apps might cause errors with explorer.exe that might repeat
multiple times in a loop. The known affected third-party UI customization apps are
ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI
customization app before installing this or later updates. Microsoft is investigating and
will provide more info in the future.
 [Red Dead] After installing this or later updates, Red Dead Redemption 2 might not
open. Workaround: This issue was resolved in an update from Rockstar Games.
Update your game and try again.

22. Copyright © 2023 Ivanti. All rights reserved.
April Known Issues for Windows 11 (cont)
 KB 5025239 – Windows 11 version 22H2
 [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
 [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than
expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools
that do not use cache manager (buffered I/O). See KB for multiple mitigations.
Microsoft is working on a resolution.
 [App Fail]

23. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
 Description: This bulletin references 5 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
 Fixes 74 Vulnerabilities: CVE-2013-3900 has been re-issued and is known
exploited and publicly disclosed. CVE-2023-28252 is known exploited. CVE-2022-
43552 has been re-issued and is publicly disclosed. See the Security Update Guide
for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

24. Copyright © 2023 Ivanti. All rights reserved.
April Known Issues for Windows 10
 KB 5025229 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
 [Kiosk Login] After installing updates released January 10, 2023, and later, kiosk
device profiles that have auto log on enabled might not sign in automatically. After
Autopilot completes provisioning, affected devices will stay on the sign-in screen
prompting for credentials. Workaround: Microsoft is working on a resolution.

25. Copyright © 2023 Ivanti. All rights reserved.
April Known Issues for Windows 10 (cont)
 KB 5025230 – Windows Server 2022
 [Missing UUP] Updates released February 14, 2023 or later might not be offered
from some Windows Server Update Services (WSUS) servers to Windows 11,
version 22H2. The updates will download to the WSUS server but might not
propagate further to client devices. Affected WSUS servers are only those running
Windows Server 2022 which have been upgraded from Windows Server 2016 or
Windows Server 2019. Workaround: See KB on how to add the UUP file types to
the WSUS systems. Microsoft is working on a resolution.
 [ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below.

26. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-MR8: Monthly Rollup for Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of update
KB 5023756 (released March 14, 2023). Known compatibility issues exist with certain printer
models which feature GDI printer drivers that do not completely adhere to GDI specifications.
Bulletin is based on KB 5025287.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing
Elevation of Privilege, and Information Disclosure
 Fixes 62 Vulnerabilities: CVE-2013-3900 has been re-issued and is known exploited and
publicly disclosed. CVE-2023-28252 is known exploited. See the Security Update Guide for the
complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: None reported

27. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-SO8: Security-only Update for Windows Server 2012
 Maximum Severity: Critical
 Affected Products: Microsoft Windows Server 2012
 Description: Known compatibility issues exist with certain printer models which
feature GDI printer drivers that do not completely adhere to GDI specifications. Bulletin
is based on KB 5025272.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing Elevation of Privilege, and Information Disclosure
 Fixes 62 Vulnerabilities: CVE-2013-3900 has been re-issued and is known
exploited and publicly disclosed. CVE-2023-28252 is known exploited. See the
Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: None reported

28. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-MR81: Monthly Rollup for Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Server 2012 R2 and IE
 Description: This cumulative security update includes improvements that are part of update
KB 5023765 (released March 14, 2023). Known compatibility issues exist with certain printer
models which feature GDI printer drivers that do not completely adhere to GDI specifications.
Bulletin is based on KB 5025285.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing
Elevation of Privilege, and Information Disclosure
 Fixes 62 Vulnerabilities: CVE-2013-3900 has been re-issued and is known exploited and
publicly disclosed. CVE-2023-28252 is known exploited. See the Security Update Guide for the
complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.

29. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-SO81: Security-only for Server 2012 R2
 Maximum Severity: Critical
 Affected Products: Server 2012 R2
 Description: Known compatibility issues exist with certain printer models which feature
GDI printer drivers that do not completely adhere to GDI specifications. Bulletin is based on
KB 5025288.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing
Elevation of Privilege, and Information Disclosure
 Fixes 62 Vulnerabilities: CVE-2013-3900 has been re-issued and is known exploited
and publicly disclosed. CVE-2023-28252 is known exploited. See the Security Update
Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.

30. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Maximum Severity: Important
 Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution
 Fixes 4 Vulnerabilities: Addresses CVE-2023-28285, CVE-2023-28287, CVE-
2023-28295, and CVE-2023-28311. No vulnerabilities are publicly disclosed or known
exploited.
 Restart Required: Requires application restart
 Known Issues: None reported

31. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2019 & Office LTSC 2021 for Mac, and Microsoft
Publisher 2013 & 2016
 Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references KB 5002221 and KB 5002213 articles, and
release notes for the Mac updates.
 Impact: Remote Code Execution
 Fixes 4 Vulnerabilities: Addresses CVE-2023-28285, CVE-2023-28287, CVE-
2023-28295, and CVE-2023-28311. No vulnerabilities are publicly disclosed or known
exploited.
 Restart Required: Requires application restart
 Known Issues: None reported

32. Copyright © 2023 Ivanti. All rights reserved.
MS23-04-SPT: Security Updates for SharePoint Server
 Maximum Severity: Important
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: This update corrects an issue where an attacker is able to redirect the
victim to a malicious site. This bulletin is based on 5 KB articles.
 Impact: Spoofing
 Fixes 1 Vulnerability: CVE-2023-28288 is not publicly disclosed or known
exploited.
 Restart Required: Requires restart
 Known Issues: None reported

33. Between Patch Tuesdays

34. Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
 Security Updates (with CVEs): Google Chrome (2), Nitro Pro (1), Nitro Pro Enterprise (1), Python
(2), SeaMonkey (1), Thunderbird (1)
 Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Apple iTunes (1), Box Edit (1),
Google Chrome (2), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix
Workspace App (2), Citrix Workspace App LTSR (1), Docker for Windows (2), Dropbox (2), Evernote (2),
Firefox (1), GoodSync (1), LibreOffice (1), LogMeIn (1), Malwarebytes (2), Node.JS (LTS Lower) (1),
Notepad++ (2), Opera (4), Paint.net (1), Plex Media Server (1), Royal TS (1), Screenpresso (1), Skype (1),
Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (4), TeamViewer (2), VMware Horizon Client
(2), Zoom Client (2), Zoom Outlook Plugin (1), Zoom Rooms Client (2)
 Non-Security Updates: 8x8 Work Desktop (1), AIMP (3), Apple Mobile Device Support (1), BlueBeam
Revu (1), Bitwarden (2), Camtasia (1), Cisco WebEx Teams (1), Google Drive File Stream (1), GeoGebra
Classic (2), BlueJeans (1), NextCloud Desktop Client (1), PDF24 Creator (1), PDF-Xchange PRO (1), PSPad
(1), R for Windows (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (3),
Screenpresso (1), TightVNC (2), WeCom (2)

35. Copyright © 2023 Ivanti. All rights reserved.
Windows Third-Party CVE Information
 Google Chrome 111.0.5563.111
 CHROME-230321, QGC11105563111
 Fixes 7 Vulnerabilities: CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-
2023-1531, CVE-2023-1532, CVE-2023-1533, CVE-2023-1534
 Google Chrome 112.0.5615.50
 CHROME-230404, QGC1120561550
 Fixes 14 Vulnerabilities: CVE-2023-1810, CVE-2023-1811, CVE-2023-1812, CVE-
2023-1813, CVE-2023-1814, CVE-2023-1815, CVE-2023-1816, CVE-2023-1817,
CVE-2023-1818, CVE-2023-1819, CVE-2023-1820, CVE-2023-1821, CVE-2023-
1822, CVE-2023-1823

36. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
 Nitro Pro 13.70.4.50
 NITRO-230317, QNITRO1370450
 Fixes 2 Vulnerabilities: CVE-2022-37434, CVE-2023-0286
 Nitro Pro Enterprise 13.70.4.50
 NITROE-230317, QNITROE1370450
 Fixes 2 Vulnerabilities: CVE-2022-37434, CVE-2023-0286
 Python 3.10.11150.0
 PYTHN310-230405, QPYTH310111500
 Fixes 2 Vulnerabilities: CVE-2022-4303, CVE-2023-0286
 Python 3.11.3150.0
 PYTHN311-230405, QPYTH31131500
 Fixes 2 Vulnerabilities: CVE-2022-4303, CVE-2023-0286

37. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
 SeaMonkey 2.53.16
 SM-230331, QSM25316
 Fixes 10 Vulnerabilities: CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-
11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-
2019-11730, CVE-2019-9811
 Thunderbird 102.9.1
 TB-230328, QTB10291
 Fixes 1 Vulnerability: CVE-2023-28427

38. Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
 Security Updates (with CVEs): Google Chrome (2), macOS Ventura (2), Safari (2), macOS Big Sur
(1), macOS Monterey (1), Microsoft Edge (1), SeaMonkey (1), Thunderbird (1)
 Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), aText (1), BBEdit (1),
Calendar 366 II (1), Google Chrome (1), Dropbox (2), Evernote (1), Firefox (1), Hazel (1), LibreOffice (1),
Microsoft Edge (3), Slack (3), Spotify (1), Microsoft Teams (Mac) (1), Visual Studio Code (2), Zoom Client for
Mac (2)

39. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information
 macOS Ventura 13.3
 HT213670
 Fixes 57 Vulnerabilities: CVE-2022-43551, CVE-2022-43552, CVE-2023-0049, CVE-2023-
0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-
23514, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-
2023-23532, CVE-2023-23533, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537,
CVE-2023-23538, CVE-2023-23542, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929,
CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27934, CVE-2023-27935,
CVE-2023-27936, CVE-2023-27937, CVE-2023-27941, CVE-2023-27942, CVE-2023-27943,
CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27952,
CVE-2023-27953, CVE-2023-27954, CVE-2023-27955, CVE-2023-27956, CVE-2023-27957,
CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963, CVE-2023-27965,
CVE-2023-27968, CVE-2023-27969, CVE-2023-28178, CVE-2023-28180, CVE-2023-28181,
CVE-2023-28182, CVE-2023-28190, CVE-2023-28192, CVE-2023-28200
 macOS Ventura 13.3.1
 HT213721
 Fixes 2 Vulnerabilities: CVE-2023-28205, CVE-2023-28206

40. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information (cont)
 macOS Monterey 12.6.4
 HT213677
 Fixes 27 Vulnerabilities: CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-
23527, CVE-2023-23533, CVE-2023-23538, CVE-2023-23540, CVE-2023-23542, CVE-
2023-27933, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27942,
CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27953,
CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963,
CVE-2023-28178, CVE-2023-28182, CVE-2023-28192, CVE-2023-28200
 macOS Big Sur 11.7.5
 HT213675
 Fixes 2 Vulnerabilities: CVE-2022-26702, CVE-2023-0433, CVE-2023-0512, CVE-2023-
23514, CVE-2023-23527, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-
2023-23540, CVE-2023-23542, CVE-2023-27928, CVE-2023-27935, CVE-2023-27936,
CVE-2023-27937, CVE-2023-27944, CVE-2023-27946, CVE-2023-27951, CVE-2023-27953,
CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-28182,
CVE-2023-28192, CVE-2023-28200

41. Copyright © 2023 Ivanti. All rights reserved.
Apple Updates CVE Information (cont)
 Safari 16.4
 HT213671
 Fixes 2 Vulnerabilities: CVE-2023-27932, CVE-2023-27954
 Safari 16.4.1
 HT213722
 Fixes 1 Vulnerability: CVE-2023-28205

42. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information
 Google Chrome 111.0.5563.110
 CHROMEMAC-230321
 Fixes 7 Vulnerabilities: CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-
2023-1531, CVE-2023-1532, CVE-2023-1533, CVE-2023-1534
 Google Chrome 112.0.5615.49
 CHROMEMAC-230404
 Fixes 14 Vulnerabilities: CVE-2023-1810, CVE-2023-1811, CVE-2023-1812, CVE-
2023-1813, CVE-2023-1814, CVE-2023-1815, CVE-2023-1816, CVE-2023-1817,
CVE-2023-1818, CVE-2023-1819, CVE-2023-1820, CVE-2023-1821, CVE-2023-
1822, CVE-2023-1823
 Microsoft Edge 112.0.1722.34
 MEDGEMAC-230406
 Fixes 3 Vulnerabilities: CVE-2023-24935, CVE-2023-28284, CVE-2023-28301

43. Copyright © 2023 Ivanti. All rights reserved.
Apple Third Party CVE Information (cont)
 SeaMonkey 2.53.16
 SM-230331
 Fixes 6 Vulnerabilities: CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-
2023-28163, CVE-2023-28164, CVE-2023-28176
 Thunderbird 102.9.1
 TB-230328
 Fixes 1 Vulnerability: CVE-2023-28427

44. Q & A

45. Copyright © 2023 Ivanti. All rights reserved.
Thank You!