Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, August 14, 2024
Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ August 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A
Copyright © 2024 Ivanti. All rights reserved. 3
The Patch Tuesday releases for August 2024 bring the
typical lineup from Microsoft, an Adobe Acrobat and
Reader update, and an anticipated update for Google
Chrome. Ivanti has some additional security updates to
add into the mix this month.
The most urgent updates this month are for the OS and
Office from Microsoft which resolve a total of six
exploited CVEs.
For more details check out this month's Patch Tuesday
blog.
August Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4
In the News
Copyright © 2024 Ivanti. All rights reserved. 5
In the News
§ Crowdstrike
§ https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass-
checks/
§ https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
§ Vulnerability to rollback a previous update to make a system vulnerable
§ https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-
updated-systems/
§ IE 11 is still an issue
§ https://www.darkreading.com/threat-intelligence/microsofts-internet-explorer-gets-revived-to-lure-in-windows-
victims
Copyright © 2024 Ivanti. All rights reserved. 6
§ CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 7.0 / 6.5
§ Severity: Important
§ Impact: Elevation of Privilege
§ Affected Systems: All Windows 10 and newer operating system
§ Per Microsoft: Successful exploitation of this vulnerability requires an attacker to win a race condition.
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
§ CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.2
§ Severity: Important
§ Impact: Elevation of Privilege
§ Affected Systems: All currently supported Windows operating systems
§ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 7
§ CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability
§ CVSS 3.1 Scores: 7.5 / 7.0
§ Severity: Important
§ Impact: Remote Code Execution
§ Affected Systems: All currently supported Windows operating systems
§ Per Microsoft: This attack requires an authenticated client to click a link in order for an unauthenticated attacker
to initiate remote code execution. Successful exploitation of this vulnerability requires an attacker to first prepare
the target so that it uses Edge in Internet Explorer Mode
§ CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
§ CVSS 3.1 Scores: 8.8 / 8.2
§ Severity: Important
§ Impact: Remote Code Execution
§ Affected Systems: Microsoft Project 2016, 365 Apps for Enterprise, Office 2019, Office LTSC 2021
§ Per Microsoft: Exploitation requires the victim to open a malicious Microsoft Office Project file on a system
where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro
Notification Settings are not enabled allowing the attacker to perform remote code execution.
Known Exploited Vulnerabilities (cont)
Copyright © 2024 Ivanti. All rights reserved. 8
§ CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege
Vulnerability
§ CVSS 3.1 Scores: 7.8 / 7.2
§ Severity: Important
§ Impact: Elevation of Privilege
§ Affected Systems: All currently supported Windows operating systems
§ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
§ CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability
§ CVSS 3.1 Scores: 6.5 / 6.0
§ Severity: Moderate
§ Impact: Security Feature Bypass
§ Affected Systems: All currently supported Windows operating systems
§ Per Microsoft: An attacker who successfully exploited this vulnerability could bypass the SmartScreen
user experience. An attacker must send the user a malicious file and convince them to open it.
Known Exploited Vulnerabilities (cont)
Copyright © 2024 Ivanti. All rights reserved. 9
§ CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 6.7 / 6.1
§ Severity: Important
§ Impact: Elevation of Privilege
§ Affected Systems: Windows 10 and newer operating systems
§ Per Microsoft: Originally released as an optional KB on Aug 7, Microsoft has released the August 2024 security
updates that include an opt-in revocation policy mitigation to address this vulnerability. See KB for details.
§ CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution
Vulnerability
§ CVSS 3.1 Scores: 9.8 / 8.5
§ Severity: Important
§ Impact: Remote Code Execution
§ Affected Systems: All Windows supported operating systems
§ Per Microsoft: Users are advised against installing or enabling the Line Printer Daemon (LPD) service which
has been deprecated since Server 2012.
Publicly Disclosed Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 10
Ivanti Neurons for ITSM Ivanti Virtual Traffic Manager
Security Advisory: Ivanti
Avalanche
Security Advisory: Ivanti
Neurons for ITSM
Vulnerabilities:
CVE-2024-7569 CVSS: 9.6
CVE-2024-7570 CVSS: 8.3
Affected Versions:
2023.2
2023.3
2023.4
Security Advisory: Ivanti
Virtual Traffic Manager (vTM )
Ivanti Avalanche
Ivanti Reported Vulnerabilities
Vulnerabilities:
*CVE-2024-7593 CVSS: 9.8
Affected Versions:
22.2 & 22.3
22.3R2, 22.5R1, 22.6R1, 22.7R1
Vulnerabilities:
CVE-2024-38652 CVSS: 8.2
CVE-2024-38653 CVSS: 8.2
CVE-2024-36136 CVSS: 7.5
CVE-2024-37399 CVSS: 7.5
CVE-2024-37373 CVSS: 7.2
Affected Versions:
6.3.1 – 6.3.4
6.4.0 – 6.4.3
No vulnerabilities were known to be exploited at the time of disclosure
*Publicly Disclosed
Copyright © 2024 Ivanti. All rights reserved. 11
CVE-2024-33599
CVSS 3: 7.6
§ nscd contains a buffer overflow in the caching
functionality (ironic since ncsd literally means Name
Service Cache Daemon), where a fixed size cache
can be exhausted, causing subsequent requests to
overflow.
§ Since one of the use cases for nscd is in mixed
Windows/Linux environments, this can be
particularly important as it can be abused to prevent
Linux systems with shared authentication
mechanisms to stop accepting Windows-based
accounts as valid.
§ This flaw was introduced in glibc 2.15 when the
cache was added to nscd. This vulnerability is only
present in the nscd binary.
Background
Nscd is a daemon that provides a cache for the
most common name service requests. The default
configuration file, /etc/nscd. conf, determines the
behavior of the cache daemon.
Mitigation
Update systems to the latest version of glibc
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 12
CVE-2024-38475
CVSS 3: 9.1
§ Improper escaping of output in mod_rewrite in
Apache HTTP Server 2.4.59 & earlier may lead
to code execution or source code disclosure.
§ Allows an attacker to map URLs to filesystem
locations that are permitted to be served by the
server but are not intentionally/directly reachable
by any URL.
§ Substitutions in server context that use
backreferences or variables as the first segment
of the substitution are affected.
Mitigation
Upgrading to version 2.4.60 eliminates this
vulnerability.
The patch for this vulnerability can break some
(unsafe) mod_rewrite rules, so caution and
proper testing is advised when patching it.
Vulnerable versions of Apache ship with CentOS 6,
7, 8.4, 8.5 and derivatives.
Note that none of them are under official vendor
support any longer.
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 13
CVE-2024-39929
CVSS 3: 5.4
§ Exim (a free, mail transfer agent) through 4.97.1
misparses a multiline RFC 2231 header
filename, and thus remote attackers can bypass
a $mime_filename extension-blocking protection
mechanism.
§ Attackers can potentially deliver executable
attachments to the mailboxes of end users.If a
user were to download or run one of these
malicious files, the system could be
compromised.
Impact
At one point, millions of internet-accessible Exim
servers were running a potentially vulnerable
version (4.97.1 or earlier).
Prospective targets must click on an attached
executable for the attack to be successful.
Mitigation
This issue is fixed in Exim 4.98.
Users should move quickly to apply the patches to
mitigate potential threats.
New and Notable Linux Vulnerabilities: 3
Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 14
Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
§ Server 2012/2012 R2 ESU and Windows
10 (see graphic)
Azure and Development Tool Updates
§ .NET 8
§ Azure Connected Machine Agent
§ Azure CycleCloud 8.0.0 – 8.6.2
§ Azure Health Bot
§ Azure IoT Hub Device Client SDK
§ Azure Stack Hub
§ Visual Studio 2022 v17.6 – v17.10
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 15
Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
Version Release Date End of Support Date
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 16
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 17
Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 18
Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved.
APSB24-57: Security Update for Adobe Acrobat and Reader
§ Maximum Severity: Critical
§ Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024)
§ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 12 vulnerabilities; 8 are rated Critical.
§ Impact: Arbitrary Code Execution, Privilege Escalation, Memory Leak
§ Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
for more details.
§ Restart Required: Requires application restart
1
Copyright © 2024 Ivanti. All rights reserved. 20
MS24-08-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2 and Edge
Chromium
§ Description: This bulletin references KB 5041592 (21H2), KB 5041585 (22H2/23H2), and KB
5041571 (24H2). See KBs for details of all changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Tampering,
Elevation of Privilege, and Information Disclosure
§ Fixes 55 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE-
2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are
known exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
NOTE: Win 11 24H2 update is targeted for Copilot+ PCs devices and devices that were previously
using Windows Insider 24H2 builds
1
Copyright © 2024 Ivanti. All rights reserved. 21
August Known Issues for Windows 11
§ KB 5041592 – Windows 11 version 21H2, all editions
§ [Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520. Workaround: Microsoft is working on a resolution
§ KB 5041571 – Windows 11 version 24H2, all editions
§ [Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
§ Workaround: Download Roblox directly from vendor.
Copyright © 2024 Ivanti. All rights reserved. 22
MS24-08-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 63 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE-
2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are
known exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide
1
Copyright © 2024 Ivanti. All rights reserved. 23
August Known Issues for Windows 10
§ KB 5041773 – Windows 10 version 1607, all editions; Windows Server 2016, all editions
§ [Remote Desktop] After installing the Windows update released on or after July 9, 2024,
Windows Servers might affect Remote Desktop Connectivity across an organization. This
issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote
Desktop Gateway. Resulting from this, remote desktop connections might be interrupted.
§ Workaround: See KB for multiple options. Microsoft is working on a resolution.
§ KB 5041578 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10
IoT Core 2019 LTSC, Windows Server 2019
§ [Remote Desktop]
§ KB 5041580 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021,
Windows 10, version 22H2, all editions
§ [Prof_Pic]
§ KB 5041160 – Windows Server 2022
§ [Prof_Pic]
§ [Remote Desktop]
Copyright © 2024 Ivanti. All rights reserved. 24
§ Maximum Severity: Important
§ Affected Products: Office 2016 Plus, Outlook 2016, Powerpoint 2016, Project 2016, Office LTSC
for Mac 2021
§ Description: This security update resolves multiple remote code execution and an elevation of
privilege vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release
notes.
§ Impact: Remote Code Execution, Elevation of Privilege
§ Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38084, CVE-2024-
38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited
or publicly disclosed.
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-08-OFF: Security Updates for Microsoft Office
1
2
Copyright © 2024 Ivanti. All rights reserved. 25
§ Maximum Severity: Important
§ Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021
§ Description: This security update resolves multiple remote code execution vulnerabilities in
Microsoft Office. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution
§ Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38169, CVE-2024-
38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited
or publicly disclosed.
§ Restart Required: Requires application restart
§ Known Issues: None reported
MS24-08-O365: Security Updates for Microsoft 365 Apps
1
2
Copyright © 2024 Ivanti. All rights reserved. 26
Between
Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 27
Windows Release Summary
§ Security Updates (with CVEs): AutoCAD (3), Azul Zulu (4), Google Chrome (4), Corretto (4), Citrix
Workspace App LTSR (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java
Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1), RedHat OpenJDK (4)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (3), Audacity (2), Box Edit
(1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Citrix Workspace App (1), Dell Command
Update Windows Universal Application (1), Docker (1), Dropbox (2), Eclipse Adoptium (3), Firefox (2),
Foxit PDF Editor (1), Foxit PDF Editor (Subscription) (1), Git for Windows (1), Grammarly for Windows
(4), Jabra Direct (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Nitro Pro Enterprise (1), Node.JS
(Current) (3), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (4), Pulse Secure VPN Desktop Client
(1), Python (1), PeaZip (1), RedHat OpenJDK (1), Screenpresso (1), Skype (2), Slack Machine-Wide
Installer (2), Snagit (1), Tableau Desktop (7), Tableau Prep Builder (1), Tableau Reader (1),
Thunderbird ESR (3), Apache Tomcat (3), VMware Horizon Client (1), Cisco Webex Meetings Desktop
App (2), Zoom Workplace desktop app (2), Zoom Outlook Plugin (1), Zoom Rooms App (1), Zoom
Workplace VDI App (1)
Copyright © 2024 Ivanti. All rights reserved. 28
Windows Release Summary (cont)
§ Non-Security Updates: 1password (3), 8x8 Work Desktop (1), AIMP (1), Bandicut (2), Beyond
Compare (1), Bitwarden (2), Camtasia (1), docuPrinter (1), draw.io (1), Evernote (8), Google Drive File
Stream (1), GeoGebra Classic (1), LogMeIn (1), NextCloud Desktop Client (1), Plantronics Hub (1),
RingCentral App (Machine-Wide Installer) (3), Rocket.Chat Desktop Client (1), Cisco Webex Teams (1),
WeCom (2), WinMerge (1)
Copyright © 2024 Ivanti. All rights reserved. 29
Windows Third Party CVE Information
§ AutoCAD 2025.1
§ ADAC25-240723, QACAD20251
§ Fixes 41 Vulnerabilities
§ AutoCAD 2023.1.6
§ ADAC23-240712, QACAD202316
§ Fixes 41 Vulnerabilities
§ AutoCAD 2022.1.5
§ ADAC22-240723, QACAD202215
§ Fixes 29 Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 30
Windows Third Party CVE Information (cont)
§ Google Chrome 126.0.6478.183
§ CHROME-240716, QGC12606478183
§ Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-
2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779
§ Google Chrome 127.0.6533.73
§ CHROME-240724, QGC1270653373
§ Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992,
CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-
6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004,
CVE-2024-7005
§ Google Chrome 127.0.6533.89
§ CHROME-240730, QGC1270653389
§ Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
Copyright © 2024 Ivanti. All rights reserved. 31
Windows Third Party CVE Information (cont)
§ Google Chrome 127.0.6533.100
§ CHROME-240806, QGC12706533100
§ Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-
2024-7536, CVE-2024-7550
§ Citrix Workspace App LTSR 22.03.6002 Hotfix 2
§ CTXWA-240715, QCTXWA22036002
§ Fixes 1 Vulnerability: CVE-2024-6286
§ VirtualBox 7.0.20
§ OVB70-240716, QOVB7020
§ Fixes 3 Vulnerabilities: CVE-2024-21141, CVE-2024-21161, CVE-2024-21164
Copyright © 2024 Ivanti. All rights reserved. 32
Windows Third Party CVE Information (cont)
§ Azul Zulu 21.36.17 (21.0.4) Note: FX version of JDK also supported
§ ZULU21-240716, QZULUJDK213617
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
§ Azul Zulu 17.52.17 (17.0.12) Note: FX version of JDK also supported
§ ZULU17-240716, QZULUJDK175217 and QZULUJRE175217
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
§ Azul Zulu 11.74.15 (11.0.24) Note: FX version of JDK also supported
§ ZULU11-240716, QZULUJDK117415 and QZULUJRE117415
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 33
Windows Third Party CVE Information (cont)
§ Azul Zulu 8.80.0.17 (8u422) Note: FX version of JDK also supported
§ ZULU8-240716, QZULUJDK880017 and QZULUJRE880017
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ Java Development Kit 21 Update 21.0.4
§ JDK21-240715, QJDK2104
§ Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147, CVE-2024-27983
§ Java Development Kit 17 Update 17.0.12
§ JDK17-240715, QJDK17012
§ Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147, CVE-2024-27983
Copyright © 2024 Ivanti. All rights reserved. 34
Windows Third Party CVE Information (cont)
§ Java Development Kit 11 Update 11.0.24
§ JDK11-240718, QJDK11024
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ Java 8 Update 421 – JRE and JDK
§ JAVA8-240718, QJDK8U421 and QJRE8U421
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ Corretto 21.0.4.7.1
§ CRTO21-240717, QCRTOJDK2104
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 35
Windows Third Party CVE Information (cont)
§ Corretto 17.0.12.7.1
§ CRTO17-240716, QCRTOJDK17012
§ Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-
2024-21147
§ Corretto 11.0.24.8.1
§ CRTO11-240717, QCRTOJDK11024
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ Corretto 8.422.05.1 – JRE and JDK
§ CRTO8-240716, QCRTOJRE842205
§ CRTO8-240716, QCRTOJDK842205
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 36
Windows Third Party CVE Information (cont)
§ RedHat OpenJDK 21.0.4.0
§ RHTJDK21-240723, QRHTJDK2104 and QRHTJRE2104
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ RedHat OpenJDK 17.0.12.0
§ RHTJDK17-240723, QRHTJDK1701207 and QRHTJRE1701207
§ Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-
2024-21147
§ RedHat OpenJDK 11.0.24.08
§ RHTJDK11-240723, QRHTJDK1102408 and QRHTJRE1102408
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
§ RedHat OpenJDK 8.0.422
§ RHTJDK8-240723, QRHTJDK180422
§ Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-
2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 37
Windows Third Party CVE Information (cont)
§ Firefox 129
§ FF-240806, QFF1290
§ Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521,
CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-
7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531
§ Firefox ESR 115.14.0
§ FFE115-240809, QFFE115140
§ Fixes 9 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-
2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531
§ Firefox ESR 128.1.0
§ FFE128-240806, QFFE12810
§ Fixes 12 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520, CVE-2024-7521,
CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-
7528, CVE-2024-7529, CVE-2024-7531
Copyright © 2024 Ivanti. All rights reserved. 38
Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Sonoma (1), Apple
macOS Ventura (1), Apple Safari (1), AutoCAD (2), Emacs (1), Google Chrome (4), Firefox (1),
Firefox ESR (1), Microsoft Edge (4), Thunderbird (1), Thunderbird ESR (1)
§ Security Updates (w/o CVEs): Zoom Client for Mac (2)
§ Non-Security Updates: 1Password (3), Adobe Acrobat DC and Acrobat Reader DC (2), aText
(1), BetterTouchTool (8), Brave (4), Docker Desktop (1), draw.io (1), Dropbox (2), Evernote (8),
Firefox (2), Figma (1), Google Drive (1), Grammarly (6), Microsoft AutoUpdate (1), Obsidian
(1), OneDrive for Mac (2), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook
(2), PyCharm Professional (2), Microsoft Office 2019 PowerPoint (1), Skype (1), Slack (1),
Snagit (1), macOS Sonoma (1), Spotify (2), Sublime Text Build (1), Microsoft Teams (1),
macOS Ventura (1), Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019
Word (1)
Copyright © 2024 Ivanti. All rights reserved. 39
Apple Updates with CVE Information
§ macOS Monterey 12.7.6
§ HT214118
§ Fixes 41 Vulnerabilities: See Apple security bulletin for details
§ macOS Ventura 13.6.8
§ HT214120
§ Fixes 45 Vulnerabilities: See Apple security bulletin for details
§ macOS Sonoma 14.6
§ HT214119
§ Fixes 69 Vulnerabilities: See Apple security bulletin for details
§ Safari 17.6 for Ventura and Monterey
§ HT214121
§ Fixes 9 Vulnerabilities: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-
2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-
40817, CVE-2024-4558
Copyright © 2024 Ivanti. All rights reserved. 40
Apple Third Party CVE Information
§ AutoCAD 2023.3.2
§ ADACMAC2023-240715
§ Fixes 29 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122,
CVE-2024-23123, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130,
CVE-2024-23131, CVE-2024-23134, CVE-2024-23137, CVE-2024-23140, CVE-2024-23141,
CVE-2024-23142, CVE-2024-23143, CVE-2024-23144, CVE-2024-23145, CVE-2024-23146,
CVE-2024-23147, CVE-2024-23148, CVE-2024-23149, CVE-2024-37000, CVE-2024-37001,
CVE-2024-37002, CVE-2024-37003, CVE-2024-37004, CVE-2024-37005, CVE-2024-37006
§ AutoCAD 2024.1.4
§ ADACMAC2024-240715
§ Fixes 29 Vulnerabilities: Same as listed above
Copyright © 2024 Ivanti. All rights reserved. 41
Apple Third Party CVE Information (cont)
§ Google Chrome 126.0.6478.183
§ CHROMEMAC-240716
§ Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-
2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779
§ Google Chrome 127.0.6533.73
§ CHROMEMAC-240724
§ Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992,
CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-
6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004,
CVE-2024-7005
§ Google Chrome 127.0.6533.89
§ CHROMEMAC-240731
§ Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
Copyright © 2024 Ivanti. All rights reserved. 42
Apple Third Party CVE Information (cont)
§ Google Chrome 127.0.6533.100
§ CHROMEMAC-240806
§ Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-
2024-7536, CVE-2024-7550
§ Emacs For Mac29.4
§ EMACSMAC-240725
§ Fixes 1 Vulnerability: CVE-2024-39331
Copyright © 2024 Ivanti. All rights reserved. 43
Apple Third Party CVE Information (cont)
§ Firefox 129
§ FF-240806
§ Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521,
CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-
7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531
§ Firefox ESR 115.13.0
§ FFE-240716
§ Fixes 5 Vulnerabilities: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-
2024-6604
§ Thunderbird ESR 115.14.0
§ TB-240806
§ Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE-
2024-7526, CVE-2024-7527, CVE-2024-7529
Copyright © 2024 Ivanti. All rights reserved. 44
Apple Third Party CVE Information (cont)
§ Thunderbird 128.1.0
§ TB-240806
§ Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525,
CVE-2024-7526, CVE-2024-7527, CVE-2024-7529
§ Microsoft Edge 126.0.2592.113
§ MEDGEMAC-240722
§ Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775,
CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779
§ Microsoft Edge 127.0.2651.74
§ MEDGEMAC-240725
§ Fixes 18 Vulnerabilities: CVE-2024-38103, CVE-2024-39379, CVE-2024-6988, CVE-2024-
6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995,
CVE-2024-6996, CVE-2024-6997, CVE-2024-6998, CVE-2024-6999, CVE-2024-7000, CVE-
2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005
Copyright © 2024 Ivanti. All rights reserved. 45
Apple Third Party CVE Information (cont)
§ Microsoft Edge 127.0.2651.86
§ MEDGEMAC-240801
§ Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
§ Microsoft Edge 127.0.2651.98
§ MEDGEMAC-240809
§ Fixes 8 Vulnerabilities: CVE-2024-38218, CVE-2024-38219, CVE-2024-7532, CVE-2024-
7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550
Copyright © 2024 Ivanti. All rights reserved. 46
Q & A
Copyright © 2024 Ivanti. All rights reserved.
Copyright © 2024 Ivanti. All rights reserved. 47
Thank You!

August Patch Tuesday

  • 1.
    Hosted by ChrisGoettl and Todd Schell Patch Tuesday Webinar Wednesday, August 14, 2024
  • 2.
    Copyright © 2024Ivanti. All rights reserved. 2 Agenda § August 2024 Patch Tuesday Overview § In the News § Bulletins and Releases § Between Patch Tuesdays § Q & A
  • 3.
    Copyright © 2024Ivanti. All rights reserved. 3 The Patch Tuesday releases for August 2024 bring the typical lineup from Microsoft, an Adobe Acrobat and Reader update, and an anticipated update for Google Chrome. Ivanti has some additional security updates to add into the mix this month. The most urgent updates this month are for the OS and Office from Microsoft which resolve a total of six exploited CVEs. For more details check out this month's Patch Tuesday blog. August Patch Tuesday 2024
  • 4.
    Copyright © 2024Ivanti. All rights reserved. 4 In the News
  • 5.
    Copyright © 2024Ivanti. All rights reserved. 5 In the News § Crowdstrike § https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass- checks/ § https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ § Vulnerability to rollback a previous update to make a system vulnerable § https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully- updated-systems/ § IE 11 is still an issue § https://www.darkreading.com/threat-intelligence/microsofts-internet-explorer-gets-revived-to-lure-in-windows- victims
  • 6.
    Copyright © 2024Ivanti. All rights reserved. 6 § CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.0 / 6.5 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All Windows 10 and newer operating system § Per Microsoft: Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Known Exploited Vulnerabilities
  • 7.
    Copyright © 2024Ivanti. All rights reserved. 7 § CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability § CVSS 3.1 Scores: 7.5 / 7.0 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All currently supported Windows operating systems § Per Microsoft: This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode § CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Impact: Remote Code Execution § Affected Systems: Microsoft Project 2016, 365 Apps for Enterprise, Office 2019, Office LTSC 2021 § Per Microsoft: Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. Known Exploited Vulnerabilities (cont)
  • 8.
    Copyright © 2024Ivanti. All rights reserved. 8 § CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 6.5 / 6.0 § Severity: Moderate § Impact: Security Feature Bypass § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. An attacker must send the user a malicious file and convince them to open it. Known Exploited Vulnerabilities (cont)
  • 9.
    Copyright © 2024Ivanti. All rights reserved. 9 § CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 6.7 / 6.1 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: Windows 10 and newer operating systems § Per Microsoft: Originally released as an optional KB on Aug 7, Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. See KB for details. § CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability § CVSS 3.1 Scores: 9.8 / 8.5 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All Windows supported operating systems § Per Microsoft: Users are advised against installing or enabling the Line Printer Daemon (LPD) service which has been deprecated since Server 2012. Publicly Disclosed Vulnerabilities
  • 10.
    Copyright © 2024Ivanti. All rights reserved. 10 Ivanti Neurons for ITSM Ivanti Virtual Traffic Manager Security Advisory: Ivanti Avalanche Security Advisory: Ivanti Neurons for ITSM Vulnerabilities: CVE-2024-7569 CVSS: 9.6 CVE-2024-7570 CVSS: 8.3 Affected Versions: 2023.2 2023.3 2023.4 Security Advisory: Ivanti Virtual Traffic Manager (vTM ) Ivanti Avalanche Ivanti Reported Vulnerabilities Vulnerabilities: *CVE-2024-7593 CVSS: 9.8 Affected Versions: 22.2 & 22.3 22.3R2, 22.5R1, 22.6R1, 22.7R1 Vulnerabilities: CVE-2024-38652 CVSS: 8.2 CVE-2024-38653 CVSS: 8.2 CVE-2024-36136 CVSS: 7.5 CVE-2024-37399 CVSS: 7.5 CVE-2024-37373 CVSS: 7.2 Affected Versions: 6.3.1 – 6.3.4 6.4.0 – 6.4.3 No vulnerabilities were known to be exploited at the time of disclosure *Publicly Disclosed
  • 11.
    Copyright © 2024Ivanti. All rights reserved. 11 CVE-2024-33599 CVSS 3: 7.6 § nscd contains a buffer overflow in the caching functionality (ironic since ncsd literally means Name Service Cache Daemon), where a fixed size cache can be exhausted, causing subsequent requests to overflow. § Since one of the use cases for nscd is in mixed Windows/Linux environments, this can be particularly important as it can be abused to prevent Linux systems with shared authentication mechanisms to stop accepting Windows-based accounts as valid. § This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Background Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd. conf, determines the behavior of the cache daemon. Mitigation Update systems to the latest version of glibc New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
  • 12.
    Copyright © 2024Ivanti. All rights reserved. 12 CVE-2024-38475 CVSS 3: 9.1 § Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 & earlier may lead to code execution or source code disclosure. § Allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. § Substitutions in server context that use backreferences or variables as the first segment of the substitution are affected. Mitigation Upgrading to version 2.4.60 eliminates this vulnerability. The patch for this vulnerability can break some (unsafe) mod_rewrite rules, so caution and proper testing is advised when patching it. Vulnerable versions of Apache ship with CentOS 6, 7, 8.4, 8.5 and derivatives. Note that none of them are under official vendor support any longer. New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
  • 13.
    Copyright © 2024Ivanti. All rights reserved. 13 CVE-2024-39929 CVSS 3: 5.4 § Exim (a free, mail transfer agent) through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism. § Attackers can potentially deliver executable attachments to the mailboxes of end users.If a user were to download or run one of these malicious files, the system could be compromised. Impact At one point, millions of internet-accessible Exim servers were running a potentially vulnerable version (4.97.1 or earlier). Prospective targets must click on an attached executable for the attack to be successful. Mitigation This issue is fixed in Exim 4.98. Users should move quickly to apply the patches to mitigate potential threats. New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
  • 14.
    Copyright © 2024Ivanti. All rights reserved. 14 Microsoft Patch Tuesday Updates of Interest Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update- guide/en-US/vulnerability/ADV990001 § Server 2012/2012 R2 ESU and Windows 10 (see graphic) Azure and Development Tool Updates § .NET 8 § Azure Connected Machine Agent § Azure CycleCloud 8.0.0 – 8.6.2 § Azure Health Bot § Azure IoT Hub Device Client SDK § Azure Stack Hub § Visual Studio 2022 v17.6 – v17.10 Source: Microsoft
  • 15.
    Copyright © 2024Ivanti. All rights reserved. 15 Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 16.
    Copyright © 2024Ivanti. All rights reserved. 16 Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info § Focused on server long-term stability § Major version releases every 2-3 years § 5 years mainstream and 5 years extended support § Server core or server with desktop experience available Source: Microsoft
  • 17.
    Copyright © 2024Ivanti. All rights reserved. 17 Patch Content Announcements Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
  • 18.
    Copyright © 2024Ivanti. All rights reserved. 18 Bulletins and Releases
  • 19.
    Copyright © 2024Ivanti. All rights reserved. APSB24-57: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024) § Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses 12 vulnerabilities; 8 are rated Critical. § Impact: Arbitrary Code Execution, Privilege Escalation, Memory Leak § Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-57.html for more details. § Restart Required: Requires application restart 1
  • 20.
    Copyright © 2024Ivanti. All rights reserved. 20 MS24-08-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2 and Edge Chromium § Description: This bulletin references KB 5041592 (21H2), KB 5041585 (22H2/23H2), and KB 5041571 (24H2). See KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Tampering, Elevation of Privilege, and Information Disclosure § Fixes 55 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide NOTE: Win 11 24H2 update is targeted for Copilot+ PCs devices and devices that were previously using Windows Insider 24H2 builds 1
  • 21.
    Copyright © 2024Ivanti. All rights reserved. 21 August Known Issues for Windows 11 § KB 5041592 – Windows 11 version 21H2, all editions § [Prof_Pic] After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520. Workaround: Microsoft is working on a resolution § KB 5041571 – Windows 11 version 24H2, all editions § [Roblox] We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows. § Workaround: Download Roblox directly from vendor.
  • 22.
    Copyright © 2024Ivanti. All rights reserved. 22 MS24-08-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references multiple KB articles. See Windows 10 and associated server KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure § Fixes 63 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1
  • 23.
    Copyright © 2024Ivanti. All rights reserved. 23 August Known Issues for Windows 10 § KB 5041773 – Windows 10 version 1607, all editions; Windows Server 2016, all editions § [Remote Desktop] After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. § Workaround: See KB for multiple options. Microsoft is working on a resolution. § KB 5041578 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Remote Desktop] § KB 5041580 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, Windows 10, version 22H2, all editions § [Prof_Pic] § KB 5041160 – Windows Server 2022 § [Prof_Pic] § [Remote Desktop]
  • 24.
    Copyright © 2024Ivanti. All rights reserved. 24 § Maximum Severity: Important § Affected Products: Office 2016 Plus, Outlook 2016, Powerpoint 2016, Project 2016, Office LTSC for Mac 2021 § Description: This security update resolves multiple remote code execution and an elevation of privilege vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes. § Impact: Remote Code Execution, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38084, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-OFF: Security Updates for Microsoft Office 1 2
  • 25.
    Copyright © 2024Ivanti. All rights reserved. 25 § Maximum Severity: Important § Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021 § Description: This security update resolves multiple remote code execution vulnerabilities in Microsoft Office. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38169, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-O365: Security Updates for Microsoft 365 Apps 1 2
  • 26.
    Copyright © 2024Ivanti. All rights reserved. 26 Between Patch Tuesdays
  • 27.
    Copyright © 2024Ivanti. All rights reserved. 27 Windows Release Summary § Security Updates (with CVEs): AutoCAD (3), Azul Zulu (4), Google Chrome (4), Corretto (4), Citrix Workspace App LTSR (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1), RedHat OpenJDK (4) § Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (3), Audacity (2), Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Citrix Workspace App (1), Dell Command Update Windows Universal Application (1), Docker (1), Dropbox (2), Eclipse Adoptium (3), Firefox (2), Foxit PDF Editor (1), Foxit PDF Editor (Subscription) (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Nitro Pro Enterprise (1), Node.JS (Current) (3), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (4), Pulse Secure VPN Desktop Client (1), Python (1), PeaZip (1), RedHat OpenJDK (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (7), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird ESR (3), Apache Tomcat (3), VMware Horizon Client (1), Cisco Webex Meetings Desktop App (2), Zoom Workplace desktop app (2), Zoom Outlook Plugin (1), Zoom Rooms App (1), Zoom Workplace VDI App (1)
  • 28.
    Copyright © 2024Ivanti. All rights reserved. 28 Windows Release Summary (cont) § Non-Security Updates: 1password (3), 8x8 Work Desktop (1), AIMP (1), Bandicut (2), Beyond Compare (1), Bitwarden (2), Camtasia (1), docuPrinter (1), draw.io (1), Evernote (8), Google Drive File Stream (1), GeoGebra Classic (1), LogMeIn (1), NextCloud Desktop Client (1), Plantronics Hub (1), RingCentral App (Machine-Wide Installer) (3), Rocket.Chat Desktop Client (1), Cisco Webex Teams (1), WeCom (2), WinMerge (1)
  • 29.
    Copyright © 2024Ivanti. All rights reserved. 29 Windows Third Party CVE Information § AutoCAD 2025.1 § ADAC25-240723, QACAD20251 § Fixes 41 Vulnerabilities § AutoCAD 2023.1.6 § ADAC23-240712, QACAD202316 § Fixes 41 Vulnerabilities § AutoCAD 2022.1.5 § ADAC22-240723, QACAD202215 § Fixes 29 Vulnerabilities
  • 30.
    Copyright © 2024Ivanti. All rights reserved. 30 Windows Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROME-240716, QGC12606478183 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROME-240724, QGC1270653373 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROME-240730, QGC1270653389 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
  • 31.
    Copyright © 2024Ivanti. All rights reserved. 31 Windows Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROME-240806, QGC12706533100 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Citrix Workspace App LTSR 22.03.6002 Hotfix 2 § CTXWA-240715, QCTXWA22036002 § Fixes 1 Vulnerability: CVE-2024-6286 § VirtualBox 7.0.20 § OVB70-240716, QOVB7020 § Fixes 3 Vulnerabilities: CVE-2024-21141, CVE-2024-21161, CVE-2024-21164
  • 32.
    Copyright © 2024Ivanti. All rights reserved. 32 Windows Third Party CVE Information (cont) § Azul Zulu 21.36.17 (21.0.4) Note: FX version of JDK also supported § ZULU21-240716, QZULUJDK213617 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 17.52.17 (17.0.12) Note: FX version of JDK also supported § ZULU17-240716, QZULUJDK175217 and QZULUJRE175217 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 11.74.15 (11.0.24) Note: FX version of JDK also supported § ZULU11-240716, QZULUJDK117415 and QZULUJRE117415 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147
  • 33.
    Copyright © 2024Ivanti. All rights reserved. 33 Windows Third Party CVE Information (cont) § Azul Zulu 8.80.0.17 (8u422) Note: FX version of JDK also supported § ZULU8-240716, QZULUJDK880017 and QZULUJRE880017 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java Development Kit 21 Update 21.0.4 § JDK21-240715, QJDK2104 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983 § Java Development Kit 17 Update 17.0.12 § JDK17-240715, QJDK17012 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983
  • 34.
    Copyright © 2024Ivanti. All rights reserved. 34 Windows Third Party CVE Information (cont) § Java Development Kit 11 Update 11.0.24 § JDK11-240718, QJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java 8 Update 421 – JRE and JDK § JAVA8-240718, QJDK8U421 and QJRE8U421 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 21.0.4.7.1 § CRTO21-240717, QCRTOJDK2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 35.
    Copyright © 2024Ivanti. All rights reserved. 35 Windows Third Party CVE Information (cont) § Corretto 17.0.12.7.1 § CRTO17-240716, QCRTOJDK17012 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § Corretto 11.0.24.8.1 § CRTO11-240717, QCRTOJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 8.422.05.1 – JRE and JDK § CRTO8-240716, QCRTOJRE842205 § CRTO8-240716, QCRTOJDK842205 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 36.
    Copyright © 2024Ivanti. All rights reserved. 36 Windows Third Party CVE Information (cont) § RedHat OpenJDK 21.0.4.0 § RHTJDK21-240723, QRHTJDK2104 and QRHTJRE2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 17.0.12.0 § RHTJDK17-240723, QRHTJDK1701207 and QRHTJRE1701207 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § RedHat OpenJDK 11.0.24.08 § RHTJDK11-240723, QRHTJDK1102408 and QRHTJRE1102408 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 8.0.422 § RHTJDK8-240723, QRHTJDK180422 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 37.
    Copyright © 2024Ivanti. All rights reserved. 37 Windows Third Party CVE Information (cont) § Firefox 129 § FF-240806, QFF1290 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.14.0 § FFE115-240809, QFFE115140 § Fixes 9 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE- 2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 § Firefox ESR 128.1.0 § FFE128-240806, QFFE12810 § Fixes 12 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024- 7528, CVE-2024-7529, CVE-2024-7531
  • 38.
    Copyright © 2024Ivanti. All rights reserved. 38 Apple Release Summary § Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Sonoma (1), Apple macOS Ventura (1), Apple Safari (1), AutoCAD (2), Emacs (1), Google Chrome (4), Firefox (1), Firefox ESR (1), Microsoft Edge (4), Thunderbird (1), Thunderbird ESR (1) § Security Updates (w/o CVEs): Zoom Client for Mac (2) § Non-Security Updates: 1Password (3), Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), BetterTouchTool (8), Brave (4), Docker Desktop (1), draw.io (1), Dropbox (2), Evernote (8), Firefox (2), Figma (1), Google Drive (1), Grammarly (6), Microsoft AutoUpdate (1), Obsidian (1), OneDrive for Mac (2), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (2), PyCharm Professional (2), Microsoft Office 2019 PowerPoint (1), Skype (1), Slack (1), Snagit (1), macOS Sonoma (1), Spotify (2), Sublime Text Build (1), Microsoft Teams (1), macOS Ventura (1), Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1)
  • 39.
    Copyright © 2024Ivanti. All rights reserved. 39 Apple Updates with CVE Information § macOS Monterey 12.7.6 § HT214118 § Fixes 41 Vulnerabilities: See Apple security bulletin for details § macOS Ventura 13.6.8 § HT214120 § Fixes 45 Vulnerabilities: See Apple security bulletin for details § macOS Sonoma 14.6 § HT214119 § Fixes 69 Vulnerabilities: See Apple security bulletin for details § Safari 17.6 for Ventura and Monterey § HT214121 § Fixes 9 Vulnerabilities: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE- 2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024- 40817, CVE-2024-4558
  • 40.
    Copyright © 2024Ivanti. All rights reserved. 40 Apple Third Party CVE Information § AutoCAD 2023.3.2 § ADACMAC2023-240715 § Fixes 29 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122, CVE-2024-23123, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23134, CVE-2024-23137, CVE-2024-23140, CVE-2024-23141, CVE-2024-23142, CVE-2024-23143, CVE-2024-23144, CVE-2024-23145, CVE-2024-23146, CVE-2024-23147, CVE-2024-23148, CVE-2024-23149, CVE-2024-37000, CVE-2024-37001, CVE-2024-37002, CVE-2024-37003, CVE-2024-37004, CVE-2024-37005, CVE-2024-37006 § AutoCAD 2024.1.4 § ADACMAC2024-240715 § Fixes 29 Vulnerabilities: Same as listed above
  • 41.
    Copyright © 2024Ivanti. All rights reserved. 41 Apple Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROMEMAC-240716 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROMEMAC-240724 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROMEMAC-240731 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
  • 42.
    Copyright © 2024Ivanti. All rights reserved. 42 Apple Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROMEMAC-240806 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Emacs For Mac29.4 § EMACSMAC-240725 § Fixes 1 Vulnerability: CVE-2024-39331
  • 43.
    Copyright © 2024Ivanti. All rights reserved. 43 Apple Third Party CVE Information (cont) § Firefox 129 § FF-240806 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.13.0 § FFE-240716 § Fixes 5 Vulnerabilities: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE- 2024-6604 § Thunderbird ESR 115.14.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE- 2024-7526, CVE-2024-7527, CVE-2024-7529
  • 44.
    Copyright © 2024Ivanti. All rights reserved. 44 Apple Third Party CVE Information (cont) § Thunderbird 128.1.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529 § Microsoft Edge 126.0.2592.113 § MEDGEMAC-240722 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Microsoft Edge 127.0.2651.74 § MEDGEMAC-240725 § Fixes 18 Vulnerabilities: CVE-2024-38103, CVE-2024-39379, CVE-2024-6988, CVE-2024- 6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-6998, CVE-2024-6999, CVE-2024-7000, CVE- 2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005
  • 45.
    Copyright © 2024Ivanti. All rights reserved. 45 Apple Third Party CVE Information (cont) § Microsoft Edge 127.0.2651.86 § MEDGEMAC-240801 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256 § Microsoft Edge 127.0.2651.98 § MEDGEMAC-240809 § Fixes 8 Vulnerabilities: CVE-2024-38218, CVE-2024-38219, CVE-2024-7532, CVE-2024- 7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550
  • 46.
    Copyright © 2024Ivanti. All rights reserved. 46 Q & A
  • 47.
    Copyright © 2024Ivanti. All rights reserved. Copyright © 2024 Ivanti. All rights reserved. 47 Thank You!