SlideShare a Scribd company logo

December Patch Tuesday 2020

Download as PPTX, PDF
Ivanti
Ivanti

For all of you who have asked for a pause to Patch Tuesday, you did not get exactly what you wanted for Christmas, but close. December Patch Tuesday is the lightest of 2020. Only 58 unique CVEs were resolved, nine of which are rated as Critical. There is also one advisory (ADV200013), which provides guidance for addressing a spoofing vulnerability in DNS Resolver. There were no publicly disclosed or exploited vulnerabilities this month on the Microsoft side. Adobe released a couple of low severity updates for Adobe Reader for Android and Adobe Connect. The Adobe Reader release (APSB20-67) from December 3 resolved 14 vulnerabilities, four of which were Critical. This is the more urgent release from Adobe for the month. Adobe Flash had an update for December Patch Tuesday, but it did not include any resolved vulnerabilities.

Business
1 of 41
Copyright © 2020 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, December 9, 2020 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 177 920 8201
Copyright © 2020 Ivanti. All rights reserved. Agenda December 2020 Patch Tuesday Overview In the News & 2021 Predictions Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Overview
Copyright © 2020 Ivanti. All rights reserved.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News Source: Microsoft  Advisory 200013: Spoofing Vulnerability in DNS Resolver  https://msrc.microsoft.com/update-guide/vulnerability/ADV200013  SSUs and LCUs in one Update  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deploy-windows- ssus-and-lcus-together-with-one-cumulative-update/ba-p/1967887  CentOS Project Shifts Focus to CentOS Stream  https://lists.centos.org/pipermail/centos-announce/2020- December/048208.html
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Adobe Flash End of Life  December 31st is the official End of Life of Adobe Flash  https://www.adobe.com/products/flashplayer/end-of-life.html  Adobe Enterprise EoL Page  https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html  Remove Flash Player:  Versions installed through Windows, IE, Edge: KB4577586 (Security Tool)  https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player  Versions installed through other means:  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 7/Server 2008 R2  Windows 10 2004/Windows Server 2004  Windows 10 20H2/Windows Server 20H2  Development Tool and Other Updates  Azure DevOps Server 2019-2020  Azure SDK for Java  Azure Sphere  C SDK for Azure IoT  Microsoft Visual Studio 2017-2019  Team Foundation Server 2015-2018  Visual Studio Code Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness (cont)  Enterprise LTSB/LTSC Support  Complete Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows  https://docs.microsoft.com/en-us/lifecycle/products/windows-server  https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education Source: Microsoft
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: Ransomware Escalation In October 2020, the Department of the Treasury issued an advisory stating that facilitating ransomware payments with a Sanctions Nexus could result in legal ramifications or fees, starting us off on the path to trying to curb the rapid increase in ransom payments. This is an escalation toward trying to reduce ransomware payments, but it also puts victims in an even tighter spot as they are often paying for data to not go public more than to recover from the encryption and disruption to their environments. Escalation is needed, but not after a company has already fallen victim. In 2021, we will see this escalation continue, but it will take shape as more clearly defined steps companies should be taking and fines or ramifications if they fail to do their due diligence.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: User is the new Perimeter The world has been shifting away from traditional networks to hybrid cloud- prem and device agnostic, an existing trend that was accelerated by COVID-19. Since COVID, perimeters have changed more drastically. Threat actors will continue to target remote workers. Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) technologies alone will leave companies exposed. To regain control and provide more fluid perimeters to securely control who has access to applications and data, companies will turn to Zero Trust Access Control.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: Vulnerability Lifecycle Management  Vulnerability remediation will continue to be a struggle for many organizations. The median time to cre ate a functional exploit is 22 days. The average shelf life of an exploit is seven years. Threat actors can move faster than most companies and are getting long life out of the exploits they create. To stay ahead of attackers, companies will look to improve visibility and telemetry to understand trending exploits and to mitigate or eliminate these vulnerabilities to significantly reduce their exposure.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. A Call to Help Design  Join our Co-Design Team  https://www.surveymonkey.com/r/R3XWV3T Source: Microsoft Vulnerability Assessment Open Security Incident Patch Assessment Open Change Request Patch Remediation (Delegated) Repeat Process 1 2 3 4 5 Continuous Vulnerability Management
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Bulletins and Releases
Copyright © 2020 Ivanti. All rights reserved. MS20-12-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1709, Server version 1803, Server version 2004, IE 11, Legacy Edge and Edge Chromium  Description: This bulletin references 10KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10  KB 4593226 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4592440 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10 (cont)  KB 4592449 – Windows 10 version 1903, Windows Server version 1903, Windows 10 version 1909, Windows Server version 1909  [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10 (cont)  KB 4592438 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2  [Editor] Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text. For more information about the issues, workaround steps, and the currently resolved issues, please see KB 4564002.  [Outdated Updates]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 - 2019  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KBs 4593465, 4593466, and 4593467.  Impact: Remote Code Execution and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, and CVE-2020-17144 are fixed in this release.  Restart Required: Requires restart  Known Issues: Must install update with administrator privileges
Copyright © 2020 Ivanti. All rights reserved. MS20-12-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 8 KB articles.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17089, CVE-2020-17115, CVE-2020-17118, CVE-2020-17120, CVE-2020- 17121, and CVE-2020-17122 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 4586807 (released November 10, 2020). Bulletin is based on KB 4592498. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics and Windows Peripherals.  Impact: Spoofing and Information Disclosure  Fixes 1 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17098 is fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. November Known Issues for Server 2008  KB 4592498 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4592504 – Windows Server 2008 (Security-only Update)  [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4592504. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics and Windows Peripherals.  Impact: Spoofing and Information Disclosure  Fixes 1 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17098 is fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR7-ESU: Monthly Rollup for Win 7 MS20-12-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586827 (released November 10, 2020). Bulletin is based on KB 4592471. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File Server and Clustering.  Impact: Spoofing, Elevation of Privilege and Information Disclosure  Fixes 9 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO7-ESU: Security-only Update for Win 7 MS20-12-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4592503. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File Server and Clustering.  Impact: Spoofing, Elevation of Privilege and Information Disclosure  Fixes 9 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR8: Monthly Rollup for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586834 (released November 10, 2020). Bulletin is based on KB 4592468. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4592497. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586845 (released November 10, 2020). Bulletin is based on KB 4592484. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4592495. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
Copyright © 2020 Ivanti. All rights reserved. MS20-12-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office Online Server, Outlook 2010-2016, Office 2019 for macOS, and Office Web Applications  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 15 KB articles plus release notes for MacOS.  Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure  Fixes 10 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved. MS20-12-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure  Fixes 8 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires application restart  Known Issues: None reported
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Between Patch Tuesdays
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Updates: iTunes(1), Firefox (1), Firefox ESR (1), Google Chrome (2), Node.JD (3), Thunderbird (2), VMware Workstation (2)  Non-Security Updates: Adobe Acrobat DC (1), Adobe Reader DC (1), AIMP (1), Apache Tomcat (3), BlueJeans (1), Box Edit (1), Camtasia (2), Ccleaner (1), Cisco WebEx Teams (1), Dropbox (2), Falcon sensor for Windows (1), GoodSync (7), Google Chrome (1), Google Drive File Stream (2), GoTo Opener (2), Jabra Direct (1), Malwarebytes (2), Nitro Pro (2), Node.JS (3), Notepad++ (1), Opera Browser (7), PDF-Xchange PRO (1), PeaZip (1), Plex Media Server (2), RingCentral App (3), Royal TS (1), SeaMonkey (1), Skype (1), Slack Machine-Wide Installer (6), Snagit (1), Splunk Universal Forwarder (1), Tableau Desktop (7), Tableau Reader (1), TeamViewer (2), Thunderbird (1), TightVNC (2), TortoiseHG (1), VMWare Workstation (2), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (2)
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  iTunes 12.11.0.26  AI-201118, QAI1211026  Fixes 6 Vulnerabilities: CVE-2020-10002, CVE-2020-27895, CVE-2020-27911, CVE-2020-27912, CVE-2020-27917, CVE-2020-27918  Firefox 83.0  FF-201117, QFF830  Fixes 21 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE-2020-26952, CVE-2020-26953, CVE-2020-26954, CVE-2020-26955, CVE- 2020-26956, CVE-2020-26957, CVE-2020-26958, CVE-2020-26959, CVE-2020- 26960, CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26964, CVE-2020-26965, CVE-2020-26966, CVE-2020-26967, CVE-2020-26968, CVE- 2020-26969  Node.JS 15.2.1 (Current)  NOJSC-201117, QNODEJSC1521  Fixes 1 Vulnerability: CVE-2020-8277
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 14.15.1 (LTS Upper)  NOJSLU, QNODEJSCLU14151  Fixes 1 Vulnerability: CVE-2020-8277  Node.JS 12.19.1 (LTS Lower)  NOJSLL, QNODEJSCLL12191  Fixes 1 Vulnerability: CVE-2020-8277  Firefox ESR 78.5.0  FFE-201117, QFFE7850  Fixes 12 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE- 2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020- 26968
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 86.0.4240.198  Chrome-201111, QGC8604240198  Fixes 2 Vulnerabilities: CVE-2020-16013, CVE-2020-16017  Google Chrome 87.0.4280.66  Chrome-201117, QGC870428066  Fixes 23 Vulnerabilities: CVE-2019-8075, CVE-2020-16012, CVE-2020-16014, CVE-2020-16015, CVE-2020-16018, CVE-2020-16019, CVE-2020-16020, CVE- 2020-16021, CVE-2020-16022, CVE-2020-16023, CVE-2020-16024, CVE-2020- 16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029, CVE-2020-16030, CVE-2020-16031, CVE-2020-16032, CVE-2020-16033, CVE- 2020-16034, CVE-2020-16035, CVE-2020-16036
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 78.5.0  TB-201119, QTB7850  Fixes 12 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE- 2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968  Thunderbird 78.5.1  TB-201202, QTB7851  Fixes 1 Vulnerability: CVE-2020-26970  VMWare Workstation Player and Pro 15.5.7  VMWP15-20119 and VMWw15-20119  QVMWP1557 and QVMWW1557  Fixes 8 Vulnerabilities: CVE-2020-3981, CVE-2020-3982, CVE-2020-3986, CVE-2020- 3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990, CVE-2020-4004
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Q & A
Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. Thank You!

Recommended

March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
Ivanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
Ivanti
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
Ivanti
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 

Recommended

March 2021 Patch Tuesday
March 2021 Patch TuesdayMarch 2021 Patch Tuesday
March 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
Ivanti
 
October2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-onlyOctober2020 patchtuesday[1] read-only
October2020 patchtuesday[1] read-only
Ivanti
 
January 2021 Patch Tuesday
January 2021 Patch TuesdayJanuary 2021 Patch Tuesday
January 2021 Patch Tuesday
Ivanti
 
February 2021 Patch Tuesday
February 2021 Patch TuesdayFebruary 2021 Patch Tuesday
February 2021 Patch Tuesday
Ivanti
 
November Patch Tuesday 2020
November Patch Tuesday 2020 November Patch Tuesday 2020
November Patch Tuesday 2020
Ivanti
 
April 2021 Patch Tuesday
April 2021 Patch TuesdayApril 2021 Patch Tuesday
April 2021 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
 
Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
Ivanti
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
Ivanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
Ivanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
Ivanti
 

More Related Content

What's hot

Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
Ivanti
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
Ivanti
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
Ivanti
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
Ivanti
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
Ivanti
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
Ivanti
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
Ivanti
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
Ivanti
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
Ivanti
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
Ivanti
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
Ivanti
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
Ivanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
Ivanti
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Ivanti
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
Ivanti
 

What's hot (20)

Fr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slidesFr february 2022 patch tuesday v2 presenters slides
Fr february 2022 patch tuesday v2 presenters slides
 
Fr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslidesFr july2021 patchtuesday_final-atendeesslides
Fr july2021 patchtuesday_final-atendeesslides
 
Patch Tuesday November - 2020
Patch Tuesday November - 2020Patch Tuesday November - 2020
Patch Tuesday November - 2020
 
May 2021 Patch Tuesday
May 2021 Patch TuesdayMay 2021 Patch Tuesday
May 2021 Patch Tuesday
 
French Patch Tuesday April 2021
French Patch Tuesday April 2021French Patch Tuesday April 2021
French Patch Tuesday April 2021
 
2022 February Patch Tuesday
2022 February Patch Tuesday2022 February Patch Tuesday
2022 February Patch Tuesday
 
2021 November Patch Tuesday
2021 November Patch Tuesday2021 November Patch Tuesday
2021 November Patch Tuesday
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
Fr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slidesFr mar 2022 patch tuesday-presenters slides
Fr mar 2022 patch tuesday-presenters slides
 
December 2021 patch tuesday
December 2021 patch tuesdayDecember 2021 patch tuesday
December 2021 patch tuesday
 
Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020Ivanti Patch Tuesday for March 2020
Ivanti Patch Tuesday for March 2020
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
2021 June Patch Tuesday
2021 June Patch Tuesday2021 June Patch Tuesday
2021 June Patch Tuesday
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
 
September Patch Tuesday- 2020
September Patch Tuesday- 2020September Patch Tuesday- 2020
September Patch Tuesday- 2020
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge IntelligenceWorkspace Control 2020 now with Ivanti Neurons for Edge Intelligence
Workspace Control 2020 now with Ivanti Neurons for Edge Intelligence
 
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
Présentation webinar Ivanti - Analyse du Patch Tuesday - Janvier 2020
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 

Similar to December Patch Tuesday 2020

Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
Ivanti
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
Ivanti
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
Ivanti
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
Ivanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
Dan Lalli
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
Ivanti
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
Ivanti
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
Ivanti
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
Ivanti
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
Ivanti
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
Ivanti
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
Ivanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
Ivanti
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
Ivanti
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
Ivanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
Ivanti
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
Ivanti
 

Similar to December Patch Tuesday 2020 (20)

Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
 
2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx2022 FR Patch Tuesday.pptx
2022 FR Patch Tuesday.pptx
 
2022 May Patch Tuesday
2022 May Patch Tuesday2022 May Patch Tuesday
2022 May Patch Tuesday
 
2022 September Patch Tuesday
2022 September Patch Tuesday2022 September Patch Tuesday
2022 September Patch Tuesday
 
Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020Ivanti Patch Tuesday for June 2020
Ivanti Patch Tuesday for June 2020
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 
2022 August Patch Tuesday
2022 August Patch Tuesday2022 August Patch Tuesday
2022 August Patch Tuesday
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
 
2022 October Patch Tuesday
2022 October Patch Tuesday2022 October Patch Tuesday
2022 October Patch Tuesday
 
2021 October Patch Tuesday
2021 October Patch Tuesday2021 October Patch Tuesday
2021 October Patch Tuesday
 
August 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday AnalysisAugust 2019 Patch Tuesday Analysis
August 2019 Patch Tuesday Analysis
 
2022 FR April Patch Tuesday
2022 FR April Patch Tuesday2022 FR April Patch Tuesday
2022 FR April Patch Tuesday
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
2022 April Patch Tuesday
2022 April Patch Tuesday2022 April Patch Tuesday
2022 April Patch Tuesday
 
2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday2022 Novembre Patch Tuesday
2022 Novembre Patch Tuesday
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
2022 June FR Patch Tuesday
2022 June FR Patch Tuesday2022 June FR Patch Tuesday
2022 June FR Patch Tuesday
 

More from Ivanti

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
Ivanti
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
Ivanti
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
Ivanti
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
Ivanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
Ivanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
Ivanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
Ivanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
Ivanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
Ivanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
Ivanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
Ivanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
Ivanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
Ivanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
Ivanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
Ivanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
Ivanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
Ivanti
 

More from Ivanti (20)

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Français Patch Tuesday - Mai
Français Patch Tuesday - MaiFrançais Patch Tuesday - Mai
Français Patch Tuesday - Mai
 
Patch Tuesday de Mayo
Patch Tuesday de MayoPatch Tuesday de Mayo
Patch Tuesday de Mayo
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Patch Tuesday Italia Maggio
Patch Tuesday Italia MaggioPatch Tuesday Italia Maggio
Patch Tuesday Italia Maggio
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 

Recently uploaded

Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 

Recently uploaded (20)

Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 

December Patch Tuesday 2020

  • 1. Copyright © 2020 Ivanti. All rights reserved. Patch Tuesday Webinar Wednesday, December 9, 2020 Hosted by: Chris Goettl & Todd Schell Dial in: 1-877-668-4490 (US) Event ID: 177 920 8201
  • 2. Copyright © 2020 Ivanti. All rights reserved. Agenda December 2020 Patch Tuesday Overview In the News & 2021 Predictions Bulletins and Releases Between Patch Tuesdays Q & A 1 2 3 4 5
  • 3. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Overview
  • 4. Copyright © 2020 Ivanti. All rights reserved.
  • 5. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News
  • 6. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. In the News Source: Microsoft  Advisory 200013: Spoofing Vulnerability in DNS Resolver  https://msrc.microsoft.com/update-guide/vulnerability/ADV200013  SSUs and LCUs in one Update  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deploy-windows- ssus-and-lcus-together-with-one-cumulative-update/ba-p/1967887  CentOS Project Shifts Focus to CentOS Stream  https://lists.centos.org/pipermail/centos-announce/2020- December/048208.html
  • 7. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Adobe Flash End of Life  December 31st is the official End of Life of Adobe Flash  https://www.adobe.com/products/flashplayer/end-of-life.html  Adobe Enterprise EoL Page  https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html  Remove Flash Player:  Versions installed through Windows, IE, Edge: KB4577586 (Security Tool)  https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player  Versions installed through other means:  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html Source: Microsoft
  • 8. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Microsoft Patch Tuesday Updates of Interest  Advisory 990001 Latest Servicing Stack Updates (SSU)  https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001  Updated SSUs this month  Windows 7/Server 2008 R2  Windows 10 2004/Windows Server 2004  Windows 10 20H2/Windows Server 20H2  Development Tool and Other Updates  Azure DevOps Server 2019-2020  Azure SDK for Java  Azure Sphere  C SDK for Azure IoT  Microsoft Visual Studio 2017-2019  Team Foundation Server 2015-2018  Visual Studio Code Source: Microsoft
  • 9. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness  Windows 10 Branch Support Source: Microsoft
  • 10. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Windows 10 Lifecycle Awareness (cont)  Enterprise LTSB/LTSC Support  Complete Lifecycle Fact Sheet  https://docs.microsoft.com/en-us/lifecycle/faq/windows  https://docs.microsoft.com/en-us/lifecycle/products/windows-server  https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise- and-education Source: Microsoft
  • 11. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Patch Content Announcements  Announcements Posted on Community Forum Pages  https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2  Subscribe to receive email for the desired product(s)
  • 12. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: Ransomware Escalation In October 2020, the Department of the Treasury issued an advisory stating that facilitating ransomware payments with a Sanctions Nexus could result in legal ramifications or fees, starting us off on the path to trying to curb the rapid increase in ransom payments. This is an escalation toward trying to reduce ransomware payments, but it also puts victims in an even tighter spot as they are often paying for data to not go public more than to recover from the encryption and disruption to their environments. Escalation is needed, but not after a company has already fallen victim. In 2021, we will see this escalation continue, but it will take shape as more clearly defined steps companies should be taking and fines or ramifications if they fail to do their due diligence.
  • 13. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: User is the new Perimeter The world has been shifting away from traditional networks to hybrid cloud- prem and device agnostic, an existing trend that was accelerated by COVID-19. Since COVID, perimeters have changed more drastically. Threat actors will continue to target remote workers. Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) technologies alone will leave companies exposed. To regain control and provide more fluid perimeters to securely control who has access to applications and data, companies will turn to Zero Trust Access Control.
  • 14. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. 2021 Predictions: Vulnerability Lifecycle Management  Vulnerability remediation will continue to be a struggle for many organizations. The median time to cre ate a functional exploit is 22 days. The average shelf life of an exploit is seven years. Threat actors can move faster than most companies and are getting long life out of the exploits they create. To stay ahead of attackers, companies will look to improve visibility and telemetry to understand trending exploits and to mitigate or eliminate these vulnerabilities to significantly reduce their exposure.
  • 15. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. A Call to Help Design  Join our Co-Design Team  https://www.surveymonkey.com/r/R3XWV3T Source: Microsoft Vulnerability Assessment Open Security Incident Patch Assessment Open Change Request Patch Remediation (Delegated) Repeat Process 1 2 3 4 5 Continuous Vulnerability Management
  • 16. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Bulletins and Releases
  • 17. Copyright © 2020 Ivanti. All rights reserved. MS20-12-W10: Windows 10 Update  Maximum Severity: Critical  Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, Server 2016, Server 2019, Server version 1709, Server version 1803, Server version 2004, IE 11, Legacy Edge and Edge Chromium  Description: This bulletin references 10KB articles. See KBs for the list of changes.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: See next slides
  • 18. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10  KB 4593226 – Windows 10, Version 1607 and Server 2016  [Min Password] After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. Workaround: Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution.  KB 4592440 – Windows 10, Version 1809, Server 2019 All Versions  [Asian Packs] After installing KB 4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall and reinstall any recently added language packs or select Check for Updates and install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is working on a resolution.
  • 19. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10 (cont)  KB 4592449 – Windows 10 version 1903, Windows Server version 1903, Windows 10 version 1909, Windows Server version 1909  [Outdated Updates] System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. Note: Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. See directions here. Microsoft is working on a resolution.
  • 20. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. December Known Issues for Windows 10 (cont)  KB 4592438 – Windows 10 version 2004, Windows Server version 2004, Windows 10 version 20H2, Windows Server version 20H2  [Editor] Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text. For more information about the issues, workaround steps, and the currently resolved issues, please see KB 4564002.  [Outdated Updates]
  • 21. Copyright © 2020 Ivanti. All rights reserved. MS20-12-EXCH: Security Updates for Exchange Server  Maximum Severity: Critical  Affected Products: Microsoft Exchange Server 2013 - 2019  Description: This security update fixes vulnerabilities in Microsoft Exchange. This bulletin is based on KBs 4593465, 4593466, and 4593467.  Impact: Remote Code Execution and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, and CVE-2020-17144 are fixed in this release.  Restart Required: Requires restart  Known Issues: Must install update with administrator privileges
  • 22. Copyright © 2020 Ivanti. All rights reserved. MS20-12-SPT: Security Updates for SharePoint Server  Maximum Severity: Critical  Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2010 & 2019  Description: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. This bulletin is based on 8 KB articles.  Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17089, CVE-2020-17115, CVE-2020-17118, CVE-2020-17120, CVE-2020- 17121, and CVE-2020-17122 are fixed in this release.  Restart Required: Requires restart  Known Issues: None reported
  • 23. Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR2K8-ESU: Monthly Rollup for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008 and IE 9  Description: This security update includes improvements and fixes that were a part of update KB 4586807 (released November 10, 2020). Bulletin is based on KB 4592498. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics and Windows Peripherals.  Impact: Spoofing and Information Disclosure  Fixes 1 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17098 is fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename] See next slide.
  • 24. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. November Known Issues for Server 2008  KB 4592498 – Windows Server 2008 (Monthly Rollup)  [File Rename] Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Workaround: Perform the operation from a process that has administrator privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution.  KB 4592504 – Windows Server 2008 (Security-only Update)  [File Rename]
  • 25. Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO2K8-ESU: Security-only Update for Windows Server 2008  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2008  Description: Bulletin is based on KB 4592504. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics and Windows Peripherals.  Impact: Spoofing and Information Disclosure  Fixes 1 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-17098 is fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename] See previous slide.
  • 26. Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR7-ESU: Monthly Rollup for Win 7 MS20-12-MR2K8R2-ESU Monthly Rollup for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7, Server 2008 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586827 (released November 10, 2020). Bulletin is based on KB 4592471. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File Server and Clustering.  Impact: Spoofing, Elevation of Privilege and Information Disclosure  Fixes 9 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 27. Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO7-ESU: Security-only Update for Win 7 MS20-12-SO2K8R2-ESU: Security-only Update for Server 2008 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 7 and Server 2008 R2  Description: Bulletin is based on KB 4592503. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File Server and Clustering.  Impact: Spoofing, Elevation of Privilege and Information Disclosure  Fixes 9 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 28. Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR8: Monthly Rollup for Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012 and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586834 (released November 10, 2020). Bulletin is based on KB 4592468. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 29. Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO8: Security-only Update for Windows Server 2012  Maximum Severity: Important  Affected Products: Microsoft Windows Server 2012  Description: Bulletin is based on KB 4592497. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 30. Copyright © 2020 Ivanti. All rights reserved. MS20-12-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE  Description: This security update includes improvements and fixes that were a part of update KB 4586845 (released November 10, 2020). Bulletin is based on KB 4592484. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 31. Copyright © 2020 Ivanti. All rights reserved. MS20-12-SO81: Security-only Update for Win 8.1 and Server 2012 R2  Maximum Severity: Important  Affected Products: Microsoft Windows 8.1, Server 2012 R2  Description: Bulletin is based on KB 4592495. Addresses a security vulnerability by preventing applications that run as a SYSTEM account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows Peripherals, and Windows Core Networking.  Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of Privilege and Information Disclosure  Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE- 2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020- 17098, and CVE-2020-17140 are fixed in this release.  Restart Required: Requires restart  Known Issues: [File Rename]
  • 32. Copyright © 2020 Ivanti. All rights reserved. MS20-12-OFF: Security Updates for Microsoft Office  Maximum Severity: Important  Affected Products: Excel 2010-2016, Office 2010-2016, Office Online Server, Outlook 2010-2016, Office 2019 for macOS, and Office Web Applications  Description: This security update resolves multiple vulnerabilities in Microsoft Office applications. Consult the Security Update Guide for specific details on each. This bulletin references 15 KB articles plus release notes for MacOS.  Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure  Fixes 10 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires application restart  Known Issues: None reported
  • 33. Copyright © 2020 Ivanti. All rights reserved. MS20-12-O365: Security Updates Microsoft 365 Apps and Office 2019  Maximum Severity: Important  Affected Products: Microsoft 365 Apps, Office 2019  Description: This month’s update resolved various bugs and performance issues in Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps security updates is available at https://docs.microsoft.com/en- us/officeupdates/microsoft365-apps-security-updates.  Impact: Remote Code Execution, Security Feature Bypass and Information Disclosure  Fixes 8 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See the Security Update Guide for the complete list of CVEs.  Restart Required: Requires application restart  Known Issues: None reported
  • 34. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Between Patch Tuesdays
  • 35. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Release Summary  Security Updates: iTunes(1), Firefox (1), Firefox ESR (1), Google Chrome (2), Node.JD (3), Thunderbird (2), VMware Workstation (2)  Non-Security Updates: Adobe Acrobat DC (1), Adobe Reader DC (1), AIMP (1), Apache Tomcat (3), BlueJeans (1), Box Edit (1), Camtasia (2), Ccleaner (1), Cisco WebEx Teams (1), Dropbox (2), Falcon sensor for Windows (1), GoodSync (7), Google Chrome (1), Google Drive File Stream (2), GoTo Opener (2), Jabra Direct (1), Malwarebytes (2), Nitro Pro (2), Node.JS (3), Notepad++ (1), Opera Browser (7), PDF-Xchange PRO (1), PeaZip (1), Plex Media Server (2), RingCentral App (3), Royal TS (1), SeaMonkey (1), Skype (1), Slack Machine-Wide Installer (6), Snagit (1), Splunk Universal Forwarder (1), Tableau Desktop (7), Tableau Reader (1), TeamViewer (2), Thunderbird (1), TightVNC (2), TortoiseHG (1), VMWare Workstation (2), WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (2)
  • 36. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information  iTunes 12.11.0.26  AI-201118, QAI1211026  Fixes 6 Vulnerabilities: CVE-2020-10002, CVE-2020-27895, CVE-2020-27911, CVE-2020-27912, CVE-2020-27917, CVE-2020-27918  Firefox 83.0  FF-201117, QFF830  Fixes 21 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE-2020-26952, CVE-2020-26953, CVE-2020-26954, CVE-2020-26955, CVE- 2020-26956, CVE-2020-26957, CVE-2020-26958, CVE-2020-26959, CVE-2020- 26960, CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26964, CVE-2020-26965, CVE-2020-26966, CVE-2020-26967, CVE-2020-26968, CVE- 2020-26969  Node.JS 15.2.1 (Current)  NOJSC-201117, QNODEJSC1521  Fixes 1 Vulnerability: CVE-2020-8277
  • 37. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Node.JS 14.15.1 (LTS Upper)  NOJSLU, QNODEJSCLU14151  Fixes 1 Vulnerability: CVE-2020-8277  Node.JS 12.19.1 (LTS Lower)  NOJSLL, QNODEJSCLL12191  Fixes 1 Vulnerability: CVE-2020-8277  Firefox ESR 78.5.0  FFE-201117, QFFE7850  Fixes 12 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE- 2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020- 26968
  • 38. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Google Chrome 86.0.4240.198  Chrome-201111, QGC8604240198  Fixes 2 Vulnerabilities: CVE-2020-16013, CVE-2020-16017  Google Chrome 87.0.4280.66  Chrome-201117, QGC870428066  Fixes 23 Vulnerabilities: CVE-2019-8075, CVE-2020-16012, CVE-2020-16014, CVE-2020-16015, CVE-2020-16018, CVE-2020-16019, CVE-2020-16020, CVE- 2020-16021, CVE-2020-16022, CVE-2020-16023, CVE-2020-16024, CVE-2020- 16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029, CVE-2020-16030, CVE-2020-16031, CVE-2020-16032, CVE-2020-16033, CVE- 2020-16034, CVE-2020-16035, CVE-2020-16036
  • 39. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Third Party CVE Information (cont)  Thunderbird 78.5.0  TB-201119, QTB7850  Fixes 12 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE- 2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968  Thunderbird 78.5.1  TB-201202, QTB7851  Fixes 1 Vulnerability: CVE-2020-26970  VMWare Workstation Player and Pro 15.5.7  VMWP15-20119 and VMWw15-20119  QVMWP1557 and QVMWW1557  Fixes 8 Vulnerabilities: CVE-2020-3981, CVE-2020-3982, CVE-2020-3986, CVE-2020- 3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990, CVE-2020-4004
  • 40. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Q & A
  • 41. Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. Thank You!