Ivanti, profile picture
Uploaded byIvanti
PDF, PPTX618 views

August Patch Tuesday

The August 2024 Patch Tuesday webinar, hosted by Chris Goettl and Todd Schell, covers significant security updates including critical vulnerabilities for Microsoft’s OS and Office products, as well as updates for Adobe Acrobat and Google Chrome. Notable issues include several exploited CVEs requiring urgent attention, with a focus on various Windows-related vulnerabilities impacting privilege escalation and remote code execution. The session also highlights lifecycle awareness for Windows 10 and 11, along with known issues associated with recent updates.

Embed presentation

Download as PDF, PPTX
Hosted by Chris Goettl and Todd Schell Patch Tuesday Webinar Wednesday, August 14, 2024
Copyright © 2024 Ivanti. All rights reserved. 2 Agenda § August 2024 Patch Tuesday Overview § In the News § Bulletins and Releases § Between Patch Tuesdays § Q & A
Copyright © 2024 Ivanti. All rights reserved. 3 The Patch Tuesday releases for August 2024 bring the typical lineup from Microsoft, an Adobe Acrobat and Reader update, and an anticipated update for Google Chrome. Ivanti has some additional security updates to add into the mix this month. The most urgent updates this month are for the OS and Office from Microsoft which resolve a total of six exploited CVEs. For more details check out this month's Patch Tuesday blog. August Patch Tuesday 2024
Copyright © 2024 Ivanti. All rights reserved. 4 In the News
Copyright © 2024 Ivanti. All rights reserved. 5 In the News § Crowdstrike § https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass- checks/ § https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ § Vulnerability to rollback a previous update to make a system vulnerable § https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully- updated-systems/ § IE 11 is still an issue § https://www.darkreading.com/threat-intelligence/microsofts-internet-explorer-gets-revived-to-lure-in-windows- victims
Copyright © 2024 Ivanti. All rights reserved. 6 § CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.0 / 6.5 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All Windows 10 and newer operating system § Per Microsoft: Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Known Exploited Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 7 § CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability § CVSS 3.1 Scores: 7.5 / 7.0 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All currently supported Windows operating systems § Per Microsoft: This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode § CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Impact: Remote Code Execution § Affected Systems: Microsoft Project 2016, 365 Apps for Enterprise, Office 2019, Office LTSC 2021 § Per Microsoft: Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. Known Exploited Vulnerabilities (cont)
Copyright © 2024 Ivanti. All rights reserved. 8 § CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 6.5 / 6.0 § Severity: Moderate § Impact: Security Feature Bypass § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. An attacker must send the user a malicious file and convince them to open it. Known Exploited Vulnerabilities (cont)
Copyright © 2024 Ivanti. All rights reserved. 9 § CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 6.7 / 6.1 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: Windows 10 and newer operating systems § Per Microsoft: Originally released as an optional KB on Aug 7, Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. See KB for details. § CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability § CVSS 3.1 Scores: 9.8 / 8.5 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All Windows supported operating systems § Per Microsoft: Users are advised against installing or enabling the Line Printer Daemon (LPD) service which has been deprecated since Server 2012. Publicly Disclosed Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 10 Ivanti Neurons for ITSM Ivanti Virtual Traffic Manager Security Advisory: Ivanti Avalanche Security Advisory: Ivanti Neurons for ITSM Vulnerabilities: CVE-2024-7569 CVSS: 9.6 CVE-2024-7570 CVSS: 8.3 Affected Versions: 2023.2 2023.3 2023.4 Security Advisory: Ivanti Virtual Traffic Manager (vTM ) Ivanti Avalanche Ivanti Reported Vulnerabilities Vulnerabilities: *CVE-2024-7593 CVSS: 9.8 Affected Versions: 22.2 & 22.3 22.3R2, 22.5R1, 22.6R1, 22.7R1 Vulnerabilities: CVE-2024-38652 CVSS: 8.2 CVE-2024-38653 CVSS: 8.2 CVE-2024-36136 CVSS: 7.5 CVE-2024-37399 CVSS: 7.5 CVE-2024-37373 CVSS: 7.2 Affected Versions: 6.3.1 – 6.3.4 6.4.0 – 6.4.3 No vulnerabilities were known to be exploited at the time of disclosure *Publicly Disclosed
Copyright © 2024 Ivanti. All rights reserved. 11 CVE-2024-33599 CVSS 3: 7.6 § nscd contains a buffer overflow in the caching functionality (ironic since ncsd literally means Name Service Cache Daemon), where a fixed size cache can be exhausted, causing subsequent requests to overflow. § Since one of the use cases for nscd is in mixed Windows/Linux environments, this can be particularly important as it can be abused to prevent Linux systems with shared authentication mechanisms to stop accepting Windows-based accounts as valid. § This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Background Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd. conf, determines the behavior of the cache daemon. Mitigation Update systems to the latest version of glibc New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 12 CVE-2024-38475 CVSS 3: 9.1 § Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 & earlier may lead to code execution or source code disclosure. § Allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. § Substitutions in server context that use backreferences or variables as the first segment of the substitution are affected. Mitigation Upgrading to version 2.4.60 eliminates this vulnerability. The patch for this vulnerability can break some (unsafe) mod_rewrite rules, so caution and proper testing is advised when patching it. Vulnerable versions of Apache ship with CentOS 6, 7, 8.4, 8.5 and derivatives. Note that none of them are under official vendor support any longer. New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 13 CVE-2024-39929 CVSS 3: 5.4 § Exim (a free, mail transfer agent) through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism. § Attackers can potentially deliver executable attachments to the mailboxes of end users.If a user were to download or run one of these malicious files, the system could be compromised. Impact At one point, millions of internet-accessible Exim servers were running a potentially vulnerable version (4.97.1 or earlier). Prospective targets must click on an attached executable for the attack to be successful. Mitigation This issue is fixed in Exim 4.98. Users should move quickly to apply the patches to mitigate potential threats. New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
Copyright © 2024 Ivanti. All rights reserved. 14 Microsoft Patch Tuesday Updates of Interest Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update- guide/en-US/vulnerability/ADV990001 § Server 2012/2012 R2 ESU and Windows 10 (see graphic) Azure and Development Tool Updates § .NET 8 § Azure Connected Machine Agent § Azure CycleCloud 8.0.0 – 8.6.2 § Azure Health Bot § Azure IoT Hub Device Client SDK § Azure Stack Hub § Visual Studio 2022 v17.6 – v17.10 Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 15 Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
Copyright © 2024 Ivanti. All rights reserved. 16 Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info § Focused on server long-term stability § Major version releases every 2-3 years § 5 years mainstream and 5 years extended support § Server core or server with desktop experience available Source: Microsoft
Copyright © 2024 Ivanti. All rights reserved. 17 Patch Content Announcements Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
Copyright © 2024 Ivanti. All rights reserved. 18 Bulletins and Releases
Copyright © 2024 Ivanti. All rights reserved. APSB24-57: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024) § Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses 12 vulnerabilities; 8 are rated Critical. § Impact: Arbitrary Code Execution, Privilege Escalation, Memory Leak § Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-57.html for more details. § Restart Required: Requires application restart 1
Copyright © 2024 Ivanti. All rights reserved. 20 MS24-08-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2 and Edge Chromium § Description: This bulletin references KB 5041592 (21H2), KB 5041585 (22H2/23H2), and KB 5041571 (24H2). See KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Tampering, Elevation of Privilege, and Information Disclosure § Fixes 55 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide NOTE: Win 11 24H2 update is targeted for Copilot+ PCs devices and devices that were previously using Windows Insider 24H2 builds 1
Copyright © 2024 Ivanti. All rights reserved. 21 August Known Issues for Windows 11 § KB 5041592 – Windows 11 version 21H2, all editions § [Prof_Pic] After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520. Workaround: Microsoft is working on a resolution § KB 5041571 – Windows 11 version 24H2, all editions § [Roblox] We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows. § Workaround: Download Roblox directly from vendor.
Copyright © 2024 Ivanti. All rights reserved. 22 MS24-08-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references multiple KB articles. See Windows 10 and associated server KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure § Fixes 63 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1
Copyright © 2024 Ivanti. All rights reserved. 23 August Known Issues for Windows 10 § KB 5041773 – Windows 10 version 1607, all editions; Windows Server 2016, all editions § [Remote Desktop] After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. § Workaround: See KB for multiple options. Microsoft is working on a resolution. § KB 5041578 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Remote Desktop] § KB 5041580 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, Windows 10, version 22H2, all editions § [Prof_Pic] § KB 5041160 – Windows Server 2022 § [Prof_Pic] § [Remote Desktop]
Copyright © 2024 Ivanti. All rights reserved. 24 § Maximum Severity: Important § Affected Products: Office 2016 Plus, Outlook 2016, Powerpoint 2016, Project 2016, Office LTSC for Mac 2021 § Description: This security update resolves multiple remote code execution and an elevation of privilege vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes. § Impact: Remote Code Execution, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38084, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-OFF: Security Updates for Microsoft Office 1 2
Copyright © 2024 Ivanti. All rights reserved. 25 § Maximum Severity: Important § Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021 § Description: This security update resolves multiple remote code execution vulnerabilities in Microsoft Office. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38169, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-O365: Security Updates for Microsoft 365 Apps 1 2
Copyright © 2024 Ivanti. All rights reserved. 26 Between Patch Tuesdays
Copyright © 2024 Ivanti. All rights reserved. 27 Windows Release Summary § Security Updates (with CVEs): AutoCAD (3), Azul Zulu (4), Google Chrome (4), Corretto (4), Citrix Workspace App LTSR (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1), RedHat OpenJDK (4) § Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (3), Audacity (2), Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Citrix Workspace App (1), Dell Command Update Windows Universal Application (1), Docker (1), Dropbox (2), Eclipse Adoptium (3), Firefox (2), Foxit PDF Editor (1), Foxit PDF Editor (Subscription) (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Nitro Pro Enterprise (1), Node.JS (Current) (3), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (4), Pulse Secure VPN Desktop Client (1), Python (1), PeaZip (1), RedHat OpenJDK (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (7), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird ESR (3), Apache Tomcat (3), VMware Horizon Client (1), Cisco Webex Meetings Desktop App (2), Zoom Workplace desktop app (2), Zoom Outlook Plugin (1), Zoom Rooms App (1), Zoom Workplace VDI App (1)
Copyright © 2024 Ivanti. All rights reserved. 28 Windows Release Summary (cont) § Non-Security Updates: 1password (3), 8x8 Work Desktop (1), AIMP (1), Bandicut (2), Beyond Compare (1), Bitwarden (2), Camtasia (1), docuPrinter (1), draw.io (1), Evernote (8), Google Drive File Stream (1), GeoGebra Classic (1), LogMeIn (1), NextCloud Desktop Client (1), Plantronics Hub (1), RingCentral App (Machine-Wide Installer) (3), Rocket.Chat Desktop Client (1), Cisco Webex Teams (1), WeCom (2), WinMerge (1)
Copyright © 2024 Ivanti. All rights reserved. 29 Windows Third Party CVE Information § AutoCAD 2025.1 § ADAC25-240723, QACAD20251 § Fixes 41 Vulnerabilities § AutoCAD 2023.1.6 § ADAC23-240712, QACAD202316 § Fixes 41 Vulnerabilities § AutoCAD 2022.1.5 § ADAC22-240723, QACAD202215 § Fixes 29 Vulnerabilities
Copyright © 2024 Ivanti. All rights reserved. 30 Windows Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROME-240716, QGC12606478183 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROME-240724, QGC1270653373 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROME-240730, QGC1270653389 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
Copyright © 2024 Ivanti. All rights reserved. 31 Windows Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROME-240806, QGC12706533100 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Citrix Workspace App LTSR 22.03.6002 Hotfix 2 § CTXWA-240715, QCTXWA22036002 § Fixes 1 Vulnerability: CVE-2024-6286 § VirtualBox 7.0.20 § OVB70-240716, QOVB7020 § Fixes 3 Vulnerabilities: CVE-2024-21141, CVE-2024-21161, CVE-2024-21164
Copyright © 2024 Ivanti. All rights reserved. 32 Windows Third Party CVE Information (cont) § Azul Zulu 21.36.17 (21.0.4) Note: FX version of JDK also supported § ZULU21-240716, QZULUJDK213617 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 17.52.17 (17.0.12) Note: FX version of JDK also supported § ZULU17-240716, QZULUJDK175217 and QZULUJRE175217 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 11.74.15 (11.0.24) Note: FX version of JDK also supported § ZULU11-240716, QZULUJDK117415 and QZULUJRE117415 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 33 Windows Third Party CVE Information (cont) § Azul Zulu 8.80.0.17 (8u422) Note: FX version of JDK also supported § ZULU8-240716, QZULUJDK880017 and QZULUJRE880017 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java Development Kit 21 Update 21.0.4 § JDK21-240715, QJDK2104 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983 § Java Development Kit 17 Update 17.0.12 § JDK17-240715, QJDK17012 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983
Copyright © 2024 Ivanti. All rights reserved. 34 Windows Third Party CVE Information (cont) § Java Development Kit 11 Update 11.0.24 § JDK11-240718, QJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java 8 Update 421 – JRE and JDK § JAVA8-240718, QJDK8U421 and QJRE8U421 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 21.0.4.7.1 § CRTO21-240717, QCRTOJDK2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 35 Windows Third Party CVE Information (cont) § Corretto 17.0.12.7.1 § CRTO17-240716, QCRTOJDK17012 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § Corretto 11.0.24.8.1 § CRTO11-240717, QCRTOJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 8.422.05.1 – JRE and JDK § CRTO8-240716, QCRTOJRE842205 § CRTO8-240716, QCRTOJDK842205 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 36 Windows Third Party CVE Information (cont) § RedHat OpenJDK 21.0.4.0 § RHTJDK21-240723, QRHTJDK2104 and QRHTJRE2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 17.0.12.0 § RHTJDK17-240723, QRHTJDK1701207 and QRHTJRE1701207 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § RedHat OpenJDK 11.0.24.08 § RHTJDK11-240723, QRHTJDK1102408 and QRHTJRE1102408 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 8.0.422 § RHTJDK8-240723, QRHTJDK180422 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
Copyright © 2024 Ivanti. All rights reserved. 37 Windows Third Party CVE Information (cont) § Firefox 129 § FF-240806, QFF1290 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.14.0 § FFE115-240809, QFFE115140 § Fixes 9 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE- 2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 § Firefox ESR 128.1.0 § FFE128-240806, QFFE12810 § Fixes 12 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024- 7528, CVE-2024-7529, CVE-2024-7531
Copyright © 2024 Ivanti. All rights reserved. 38 Apple Release Summary § Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Sonoma (1), Apple macOS Ventura (1), Apple Safari (1), AutoCAD (2), Emacs (1), Google Chrome (4), Firefox (1), Firefox ESR (1), Microsoft Edge (4), Thunderbird (1), Thunderbird ESR (1) § Security Updates (w/o CVEs): Zoom Client for Mac (2) § Non-Security Updates: 1Password (3), Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), BetterTouchTool (8), Brave (4), Docker Desktop (1), draw.io (1), Dropbox (2), Evernote (8), Firefox (2), Figma (1), Google Drive (1), Grammarly (6), Microsoft AutoUpdate (1), Obsidian (1), OneDrive for Mac (2), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (2), PyCharm Professional (2), Microsoft Office 2019 PowerPoint (1), Skype (1), Slack (1), Snagit (1), macOS Sonoma (1), Spotify (2), Sublime Text Build (1), Microsoft Teams (1), macOS Ventura (1), Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1)
Copyright © 2024 Ivanti. All rights reserved. 39 Apple Updates with CVE Information § macOS Monterey 12.7.6 § HT214118 § Fixes 41 Vulnerabilities: See Apple security bulletin for details § macOS Ventura 13.6.8 § HT214120 § Fixes 45 Vulnerabilities: See Apple security bulletin for details § macOS Sonoma 14.6 § HT214119 § Fixes 69 Vulnerabilities: See Apple security bulletin for details § Safari 17.6 for Ventura and Monterey § HT214121 § Fixes 9 Vulnerabilities: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE- 2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024- 40817, CVE-2024-4558
Copyright © 2024 Ivanti. All rights reserved. 40 Apple Third Party CVE Information § AutoCAD 2023.3.2 § ADACMAC2023-240715 § Fixes 29 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122, CVE-2024-23123, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23134, CVE-2024-23137, CVE-2024-23140, CVE-2024-23141, CVE-2024-23142, CVE-2024-23143, CVE-2024-23144, CVE-2024-23145, CVE-2024-23146, CVE-2024-23147, CVE-2024-23148, CVE-2024-23149, CVE-2024-37000, CVE-2024-37001, CVE-2024-37002, CVE-2024-37003, CVE-2024-37004, CVE-2024-37005, CVE-2024-37006 § AutoCAD 2024.1.4 § ADACMAC2024-240715 § Fixes 29 Vulnerabilities: Same as listed above
Copyright © 2024 Ivanti. All rights reserved. 41 Apple Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROMEMAC-240716 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROMEMAC-240724 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROMEMAC-240731 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
Copyright © 2024 Ivanti. All rights reserved. 42 Apple Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROMEMAC-240806 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Emacs For Mac29.4 § EMACSMAC-240725 § Fixes 1 Vulnerability: CVE-2024-39331
Copyright © 2024 Ivanti. All rights reserved. 43 Apple Third Party CVE Information (cont) § Firefox 129 § FF-240806 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.13.0 § FFE-240716 § Fixes 5 Vulnerabilities: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE- 2024-6604 § Thunderbird ESR 115.14.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE- 2024-7526, CVE-2024-7527, CVE-2024-7529
Copyright © 2024 Ivanti. All rights reserved. 44 Apple Third Party CVE Information (cont) § Thunderbird 128.1.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529 § Microsoft Edge 126.0.2592.113 § MEDGEMAC-240722 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Microsoft Edge 127.0.2651.74 § MEDGEMAC-240725 § Fixes 18 Vulnerabilities: CVE-2024-38103, CVE-2024-39379, CVE-2024-6988, CVE-2024- 6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-6998, CVE-2024-6999, CVE-2024-7000, CVE- 2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005
Copyright © 2024 Ivanti. All rights reserved. 45 Apple Third Party CVE Information (cont) § Microsoft Edge 127.0.2651.86 § MEDGEMAC-240801 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256 § Microsoft Edge 127.0.2651.98 § MEDGEMAC-240809 § Fixes 8 Vulnerabilities: CVE-2024-38218, CVE-2024-38219, CVE-2024-7532, CVE-2024- 7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550
Copyright © 2024 Ivanti. All rights reserved. 46 Q & A
Copyright © 2024 Ivanti. All rights reserved. Copyright © 2024 Ivanti. All rights reserved. 47 Thank You!

More Related Content

PPTX
2024 Ivanti October Patch Tuesday Webinar
byIvanti
 
PDF
Patch Tuesday de Septiembre
byIvanti
 
PDF
September Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Septembre
byIvanti
 
PDF
Patch Tuesday Italia Settembre
byIvanti
 
PDF
Patch Tuesday de Noviembre
byIvanti
 
PDF
November Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Novembre
byIvanti
 
2024 Ivanti October Patch Tuesday Webinar
byIvanti
 
Patch Tuesday de Septiembre
byIvanti
 
September Patch Tuesday
byIvanti
 
Français Patch Tuesday - Septembre
byIvanti
 
Patch Tuesday Italia Settembre
byIvanti
 
Patch Tuesday de Noviembre
byIvanti
 
November Patch Tuesday
byIvanti
 
Français Patch Tuesday - Novembre
byIvanti
 

Similar to August Patch Tuesday

PDF
Patch Tuesday Italia Novembre
byIvanti
 
PDF
February Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Février
byIvanti
 
PDF
May Patch Tuesday
byIvanti
 
PDF
Patch Tuesday de Febrero
byIvanti
 
PDF
March Patch Tuesday
byIvanti
 
PDF
July Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Mai
byIvanti
 
PDF
2024 February Patch Tuesday
byIvanti
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Patch Tuesday Italia Febbraio
byIvanti
 
PDF
Patch Tuesday de julio
byIvanti
 
PDF
Français Patch Tuesday - Mars
byIvanti
 
PDF
2024 Français Patch Tuesday - Février
byIvanti
 
PDF
Patch Tuesday de Noviembre
byIvanti
 
PDF
Patch Tuesday Italia Luglio
byIvanti
 
PDF
2024 May Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Décembre
byIvanti
 
PDF
Patch Tuesday Italia Dicembre
byIvanti
 
PDF
Français Patch Tuesday - juillet
byIvanti
 
Patch Tuesday Italia Novembre
byIvanti
 
February Patch Tuesday
byIvanti
 
Français Patch Tuesday - Février
byIvanti
 
May Patch Tuesday
byIvanti
 
Patch Tuesday de Febrero
byIvanti
 
March Patch Tuesday
byIvanti
 
July Patch Tuesday
byIvanti
 
Français Patch Tuesday - Mai
byIvanti
 
2024 February Patch Tuesday
byIvanti
 
December Patch Tuesday
byIvanti
 
Patch Tuesday Italia Febbraio
byIvanti
 
Patch Tuesday de julio
byIvanti
 
Français Patch Tuesday - Mars
byIvanti
 
2024 Français Patch Tuesday - Février
byIvanti
 
Patch Tuesday de Noviembre
byIvanti
 
Patch Tuesday Italia Luglio
byIvanti
 
2024 May Patch Tuesday
byIvanti
 
Français Patch Tuesday - Décembre
byIvanti
 
Patch Tuesday Italia Dicembre
byIvanti
 
Français Patch Tuesday - juillet
byIvanti
 

More from Ivanti

PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Français Patch Tuesday - Janvier
byIvanti
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - décembre
byIvanti
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - novembre
byIvanti
 
PDF
November Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - octobre
byIvanti
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Septembre
byIvanti
 
PDF
September Patch Tuesday
byIvanti
 
PDF
August Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Juillet
byIvanti
 
PDF
July Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Juin
byIvanti
 
PDF
June Patch Tuesday
byIvanti
 
PDF
Français Patch Tuesday - Avril
byIvanti
 
PDF
April Patch Tuesday
byIvanti
 
PDF
Patch Tuesday de Diciembre
byIvanti
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Français Patch Tuesday - Janvier
byIvanti
 
January Patch Tuesday
byIvanti
 
Français Patch Tuesday - décembre
byIvanti
 
December Patch Tuesday
byIvanti
 
Français Patch Tuesday - novembre
byIvanti
 
November Patch Tuesday
byIvanti
 
Français Patch Tuesday - octobre
byIvanti
 
2025 October Patch Tuesday
byIvanti
 
Français Patch Tuesday - Septembre
byIvanti
 
September Patch Tuesday
byIvanti
 
August Patch Tuesday
byIvanti
 
Français Patch Tuesday - Juillet
byIvanti
 
July Patch Tuesday
byIvanti
 
Français Patch Tuesday - Juin
byIvanti
 
June Patch Tuesday
byIvanti
 
Français Patch Tuesday - Avril
byIvanti
 
April Patch Tuesday
byIvanti
 
Patch Tuesday de Diciembre
byIvanti
 

Recently uploaded

PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
apidays New York 2025 | AI in Application Security
byapidays
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 

August Patch Tuesday

  • 1.
    Hosted by ChrisGoettl and Todd Schell Patch Tuesday Webinar Wednesday, August 14, 2024
  • 2.
    Copyright © 2024Ivanti. All rights reserved. 2 Agenda § August 2024 Patch Tuesday Overview § In the News § Bulletins and Releases § Between Patch Tuesdays § Q & A
  • 3.
    Copyright © 2024Ivanti. All rights reserved. 3 The Patch Tuesday releases for August 2024 bring the typical lineup from Microsoft, an Adobe Acrobat and Reader update, and an anticipated update for Google Chrome. Ivanti has some additional security updates to add into the mix this month. The most urgent updates this month are for the OS and Office from Microsoft which resolve a total of six exploited CVEs. For more details check out this month's Patch Tuesday blog. August Patch Tuesday 2024
  • 4.
    Copyright © 2024Ivanti. All rights reserved. 4 In the News
  • 5.
    Copyright © 2024Ivanti. All rights reserved. 5 In the News § Crowdstrike § https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass- checks/ § https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ § Vulnerability to rollback a previous update to make a system vulnerable § https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully- updated-systems/ § IE 11 is still an issue § https://www.darkreading.com/threat-intelligence/microsofts-internet-explorer-gets-revived-to-lure-in-windows- victims
  • 6.
    Copyright © 2024Ivanti. All rights reserved. 6 § CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.0 / 6.5 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All Windows 10 and newer operating system § Per Microsoft: Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Known Exploited Vulnerabilities
  • 7.
    Copyright © 2024Ivanti. All rights reserved. 7 § CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability § CVSS 3.1 Scores: 7.5 / 7.0 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All currently supported Windows operating systems § Per Microsoft: This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode § CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability § CVSS 3.1 Scores: 8.8 / 8.2 § Severity: Important § Impact: Remote Code Execution § Affected Systems: Microsoft Project 2016, 365 Apps for Enterprise, Office 2019, Office LTSC 2021 § Per Microsoft: Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. Known Exploited Vulnerabilities (cont)
  • 8.
    Copyright © 2024Ivanti. All rights reserved. 8 § CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 7.8 / 7.2 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. § CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability § CVSS 3.1 Scores: 6.5 / 6.0 § Severity: Moderate § Impact: Security Feature Bypass § Affected Systems: All currently supported Windows operating systems § Per Microsoft: An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. An attacker must send the user a malicious file and convince them to open it. Known Exploited Vulnerabilities (cont)
  • 9.
    Copyright © 2024Ivanti. All rights reserved. 9 § CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability § CVSS 3.1 Scores: 6.7 / 6.1 § Severity: Important § Impact: Elevation of Privilege § Affected Systems: Windows 10 and newer operating systems § Per Microsoft: Originally released as an optional KB on Aug 7, Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. See KB for details. § CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability § CVSS 3.1 Scores: 9.8 / 8.5 § Severity: Important § Impact: Remote Code Execution § Affected Systems: All Windows supported operating systems § Per Microsoft: Users are advised against installing or enabling the Line Printer Daemon (LPD) service which has been deprecated since Server 2012. Publicly Disclosed Vulnerabilities
  • 10.
    Copyright © 2024Ivanti. All rights reserved. 10 Ivanti Neurons for ITSM Ivanti Virtual Traffic Manager Security Advisory: Ivanti Avalanche Security Advisory: Ivanti Neurons for ITSM Vulnerabilities: CVE-2024-7569 CVSS: 9.6 CVE-2024-7570 CVSS: 8.3 Affected Versions: 2023.2 2023.3 2023.4 Security Advisory: Ivanti Virtual Traffic Manager (vTM ) Ivanti Avalanche Ivanti Reported Vulnerabilities Vulnerabilities: *CVE-2024-7593 CVSS: 9.8 Affected Versions: 22.2 & 22.3 22.3R2, 22.5R1, 22.6R1, 22.7R1 Vulnerabilities: CVE-2024-38652 CVSS: 8.2 CVE-2024-38653 CVSS: 8.2 CVE-2024-36136 CVSS: 7.5 CVE-2024-37399 CVSS: 7.5 CVE-2024-37373 CVSS: 7.2 Affected Versions: 6.3.1 – 6.3.4 6.4.0 – 6.4.3 No vulnerabilities were known to be exploited at the time of disclosure *Publicly Disclosed
  • 11.
    Copyright © 2024Ivanti. All rights reserved. 11 CVE-2024-33599 CVSS 3: 7.6 § nscd contains a buffer overflow in the caching functionality (ironic since ncsd literally means Name Service Cache Daemon), where a fixed size cache can be exhausted, causing subsequent requests to overflow. § Since one of the use cases for nscd is in mixed Windows/Linux environments, this can be particularly important as it can be abused to prevent Linux systems with shared authentication mechanisms to stop accepting Windows-based accounts as valid. § This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Background Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd. conf, determines the behavior of the cache daemon. Mitigation Update systems to the latest version of glibc New and Notable Linux Vulnerabilities: 1 Highlighted by TuxCare
  • 12.
    Copyright © 2024Ivanti. All rights reserved. 12 CVE-2024-38475 CVSS 3: 9.1 § Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 & earlier may lead to code execution or source code disclosure. § Allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. § Substitutions in server context that use backreferences or variables as the first segment of the substitution are affected. Mitigation Upgrading to version 2.4.60 eliminates this vulnerability. The patch for this vulnerability can break some (unsafe) mod_rewrite rules, so caution and proper testing is advised when patching it. Vulnerable versions of Apache ship with CentOS 6, 7, 8.4, 8.5 and derivatives. Note that none of them are under official vendor support any longer. New and Notable Linux Vulnerabilities: 2 Highlighted by TuxCare
  • 13.
    Copyright © 2024Ivanti. All rights reserved. 13 CVE-2024-39929 CVSS 3: 5.4 § Exim (a free, mail transfer agent) through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism. § Attackers can potentially deliver executable attachments to the mailboxes of end users.If a user were to download or run one of these malicious files, the system could be compromised. Impact At one point, millions of internet-accessible Exim servers were running a potentially vulnerable version (4.97.1 or earlier). Prospective targets must click on an attached executable for the attack to be successful. Mitigation This issue is fixed in Exim 4.98. Users should move quickly to apply the patches to mitigate potential threats. New and Notable Linux Vulnerabilities: 3 Highlighted by TuxCare
  • 14.
    Copyright © 2024Ivanti. All rights reserved. 14 Microsoft Patch Tuesday Updates of Interest Advisory 990001 Latest Servicing Stack Updates (SSU) § https://msrc.microsoft.com/update- guide/en-US/vulnerability/ADV990001 § Server 2012/2012 R2 ESU and Windows 10 (see graphic) Azure and Development Tool Updates § .NET 8 § Azure Connected Machine Agent § Azure CycleCloud 8.0.0 – 8.6.2 § Azure Health Bot § Azure IoT Hub Device Client SDK § Azure Stack Hub § Visual Studio 2022 v17.6 – v17.10 Source: Microsoft
  • 15.
    Copyright © 2024Ivanti. All rights reserved. 15 Windows 10 and 11 Lifecycle Awareness Windows 10 Enterprise and Education Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 10 Home and Pro Version Release Date End of Support Date 22H2 10/18/2022 10/14/2025 Windows 11 Home and Pro Version Release Date End of Support Date 23H2 10/31/2023 11/11/2025 22H2 9/20/2022 10/8/2024 Windows 11 Enterprise and Education Version Release Date End of Support Date 23H2 10/31/2023 11/10/2026 22H2 9/20/2022 10/14/2025 21H2 10/4/2021 10/8/2024 Source: Microsoft https://docs.microsoft.com/en-us/lifecycle/faq/windows
  • 16.
    Copyright © 2024Ivanti. All rights reserved. 16 Server Long-term Servicing Channel Support Server LTSC Support Version Editions Release Date Mainstream Support Ends Extended Support Ends Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031 Windows Server 2019 (Version 1809) Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029 Windows Server 2016 (Version 1607) Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027 https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info § Focused on server long-term stability § Major version releases every 2-3 years § 5 years mainstream and 5 years extended support § Server core or server with desktop experience available Source: Microsoft
  • 17.
    Copyright © 2024Ivanti. All rights reserved. 17 Patch Content Announcements Announcements Posted on Community Forum Pages § https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2 § Subscribe to receive email for the desired product(s) Content Info: Endpoint Security Content Info: Endpoint Manager Content Info: macOS Updates Content Info: Linux Updates Content Info: Patch for Configuration Manager Content Info: ISEC and Neurons Patch Content Info: Neurons Patch for InTune
  • 18.
    Copyright © 2024Ivanti. All rights reserved. 18 Bulletins and Releases
  • 19.
    Copyright © 2024Ivanti. All rights reserved. APSB24-57: Security Update for Adobe Acrobat and Reader § Maximum Severity: Critical § Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024) § Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses 12 vulnerabilities; 8 are rated Critical. § Impact: Arbitrary Code Execution, Privilege Escalation, Memory Leak § Fixes 12 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-57.html for more details. § Restart Required: Requires application restart 1
  • 20.
    Copyright © 2024Ivanti. All rights reserved. 20 MS24-08-W11: Windows 11 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2 and Edge Chromium § Description: This bulletin references KB 5041592 (21H2), KB 5041585 (22H2/23H2), and KB 5041571 (24H2). See KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Tampering, Elevation of Privilege, and Information Disclosure § Fixes 55 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide NOTE: Win 11 24H2 update is targeted for Copilot+ PCs devices and devices that were previously using Windows Insider 24H2 builds 1
  • 21.
    Copyright © 2024Ivanti. All rights reserved. 21 August Known Issues for Windows 11 § KB 5041592 – Windows 11 version 21H2, all editions § [Prof_Pic] After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520. Workaround: Microsoft is working on a resolution § KB 5041571 – Windows 11 version 24H2, all editions § [Roblox] We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows. § Workaround: Download Roblox directly from vendor.
  • 22.
    Copyright © 2024Ivanti. All rights reserved. 22 MS24-08-W10: Windows 10 Update § Maximum Severity: Critical § Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium § Description: This bulletin references multiple KB articles. See Windows 10 and associated server KBs for details of all changes. § Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, Elevation of Privilege, and Information Disclosure § Fixes 63 Vulnerabilities: CVE-2024-21302 and CVE-2024-38199 are publicly disclosed. CVE- 2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193, and CVE-2024-38213 are known exploited. See the Security Update Guide for the complete list of CVEs. § Restart Required: Requires restart § Known Issues: See next slide 1
  • 23.
    Copyright © 2024Ivanti. All rights reserved. 23 August Known Issues for Windows 10 § KB 5041773 – Windows 10 version 1607, all editions; Windows Server 2016, all editions § [Remote Desktop] After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. § Workaround: See KB for multiple options. Microsoft is working on a resolution. § KB 5041578 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10 IoT Core 2019 LTSC, Windows Server 2019 § [Remote Desktop] § KB 5041580 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, Windows 10, version 22H2, all editions § [Prof_Pic] § KB 5041160 – Windows Server 2022 § [Prof_Pic] § [Remote Desktop]
  • 24.
    Copyright © 2024Ivanti. All rights reserved. 24 § Maximum Severity: Important § Affected Products: Office 2016 Plus, Outlook 2016, Powerpoint 2016, Project 2016, Office LTSC for Mac 2021 § Description: This security update resolves multiple remote code execution and an elevation of privilege vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes. § Impact: Remote Code Execution, Elevation of Privilege § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38084, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-OFF: Security Updates for Microsoft Office 1 2
  • 25.
    Copyright © 2024Ivanti. All rights reserved. 25 § Maximum Severity: Important § Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021 § Description: This security update resolves multiple remote code execution vulnerabilities in Microsoft Office. Information on the security updates is available at https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates. § Impact: Remote Code Execution § Fixes 6 Vulnerabilities: CVE-2024-38189 is known exploited. CVE-2024-38169, CVE-2024- 38170, CVE-2024-38171, CVE2024-38172 and CVE-2024-38173 are not known to be exploited or publicly disclosed. § Restart Required: Requires application restart § Known Issues: None reported MS24-08-O365: Security Updates for Microsoft 365 Apps 1 2
  • 26.
    Copyright © 2024Ivanti. All rights reserved. 26 Between Patch Tuesdays
  • 27.
    Copyright © 2024Ivanti. All rights reserved. 27 Windows Release Summary § Security Updates (with CVEs): AutoCAD (3), Azul Zulu (4), Google Chrome (4), Corretto (4), Citrix Workspace App LTSR (1), Firefox (1), Firefox ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1), RedHat OpenJDK (4) § Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (3), Audacity (2), Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (1), Citrix Workspace App (1), Dell Command Update Windows Universal Application (1), Docker (1), Dropbox (2), Eclipse Adoptium (3), Firefox (2), Foxit PDF Editor (1), Foxit PDF Editor (Subscription) (1), Git for Windows (1), Grammarly for Windows (4), Jabra Direct (1), LibreOffice (1), Malwarebytes (1), Nitro Pro (2), Nitro Pro Enterprise (1), Node.JS (Current) (3), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (4), Pulse Secure VPN Desktop Client (1), Python (1), PeaZip (1), RedHat OpenJDK (1), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (2), Snagit (1), Tableau Desktop (7), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird ESR (3), Apache Tomcat (3), VMware Horizon Client (1), Cisco Webex Meetings Desktop App (2), Zoom Workplace desktop app (2), Zoom Outlook Plugin (1), Zoom Rooms App (1), Zoom Workplace VDI App (1)
  • 28.
    Copyright © 2024Ivanti. All rights reserved. 28 Windows Release Summary (cont) § Non-Security Updates: 1password (3), 8x8 Work Desktop (1), AIMP (1), Bandicut (2), Beyond Compare (1), Bitwarden (2), Camtasia (1), docuPrinter (1), draw.io (1), Evernote (8), Google Drive File Stream (1), GeoGebra Classic (1), LogMeIn (1), NextCloud Desktop Client (1), Plantronics Hub (1), RingCentral App (Machine-Wide Installer) (3), Rocket.Chat Desktop Client (1), Cisco Webex Teams (1), WeCom (2), WinMerge (1)
  • 29.
    Copyright © 2024Ivanti. All rights reserved. 29 Windows Third Party CVE Information § AutoCAD 2025.1 § ADAC25-240723, QACAD20251 § Fixes 41 Vulnerabilities § AutoCAD 2023.1.6 § ADAC23-240712, QACAD202316 § Fixes 41 Vulnerabilities § AutoCAD 2022.1.5 § ADAC22-240723, QACAD202215 § Fixes 29 Vulnerabilities
  • 30.
    Copyright © 2024Ivanti. All rights reserved. 30 Windows Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROME-240716, QGC12606478183 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROME-240724, QGC1270653373 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROME-240730, QGC1270653389 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
  • 31.
    Copyright © 2024Ivanti. All rights reserved. 31 Windows Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROME-240806, QGC12706533100 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Citrix Workspace App LTSR 22.03.6002 Hotfix 2 § CTXWA-240715, QCTXWA22036002 § Fixes 1 Vulnerability: CVE-2024-6286 § VirtualBox 7.0.20 § OVB70-240716, QOVB7020 § Fixes 3 Vulnerabilities: CVE-2024-21141, CVE-2024-21161, CVE-2024-21164
  • 32.
    Copyright © 2024Ivanti. All rights reserved. 32 Windows Third Party CVE Information (cont) § Azul Zulu 21.36.17 (21.0.4) Note: FX version of JDK also supported § ZULU21-240716, QZULUJDK213617 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 17.52.17 (17.0.12) Note: FX version of JDK also supported § ZULU17-240716, QZULUJDK175217 and QZULUJRE175217 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147 § Azul Zulu 11.74.15 (11.0.24) Note: FX version of JDK also supported § ZULU11-240716, QZULUJDK117415 and QZULUJRE117415 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE- 2024-21144, CVE-2024-21145, CVE-2024-21147
  • 33.
    Copyright © 2024Ivanti. All rights reserved. 33 Windows Third Party CVE Information (cont) § Azul Zulu 8.80.0.17 (8u422) Note: FX version of JDK also supported § ZULU8-240716, QZULUJDK880017 and QZULUJRE880017 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java Development Kit 21 Update 21.0.4 § JDK21-240715, QJDK2104 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983 § Java Development Kit 17 Update 17.0.12 § JDK17-240715, QJDK17012 § Fixes 7 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147, CVE-2024-27983
  • 34.
    Copyright © 2024Ivanti. All rights reserved. 34 Windows Third Party CVE Information (cont) § Java Development Kit 11 Update 11.0.24 § JDK11-240718, QJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Java 8 Update 421 – JRE and JDK § JAVA8-240718, QJDK8U421 and QJRE8U421 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 21.0.4.7.1 § CRTO21-240717, QCRTOJDK2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 35.
    Copyright © 2024Ivanti. All rights reserved. 35 Windows Third Party CVE Information (cont) § Corretto 17.0.12.7.1 § CRTO17-240716, QCRTOJDK17012 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § Corretto 11.0.24.8.1 § CRTO11-240717, QCRTOJDK11024 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § Corretto 8.422.05.1 – JRE and JDK § CRTO8-240716, QCRTOJRE842205 § CRTO8-240716, QCRTOJDK842205 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 36.
    Copyright © 2024Ivanti. All rights reserved. 36 Windows Third Party CVE Information (cont) § RedHat OpenJDK 21.0.4.0 § RHTJDK21-240723, QRHTJDK2104 and QRHTJRE2104 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 17.0.12.0 § RHTJDK17-240723, QRHTJDK1701207 and QRHTJRE1701207 § Fixes 5 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE- 2024-21147 § RedHat OpenJDK 11.0.24.08 § RHTJDK11-240723, QRHTJDK1102408 and QRHTJRE1102408 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147 § RedHat OpenJDK 8.0.422 § RHTJDK8-240723, QRHTJDK180422 § Fixes 6 Vulnerabilities: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE- 2024-21145, CVE-2024-21147
  • 37.
    Copyright © 2024Ivanti. All rights reserved. 37 Windows Third Party CVE Information (cont) § Firefox 129 § FF-240806, QFF1290 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.14.0 § FFE115-240809, QFFE115140 § Fixes 9 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE- 2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 § Firefox ESR 128.1.0 § FFE128-240806, QFFE12810 § Fixes 12 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024- 7528, CVE-2024-7529, CVE-2024-7531
  • 38.
    Copyright © 2024Ivanti. All rights reserved. 38 Apple Release Summary § Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Sonoma (1), Apple macOS Ventura (1), Apple Safari (1), AutoCAD (2), Emacs (1), Google Chrome (4), Firefox (1), Firefox ESR (1), Microsoft Edge (4), Thunderbird (1), Thunderbird ESR (1) § Security Updates (w/o CVEs): Zoom Client for Mac (2) § Non-Security Updates: 1Password (3), Adobe Acrobat DC and Acrobat Reader DC (2), aText (1), BetterTouchTool (8), Brave (4), Docker Desktop (1), draw.io (1), Dropbox (2), Evernote (8), Firefox (2), Figma (1), Google Drive (1), Grammarly (6), Microsoft AutoUpdate (1), Obsidian (1), OneDrive for Mac (2), Microsoft Office 2019 OneNote (1), Microsoft Office 2019 Outlook (2), PyCharm Professional (2), Microsoft Office 2019 PowerPoint (1), Skype (1), Slack (1), Snagit (1), macOS Sonoma (1), Spotify (2), Sublime Text Build (1), Microsoft Teams (1), macOS Ventura (1), Visual Studio Code (2), Webex Teams for Mac (1), Microsoft Office 2019 Word (1)
  • 39.
    Copyright © 2024Ivanti. All rights reserved. 39 Apple Updates with CVE Information § macOS Monterey 12.7.6 § HT214118 § Fixes 41 Vulnerabilities: See Apple security bulletin for details § macOS Ventura 13.6.8 § HT214120 § Fixes 45 Vulnerabilities: See Apple security bulletin for details § macOS Sonoma 14.6 § HT214119 § Fixes 69 Vulnerabilities: See Apple security bulletin for details § Safari 17.6 for Ventura and Monterey § HT214121 § Fixes 9 Vulnerabilities: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE- 2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024- 40817, CVE-2024-4558
  • 40.
    Copyright © 2024Ivanti. All rights reserved. 40 Apple Third Party CVE Information § AutoCAD 2023.3.2 § ADACMAC2023-240715 § Fixes 29 Vulnerabilities: CVE-2024-0446, CVE-2024-23120, CVE-2024-23121, CVE-2024-23122, CVE-2024-23123, CVE-2024-23127, CVE-2024-23128, CVE-2024-23129, CVE-2024-23130, CVE-2024-23131, CVE-2024-23134, CVE-2024-23137, CVE-2024-23140, CVE-2024-23141, CVE-2024-23142, CVE-2024-23143, CVE-2024-23144, CVE-2024-23145, CVE-2024-23146, CVE-2024-23147, CVE-2024-23148, CVE-2024-23149, CVE-2024-37000, CVE-2024-37001, CVE-2024-37002, CVE-2024-37003, CVE-2024-37004, CVE-2024-37005, CVE-2024-37006 § AutoCAD 2024.1.4 § ADACMAC2024-240715 § Fixes 29 Vulnerabilities: Same as listed above
  • 41.
    Copyright © 2024Ivanti. All rights reserved. 41 Apple Third Party CVE Information (cont) § Google Chrome 126.0.6478.183 § CHROMEMAC-240716 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE- 2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Google Chrome 127.0.6533.73 § CHROMEMAC-240724 § Fixes 16 Vulnerabilities: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024- 6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005 § Google Chrome 127.0.6533.89 § CHROMEMAC-240731 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256
  • 42.
    Copyright © 2024Ivanti. All rights reserved. 42 Apple Third Party CVE Information (cont) § Google Chrome 127.0.6533.100 § CHROMEMAC-240806 § Fixes 6 Vulnerabilities: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE- 2024-7536, CVE-2024-7550 § Emacs For Mac29.4 § EMACSMAC-240725 § Fixes 1 Vulnerability: CVE-2024-39331
  • 43.
    Copyright © 2024Ivanti. All rights reserved. 43 Apple Third Party CVE Information (cont) § Firefox 129 § FF-240806 § Fixes 14 Vulnerabilities: CVE-2024-7518, CVE-2024-7519, CVE-2024-7520. CVE-2024-7521, CVE-2024-7522, CVE-2024-7523, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024- 7527, CVE-2024-7528, CVE-2024-7529, CVE-2024-7530, CVE-2024-7531 § Firefox ESR 115.13.0 § FFE-240716 § Fixes 5 Vulnerabilities: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE- 2024-6604 § Thunderbird ESR 115.14.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE- 2024-7526, CVE-2024-7527, CVE-2024-7529
  • 44.
    Copyright © 2024Ivanti. All rights reserved. 44 Apple Third Party CVE Information (cont) § Thunderbird 128.1.0 § TB-240806 § Fixes 7 Vulnerabilities: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529 § Microsoft Edge 126.0.2592.113 § MEDGEMAC-240722 § Fixes 8 Vulnerabilities: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 § Microsoft Edge 127.0.2651.74 § MEDGEMAC-240725 § Fixes 18 Vulnerabilities: CVE-2024-38103, CVE-2024-39379, CVE-2024-6988, CVE-2024- 6989, CVE-2024-6991, CVE-2024-6992, CVE-2024-6993, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-6998, CVE-2024-6999, CVE-2024-7000, CVE- 2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005
  • 45.
    Copyright © 2024Ivanti. All rights reserved. 45 Apple Third Party CVE Information (cont) § Microsoft Edge 127.0.2651.86 § MEDGEMAC-240801 § Fixes 3 Vulnerabilities: CVE-2024-6990, CVE-2024-7255, CVE-2024-7256 § Microsoft Edge 127.0.2651.98 § MEDGEMAC-240809 § Fixes 8 Vulnerabilities: CVE-2024-38218, CVE-2024-38219, CVE-2024-7532, CVE-2024- 7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550
  • 46.
    Copyright © 2024Ivanti. All rights reserved. 46 Q & A
  • 47.
    Copyright © 2024Ivanti. All rights reserved. Copyright © 2024 Ivanti. All rights reserved. 47 Thank You!