Are you feeling like you'd like to have poked your fingers into the center of the Meltdown and Spectre patches like a box of Valentine's chocolates? There were some unsavory surprises for sure. Fortunately, the kinks are largely worked out and February Patch Tuesday is more straightforward. If there is one word for this month in patching, it's not "love" or "romance" but "privilege." Patch the elevation-of-privilege vulnerabilities, and then take a closer look at your policy on privilege management. Make sure you're keeping attackers from storming the heart of your organization.
It’s 2018, we’re resolved to help you secure your systems against whatever the new year brings, and January Patch Tuesday is bringing it! This month’s updates include a fix for a known Office exploit and a host of patches to tackle the Meltdown and Spectre vulnerabilities. About that last bit, though, take note: there is no known malicious use of these vulnerabilities to date. Take the time you need now to put the patches through their paces and get them in place, because this security issue is likely to tempt the bad guys.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
The holidays are just around the corner. How, you wonder, are we going to tie those into November Patch Tuesday? Through tradition, of course! Because what are the holidays without that treasured recipe you replicate line by line each year? And what is security without steadfast adherence to the list of controls you've put in place? The KRACK vulnerability is another in this year's endless litany of reminders that keeping up with software updates is critical. Be sure you've pushed out the October OS updates - and don't let the tradition slip this month either, as there are quite a few Critical security vulnerabilities to patch.
Around the globe, Halloween and related celebrations are right around the corner. In the states, this is the month of trick-or-treat and pumpkin patches. And out in Redmond, Washington, Microsoft is focused on patches of a different sort—keeping an eye on vulnerabilities hackers could use to unleash nasty tricks upon the world. For October Patch Tuesday you’d be wise to patch all Microsoft CVEs swiftly, publicly disclosed and otherwise, before more than just the one we’ve noted below get exploited.
March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This December Patch Tuesday attackers have added a smattering of coal to the gifts in our holiday stockings. You don’t want the Flash exploits slipping down the chimney while your back is turned, so make sure Adobe is on your list for maintenance goodies. Attackers could also turn the lights out on your holiday festivities via a Microsoft zero day and public disclosure, so prioritize those CVEs—and make sure you’ve checked off the other updates before shutting off the lights on 2018. Happy patching and happy holidays!
It’s 2018, we’re resolved to help you secure your systems against whatever the new year brings, and January Patch Tuesday is bringing it! This month’s updates include a fix for a known Office exploit and a host of patches to tackle the Meltdown and Spectre vulnerabilities. About that last bit, though, take note: there is no known malicious use of these vulnerabilities to date. Take the time you need now to put the patches through their paces and get them in place, because this security issue is likely to tempt the bad guys.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
The holidays are just around the corner. How, you wonder, are we going to tie those into November Patch Tuesday? Through tradition, of course! Because what are the holidays without that treasured recipe you replicate line by line each year? And what is security without steadfast adherence to the list of controls you've put in place? The KRACK vulnerability is another in this year's endless litany of reminders that keeping up with software updates is critical. Be sure you've pushed out the October OS updates - and don't let the tradition slip this month either, as there are quite a few Critical security vulnerabilities to patch.
Around the globe, Halloween and related celebrations are right around the corner. In the states, this is the month of trick-or-treat and pumpkin patches. And out in Redmond, Washington, Microsoft is focused on patches of a different sort—keeping an eye on vulnerabilities hackers could use to unleash nasty tricks upon the world. For October Patch Tuesday you’d be wise to patch all Microsoft CVEs swiftly, publicly disclosed and otherwise, before more than just the one we’ve noted below get exploited.
March is synonymous with luck, and this March Patch Tuesday luck is on your side. There are some Critical updates. And Microsoft resolved two publicly disclosed vulnerabilities, so you'll want to patch those holes before someone turns your luck from good to bad. And of course - because they're far from as rare as a four-leaf clover - the Meltdown and Spectre updates continue to roll out. But all in all, it looks like you'll get your pot of gold this month in the form of time back to focus on core business goals.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This December Patch Tuesday attackers have added a smattering of coal to the gifts in our holiday stockings. You don’t want the Flash exploits slipping down the chimney while your back is turned, so make sure Adobe is on your list for maintenance goodies. Attackers could also turn the lights out on your holiday festivities via a Microsoft zero day and public disclosure, so prioritize those CVEs—and make sure you’ve checked off the other updates before shutting off the lights on 2018. Happy patching and happy holidays!
The document summarizes an upcoming webinar on the August 2018 Patch Tuesday updates. The webinar will include an overview of the August patches, discussion of notable security news items, and a review of Microsoft and third-party bulletins. It will also cover Windows lifecycle awareness, new patch notification systems, and known issues for some of the August updates. Attendees can ask questions during the live Q&A portion.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document provides an agenda and overview for a July 15, 2020 webinar on the Patch Tuesday updates. The webinar will include an overview of the July 2020 Patch Tuesday updates, discussion of vulnerabilities in the news, such as a wormable DNS server vulnerability and publicly disclosed Windows vulnerability, and Q&A. The webinar is hosted by Chris Goettl and Todd Schell and participants can dial in or join online.
The average spent on Valentine’s Day is a topic that’s been making the rounds on social media. It’s generated shock and awe—but it’s nothing compared to the damage one exploited vulnerability can unleash on your organization. So, let’s keep the money in February flowing into flower stores and candlelit dinners, rather than into the pockets of those we’d never choose to date. For February the men (and women) of Patch Tuesday recommend you lavish attention upon Microsoft. Patch the exploited zero day, public disclosures, and privilege escalation vulnerability. Also, make time for the ever-popular target, Adobe. Because nothing leaves a worse taste in your mouth than a breach you could have prevented—unless, perhaps, it’s those chalky conversation hearts.
Happy New Year! Celebration continues in 2019 with a mild January Patch Tuesday. But, make sure you’ve deployed Microsoft’s emergency patch, released post December Patch Tuesday, so attackers with a New Year’s zero-day resolution don’t suck all the fun out of your month. Also, take note of the public disclosure, and take this calm before whatever comes next to catch up on Java support changes going forward. Java SE 8 will soon receive its last public update.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
There's more to third-party patching than SCCM 1806Ivanti
This document discusses third-party patching options in System Center Configuration Manager (SCCM) 1806, including the built-in Third Party Updates feature and Ivanti Patch for SCCM. It provides advantages of Ivanti Patch for SCCM such as having an extensive catalog from a single vendor, easier configuration process, and ability to customize updates without needing SCUP. Ivanti Patch for SCCM can also perform additional deployment actions for updates and has no category limits. The document highlights new features in Ivanti Patch for SCCM 2.4 like software update groups and CVE scanning integration.
This document summarizes a webinar on minimizing the impact of the October 2015 Patch Tuesday. It discusses the Microsoft, Adobe, and Google security bulletins released, including fixes for remote code execution, elevation of privilege, and information disclosure vulnerabilities. It provides an overview of the affected products and vulnerabilities addressed. It also reviews other patches released since the previous Patch Tuesday and lists resources for further information.
This document summarizes the September 2015 Patch Tuesday updates from Microsoft and other vendors. It provides an overview of the 56 vulnerabilities addressed by Microsoft across 12 security bulletins, including which products are affected and the impact of the vulnerabilities. It also summarizes the 2 vulnerabilities addressed in the Adobe Shockwave bulletin. The document recommends applying all patches and offers to answer any questions.
“April showers bring May flowers”—but did you know May flowers bring June bugs? A less known line from that poem for sure, but quite apt for a Patch Tuesday synopsis where software updates are the name of the game. This June there’s more grist for the mill, though there are fewer patches than we’ve seen of late. Take note of the fix for a new zero day targeting a Flash bug. And use this relative downtime to make sure your patch processes are in good working order. Remember: Meltdown and Spectre are back with all new bugs to banish from your IT environment.
They say May brings flowers, but we're getting more Patch Tuesday showers this month. Get ready to defend against a heavy downpour of CVEs, including zero-days and other critical vulnerabilities. Rain is also in the forecast in the guise of public disclosures, so patch the holes in those systems before the deluge can begin. And finally? Some of this inclement weather is designed to grant the necessary access rights - so, remember, even with privilege management in place, you need to properly layer on security to keep the storms at bay.
This document summarizes a webinar about the January 2016 Patch Tuesday updates. It includes:
- An agenda for the webinar covering the January Patch Tuesday overview, known issues, bulletins, and Q&A.
- Summaries of several Microsoft security bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, Office, and other Microsoft products. It also summarizes updates from Adobe for Flash Player, Acrobat, and Reader.
- Information about other industry news items like the end of support for some Windows versions and changes to Flash redistribution requirements.
This document summarizes Microsoft's August 2015 Patch Tuesday updates. It describes 14 Microsoft security bulletins addressing 58 vulnerabilities, an Adobe Flash bulletin addressing 35 vulnerabilities, and updates from Google Chrome and Mozilla Firefox. The updates resolve issues including remote code execution, elevation of privilege, and information disclosure. It provides details on the affected products and recommends applying all updates.
This document summarizes a webinar about the February 2016 Patch Tuesday updates. The webinar agenda includes an overview of the February 2016 Patch Tuesday, known issues, security bulletins, and a question and answer session. The document also lists several security updates from Microsoft, Adobe, Google, and Oracle that address vulnerabilities in Windows, Edge, Internet Explorer, Flash Player, Java, and other software. Many of the updates resolve remote code execution vulnerabilities and are marked as critically or highly severe.
If Equifax andThe Shadow Brokers were any indication, September Patch Tuesday drives home the fact that security concerns are alive and well this month. There are some Win10 public disclosures to attend to, and plenty of other Critical updates to go around—so let the update party commence! Plus, this month’s zero day serves as a reminder to limit admin rights in your environment as well.
This document provides an agenda and overview for a November 13, 2019 webinar on the November 2019 Patch Tuesday updates. The webinar will include an overview of the November 2019 Patch Tuesday updates, discussion of related news articles, details on specific bulletins and patches released, and a question and answer session. Known issues are listed for some of the Windows 10 updates. A variety of vulnerabilities addressed in the November 2019 patches are also summarized, including a remote code execution vulnerability exploited in the wild (CVE-2019-1429).
This document summarizes an Ivanti webinar about the April 2021 Patch Tuesday updates. It provides an agenda that includes an overview of the April Patch Tuesday updates, news items related to recent vulnerabilities, details on publicly disclosed vulnerabilities and a known exploited vulnerability from Microsoft this month. It also summarizes several Microsoft bulletins and releases including updates for Windows 10, Windows Server 2008, Windows 7, Windows Server 2012, and Windows 8.1. Known issues are also listed for some of the updates.
This document summarizes the agenda and key points from a Patch Tuesday webinar held on April 13th, 2016. The webinar covered an overview of the April 2016 Patch Tuesday bulletins, known issues, and provided a detailed description of each security bulletin including the affected products, description, impact, and vulnerabilities fixed. It also discussed the recent news around the Badlock vulnerability and the acquisition of AppSense by LANDESK.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Nothing like starting off the new decade with rumors your computer cryptography has a vulnerability which can result in a lack of trust for almost everything you do! The reality is that this vulnerability has not been publicly disclosed nor exploited and our friends at Microsoft have a solution. Besides the Crypto vulnerability, the most notable news is still the final public patch release for Windows 7, Server 2008, and Server 2008 R2. Apply the updates soon; major security vulnerabilities are exploited quickly!
May 2020 Patch Tuesday brings us a reprieve from the immediate “OMG FIX IT NOW!” run of disclosures and zero day exploits. Microsoft resolved 111 unique CVEs, 16 of which are rated as critical. While that is a lot of vulnerabilities resolved, none are exploited or disclosed. Adobe has also joined the Patch Tuesday release with an update for Acrobat and Reader resolving 24 unique CVEs, 12 of which are rated as critical. OS, browsers, Office and Sharepoint with Adobe Reader from a third party perspective will resolve most of the critical vulnerabilities.
This document provides an agenda and overview for a webinar on the April 2018 Patch Tuesday updates. The webinar will cover an overview of the April 2018 patches, notable security issues in the news, known issues with the updates, and questions and answers. Bulletins to be discussed include updates for Windows 10, Internet Explorer, Adobe Flash Player, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8.1, and more. A number of vulnerabilities will be patched, including remote code execution flaws.
The document summarizes an upcoming webinar on the August 2018 Patch Tuesday updates. The webinar will include an overview of the August patches, discussion of notable security news items, and a review of Microsoft and third-party bulletins. It will also cover Windows lifecycle awareness, new patch notification systems, and known issues for some of the August updates. Attendees can ask questions during the live Q&A portion.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document provides an agenda and overview for a July 15, 2020 webinar on the Patch Tuesday updates. The webinar will include an overview of the July 2020 Patch Tuesday updates, discussion of vulnerabilities in the news, such as a wormable DNS server vulnerability and publicly disclosed Windows vulnerability, and Q&A. The webinar is hosted by Chris Goettl and Todd Schell and participants can dial in or join online.
The average spent on Valentine’s Day is a topic that’s been making the rounds on social media. It’s generated shock and awe—but it’s nothing compared to the damage one exploited vulnerability can unleash on your organization. So, let’s keep the money in February flowing into flower stores and candlelit dinners, rather than into the pockets of those we’d never choose to date. For February the men (and women) of Patch Tuesday recommend you lavish attention upon Microsoft. Patch the exploited zero day, public disclosures, and privilege escalation vulnerability. Also, make time for the ever-popular target, Adobe. Because nothing leaves a worse taste in your mouth than a breach you could have prevented—unless, perhaps, it’s those chalky conversation hearts.
Happy New Year! Celebration continues in 2019 with a mild January Patch Tuesday. But, make sure you’ve deployed Microsoft’s emergency patch, released post December Patch Tuesday, so attackers with a New Year’s zero-day resolution don’t suck all the fun out of your month. Also, take note of the public disclosure, and take this calm before whatever comes next to catch up on Java support changes going forward. Java SE 8 will soon receive its last public update.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
There's more to third-party patching than SCCM 1806Ivanti
This document discusses third-party patching options in System Center Configuration Manager (SCCM) 1806, including the built-in Third Party Updates feature and Ivanti Patch for SCCM. It provides advantages of Ivanti Patch for SCCM such as having an extensive catalog from a single vendor, easier configuration process, and ability to customize updates without needing SCUP. Ivanti Patch for SCCM can also perform additional deployment actions for updates and has no category limits. The document highlights new features in Ivanti Patch for SCCM 2.4 like software update groups and CVE scanning integration.
This document summarizes a webinar on minimizing the impact of the October 2015 Patch Tuesday. It discusses the Microsoft, Adobe, and Google security bulletins released, including fixes for remote code execution, elevation of privilege, and information disclosure vulnerabilities. It provides an overview of the affected products and vulnerabilities addressed. It also reviews other patches released since the previous Patch Tuesday and lists resources for further information.
This document summarizes the September 2015 Patch Tuesday updates from Microsoft and other vendors. It provides an overview of the 56 vulnerabilities addressed by Microsoft across 12 security bulletins, including which products are affected and the impact of the vulnerabilities. It also summarizes the 2 vulnerabilities addressed in the Adobe Shockwave bulletin. The document recommends applying all patches and offers to answer any questions.
“April showers bring May flowers”—but did you know May flowers bring June bugs? A less known line from that poem for sure, but quite apt for a Patch Tuesday synopsis where software updates are the name of the game. This June there’s more grist for the mill, though there are fewer patches than we’ve seen of late. Take note of the fix for a new zero day targeting a Flash bug. And use this relative downtime to make sure your patch processes are in good working order. Remember: Meltdown and Spectre are back with all new bugs to banish from your IT environment.
They say May brings flowers, but we're getting more Patch Tuesday showers this month. Get ready to defend against a heavy downpour of CVEs, including zero-days and other critical vulnerabilities. Rain is also in the forecast in the guise of public disclosures, so patch the holes in those systems before the deluge can begin. And finally? Some of this inclement weather is designed to grant the necessary access rights - so, remember, even with privilege management in place, you need to properly layer on security to keep the storms at bay.
This document summarizes a webinar about the January 2016 Patch Tuesday updates. It includes:
- An agenda for the webinar covering the January Patch Tuesday overview, known issues, bulletins, and Q&A.
- Summaries of several Microsoft security bulletins addressing vulnerabilities in Windows 10, Edge, Internet Explorer, Office, and other Microsoft products. It also summarizes updates from Adobe for Flash Player, Acrobat, and Reader.
- Information about other industry news items like the end of support for some Windows versions and changes to Flash redistribution requirements.
This document summarizes Microsoft's August 2015 Patch Tuesday updates. It describes 14 Microsoft security bulletins addressing 58 vulnerabilities, an Adobe Flash bulletin addressing 35 vulnerabilities, and updates from Google Chrome and Mozilla Firefox. The updates resolve issues including remote code execution, elevation of privilege, and information disclosure. It provides details on the affected products and recommends applying all updates.
This document summarizes a webinar about the February 2016 Patch Tuesday updates. The webinar agenda includes an overview of the February 2016 Patch Tuesday, known issues, security bulletins, and a question and answer session. The document also lists several security updates from Microsoft, Adobe, Google, and Oracle that address vulnerabilities in Windows, Edge, Internet Explorer, Flash Player, Java, and other software. Many of the updates resolve remote code execution vulnerabilities and are marked as critically or highly severe.
If Equifax andThe Shadow Brokers were any indication, September Patch Tuesday drives home the fact that security concerns are alive and well this month. There are some Win10 public disclosures to attend to, and plenty of other Critical updates to go around—so let the update party commence! Plus, this month’s zero day serves as a reminder to limit admin rights in your environment as well.
This document provides an agenda and overview for a November 13, 2019 webinar on the November 2019 Patch Tuesday updates. The webinar will include an overview of the November 2019 Patch Tuesday updates, discussion of related news articles, details on specific bulletins and patches released, and a question and answer session. Known issues are listed for some of the Windows 10 updates. A variety of vulnerabilities addressed in the November 2019 patches are also summarized, including a remote code execution vulnerability exploited in the wild (CVE-2019-1429).
This document summarizes an Ivanti webinar about the April 2021 Patch Tuesday updates. It provides an agenda that includes an overview of the April Patch Tuesday updates, news items related to recent vulnerabilities, details on publicly disclosed vulnerabilities and a known exploited vulnerability from Microsoft this month. It also summarizes several Microsoft bulletins and releases including updates for Windows 10, Windows Server 2008, Windows 7, Windows Server 2012, and Windows 8.1. Known issues are also listed for some of the updates.
This document summarizes the agenda and key points from a Patch Tuesday webinar held on April 13th, 2016. The webinar covered an overview of the April 2016 Patch Tuesday bulletins, known issues, and provided a detailed description of each security bulletin including the affected products, description, impact, and vulnerabilities fixed. It also discussed the recent news around the Badlock vulnerability and the acquisition of AppSense by LANDESK.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Nothing like starting off the new decade with rumors your computer cryptography has a vulnerability which can result in a lack of trust for almost everything you do! The reality is that this vulnerability has not been publicly disclosed nor exploited and our friends at Microsoft have a solution. Besides the Crypto vulnerability, the most notable news is still the final public patch release for Windows 7, Server 2008, and Server 2008 R2. Apply the updates soon; major security vulnerabilities are exploited quickly!
May 2020 Patch Tuesday brings us a reprieve from the immediate “OMG FIX IT NOW!” run of disclosures and zero day exploits. Microsoft resolved 111 unique CVEs, 16 of which are rated as critical. While that is a lot of vulnerabilities resolved, none are exploited or disclosed. Adobe has also joined the Patch Tuesday release with an update for Acrobat and Reader resolving 24 unique CVEs, 12 of which are rated as critical. OS, browsers, Office and Sharepoint with Adobe Reader from a third party perspective will resolve most of the critical vulnerabilities.
This document provides an agenda and overview for a webinar on the April 2018 Patch Tuesday updates. The webinar will cover an overview of the April 2018 patches, notable security issues in the news, known issues with the updates, and questions and answers. Bulletins to be discussed include updates for Windows 10, Internet Explorer, Adobe Flash Player, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8.1, and more. A number of vulnerabilities will be patched, including remote code execution flaws.
June Patch Tuesday resolved 129 CVEs, 11 of which were rated as Critical. The remaining 98 can be resolved by deploying browser and OS updates. There is a critical CVE fix for Adobe’s Flash Player as well. Windows 10 2004 has been available for just over two weeks now; a lot of light has been shone on known issues there. Take note of an advisory from US-CERT on a patch previously deployed in March related to a Microsoft bug fix (CVE-2020-0796). Make sure your systems are patched to avoid this storm as there are now active exploits available.
March is most definitely full of madness as Microsoft resolves 115 unique vulnerabilities! The good news is you can predict what to do much easier than your basketball picks. Patch the OS and browsers and you take care of 97 CVEs from the 115 contenders.
For the Ivanti patch product team, the snow is melting and spring is here—and that means it’s time for April Patch Tuesday spring cleaning. Let’s get our houses in order! Patch what you can, prioritizing Adobe and Microsoft’s OS and browsers. Get rid of Wireshark where possible, because that one’s serving up the bad this month. And remove Shockwave, too, because it’s coming in hot and patching is no longer an option. Exploits are looming there, and that’s not good for your IT team feng shui.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
This document provides an agenda and overview for a Patch Tuesday webinar hosted by Ivanti on October 9, 2019. The agenda includes an overview of the October 2019 Patch Tuesday updates, news in cybersecurity, details on specific bulletins, and a question and answer session. Known issues are listed for some of the October Windows 10 updates.
This document summarizes a webinar about minimizing the impact of the December 2015 Patch Tuesday updates. It includes an overview of the Microsoft and third party patches released, including 12 Microsoft security bulletins addressing 71 vulnerabilities and an Adobe Flash Player bulletin addressing 78 vulnerabilities. It also provides details on some of the most critical patches, including patches addressing remote code execution vulnerabilities in Windows 10, Internet Explorer, Edge, and other Microsoft products. The webinar aims to help organizations understand and address the patches.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
The document summarizes a webinar on the March 2022 Patch Tuesday updates. It provides an agenda for the webinar including an overview of March Patch Tuesday, bulletins and releases, vulnerabilities in the news, and a Q&A session. It also summarizes several security updates released by Microsoft and Mozilla to address vulnerabilities in Windows, Exchange Server, Internet Explorer and Firefox. Known issues are also listed for some of the updates.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
August Patch Tuesday continues the trend of providing some time to get your house in order. Don't let the number of Critical updates fool you: most are expected. You can take those on and attend to some of the revenue-generating business goals waiting in the wings. With no exploits in sight, you might even find yourself whistling while you go about your day.
This document provides an overview and summary of Microsoft's June 2023 Patch Tuesday updates. Key details include:
- Microsoft resolved 85 CVEs, including 6 rated Critical, with no new zero-days.
- Updates address vulnerabilities in Microsoft products like .NET Framework and Exchange Server.
- Updates advance changes to Kerberos and Netlogon originally disclosed in 2022.
- Google released a Chrome update resolving 5 CVEs, including 1 Critical issue.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
We've got some critical patches for Microsoft and Oracle for the month of April. Also, some insights on keeping your organization's Zoom users secure. Join Ivanti experts Chris Goettl, Todd Schell and Brian Secrist for their monthly Patch Tuesday webinar.
Are you bored sitting at home in Covid Quarantine? We have a little excitement for you this month with two zero day releases from Microsoft. These vulnerabilities impact all Windows Operating System versions going back to Windows 7 and Server 2008, and also Internet Explorer 11 across all supported OSs. This release also includes the resolution of Windows Print Spooler Elevation of Privilege vulnerability (CVE-2020-1337) that made recent headlines. Adobe Acrobat, Reader and Apple iCloud also have critical updates resolving 26 and 20 CVEs respectively.
Similar to February 2018 Patch Tuesday Analysis (18)
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
Project Management: The Role of Project Dashboards.pdfKarya Keeper
Project management is a crucial aspect of any organization, ensuring that projects are completed efficiently and effectively. One of the key tools used in project management is the project dashboard, which provides a comprehensive view of project progress and performance. In this article, we will explore the role of project dashboards in project management, highlighting their key features and benefits.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
6. In the News -
Update on Meltdown and Spectre:
http://www.zdnet.com/article/microsoft-delivers-free-meltdown-spectre-assessment-
tool-for-it-pros/
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-
guidance-for-customers-and-partners/
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-
against-spectre-variant-2
Ivanti Product Related Articles:
https://community.shavlik.com/docs/DOC-24510 (Shavlik)
https://community.ivanti.com/docs/DOC-66046 (LANDESK)
https://community.ivanti.com/docs/DOC-63022 (HEAT)
Other News
Flash Zero Day Resolved February 6th
https://krebsonsecurity.com/tag/flash-player-zero-day/
7. Known Issues Things to be aware of
Windows 10 Branch Support: End of Life for 2018
Branch 1607 scheduled for March 2018
Branch 1703 scheduled for September 2018
Windows 10 Version 1511 will continue to receive limited, critical updates
Supported Editions
Windows 10 Education
Windows 10 Enterprise
Unsupported Editions
Windows 10 Home
Windows 10 Pro
Everyone strongly urged to update to latest version of Windows 10
8. Known Issues Things to be aware of
Microsoft limits patch installation based on AV regkey
Because of an issue that affects some versions of antivirus software, this fix applies
only to computers on which the antivirus ISV updated the ALLOW REGKEY.
Contact your antivirus manufacturer to verify that their software is compatible and
that they have set the following REGKEY on the computer:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
Multiple KBs referenced in today’s webinar slides
9. Public Disclosures
CVE-2018-0771 - Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly
handles requests of different origins. The vulnerability allows Microsoft Edge to
bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should
otherwise be ignored. An attacker who successfully exploited the vulnerability
could force the browser to send data that would otherwise be restricted.
In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through Microsoft Edge and
then convince a user to view the website. The attacker could also take advantage
of compromised websites, and websites that accept or host user-provided
content or advertisements. These websites could contain specially crafted
content that could exploit the vulnerability.
10. Zero Day Vulnerability
CVE-2018-4878 - Adobe Flash Vulnerability (from National Vulnerability
Database)
A use-after-free vulnerability was discovered in Adobe Flash Player before
28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime
SDK related to the handling of listener objects. A successful attack can lead to
arbitrary code execution. This was exploited in the wild in January and February
2018.
12. MS18-02-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 1511, 1607,1703, 1709, Server 2016, IE 11
and Microsoft Edge
Description: This bulletin references 5 KB articles. See bulletins for list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
Fixes 36 Vulnerabilities: CVE-2018-0771 is publicly disclosed but not known
exploited. See Details column of Security Update Guide for complete list.
Restart Required: Requires restart
Known Issues: See next slide
NOTE: Education and Enterprise versions of Windows 10 version 1511 supported until
April 2018.
13. February’s Known Issues for Windows 10
For All Windows 10 KBs
Due to an issue with some versions of anti-virus software, this fix is only being made applicable
to the machines where the anti virus ISV has updated the ALLOW REGKEY.
KB 4074590 - Windows 10 Version 1607, Windows Server 2016
After installing this update, servers where Credential Guard is enabled may experience an
unexpected restart with the error "The system process lsass.exe terminated unexpectedly with
status code -1073740791. The system will now shut down and restart.“ Recommended action is
to disable Credential Guard until fix is available.
KB 4074588 – Windows 10 version 1709
Windows Update History reports that KB4054517 failed to install because of error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the
update failed to install. Select Check for Updates to confirm that there are no additional updates
available. Recommended action is to ignore message for now as it is installing properly.
14. MS18-02-OFF: Security Updates for Microsoft Office
Maximum Severity: Critical
Affected Products: Office 2007-2016, Outlook 2007-2016, Word Viewer, and Project
Server 2013
Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 13 KB articles plus Click to Run.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 6 Vulnerabilities: CVE-2018-0841, CVE-2018-0850, CVE-2018-0851, CVE-
2018-0852, CVE-2018-0853, CVE-2018-0864
Restart Required: Requires application restart
Known Issues: None reported. You must have the latest service packs installed in
order to install many of these security patches. Example, Office 2010 SP2, Excel 2013
SP1, etc.
15. MS18-02-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in the cumulative Security Update for Internet
Explorer KB 4074736 are also included in the February 2018 Security Monthly Quality
Rollup. Installing either the Security Update for Internet Explorer or the Security
Monthly Quality Rollup installs the fixes that are in this update. This bulletin references
9 KB articles.
Impact: Remote Code Execution
Fixes 2 vulnerabilities: CVE-2018-0840, CVE-2018-0866
Restart Required: Requires browser restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
16. MS18-02-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4057400 (released January 19, 2018) This bulletin includes updates for IE.
This bulletin is based on KB 4074598.
Impact: Remote Code Execution, Elevation of Privilege Information Disclosure
Fixes 15 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0755, CVE-
2018-0757, CVE-2018-0760, CVE-2018-0761, CVE-2018-0810, CVE-2018-0820, CVE-
2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-
2018-0846, CVE-2018-0847, CVE-2018-0855
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
17. MS18-02-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Security updates to Windows Graphics, Windows Kernel, Common Log File
System driver, Microsoft Windows Search component, and Windows storage and file
systems. This bulletin is based on KB 4074587.
Impact: Remote Code Execution, Elevation of Privilege Information Disclosure
Fixes 15 Vulnerabilities: CVE-2018-0742, CVE-2018-0755, CVE-2018-0757, CVE-
2018-0760, CVE-2018-0761, CVE-2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-
2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-
2018-0847, CVE-2018-0855
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV ALLOW
REGKEY properly set.
18. MS18-02-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012 and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4057402 (released January 17, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4074593.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 12 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-
2018-0760, CVE-2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-
2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
Restart Required: Requires restart
Known Issues: None reported
19. MS18-02-SO8: Security-only Update for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: Security updates to Windows Graphics, Windows Kernel, Common Log
File System driver, Microsoft Windows Search component, and Windows storage and
file systems. This bulletin is based on KB 4074589.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 12 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0760, CVE-
2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-
2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
Restart Required: Requires restart
Known Issues: None reported
20. MS18-02-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4057401 (released January 17, 2018). This bulletin includes updates for IE.
This bulletin is based on KB 4074594.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 12 (shown) + 2 (IE) Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-
2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0832, CVE-
2018-0833, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
21. MS18-02-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: Security updates to Windows Kernel, Common Log File System driver,
Windows storage and file systems, Microsoft Windows Search component, and the
Windows SMB Server. This bulletin is based on KB 4074597.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 12 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0820, CVE-
2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0832, CVE-2018-0833, CVE-
2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
Restart Required: Requires restart
Known Issues: These fixes can be installed only on systems that have the AV
ALLOW REGKEY properly set.
22. MS18-02-2K8: Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008
Description: This security update provides several fixes for vulnerabilities where the
software fails to properly handle objects in memory. This bulletin references 7 KB
articles.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 11 Vulnerabilities: CVE-2018-0742, CVE-2018-0757, CVE-2018-0810, CVE-
2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-
2018-0844, CVE-2018-0846, CVE-2018-0847
Restart Required: Requires restart
Known Issues: None reported
23. MS18-02-SPT: Security Updates for SharePoint
Maximum Severity: Important
Affected Products: Microsoft Enterprise SharePoint Server 2016
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on KB 4011680.
Impact: Elevation of privilege
Fixes 2 Vulnerabilities: CVE-2018-0864, CVE-2018-0869
Restart Required: Requires Restart
Known Issues: None reported
NOTE: In previous bulletins the SharePoint updates were bundled with the Office
updates. This has been separated out as many customers have separate desktop and
server patch teams.
24. APSB18-02: Security Update for Adobe Acrobat and Reader
Maximum Severity: Critical
Affected Products: Adobe Acrobat and Reader (all current versions)
Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and Macintosh. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.
Impact: Remote Code Execution, Elevation of Privilege
Fixes 41 Vulnerabilities: See APSB18-02 for complete list.
Restart Required: Requires application restart
25. Chrome-216: Security Update for Chrome
Maximum Severity: Critical
Affected Products: Google Chrome
Description: The stable channel has been updated to 64.0.3282.167 for Mac & Linux,
and 64.0.3282.167/168 for Windows, which will roll out over the coming days/weeks.
Impact: Not reported
Fixes 1 Vulnerability: CVE-2018-6056
Restart Required: Requires restart
26. Non-Security Updates
Maximum Severity: Recommended
Affected Products: CCleaner and Bandicut
Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.
27. MS18-02-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1709, Windows Server
2016, Windows 10 Version 1709 (Fall Creators Update), Windows 10 Version 1703
(Creators Update), Windows 10 Version 1607, Windows 10 Version 1511, Windows 10
RTM, Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4074595.
Impact: Remote Code Execution
Fixes 2 Vulnerabilities: CVE-2018-4877, CVE-2018-4878
Restart Required: Requires application restart
NOTE: This bulletin was released on February 6th.
28. APSB18-03: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could lead to remote code execution in Adobe Flash Player
28.0.0.137 and earlier versions. Successful exploitation could potentially allow an
attacker to take control of the affected system.
Impact: Remote Code Execution
Fixes 2 Vulnerabilities: CVE-2018-4877, CVE-2018-4878
Restart Required: Requires application restart
NOTE: This bulletin was released on February 6th.
29. Between Patch Tuesday’s
New Product Support: Java Runtime Environment 9.0
Security Updates: 7-Zip (1), iTunes (1), CCleaner (1), Chrome (2), Firefox (3), Firefox
ESR (1), FoxitPhantomPDF (1), iCloud (1), LibreOffice (2), Opera (3), Slack Machine-Wide
Installer (2), Splunk Universal Forwarder (1), Thunderbird (1), Apache Tomcat (3),
UltraVNC (1), VLC (1), VMware Player (3), VMware Workstation (3)
Non-Security Updates: Beyond Compare (1), Citrix Reciever (2), Dropbox (2),
Evernote (1), GOM Player (1), GoodSync (4), GoToMeeting (2), Google Backup and Sync
(2), KeePass (1), LibreOffice (1), LogMeIn (1), Mozy Home (1), Mozy Pro (1), Nitro Pro (1),
VirtualBox (1), PDFCreator (1), PDF-Xchange Pro (3), Plex Media Player (1), Prezi Classic
Desktop (1), Skype (1), Snagit (1), TreeSize Free (2), TeamViewer (2), Wireshark (1),
Cisco Webex Meeting Center (1), Webex Productivity Tools (3), Xmind (1)
Security Tool: Ivanti (2)
Keep in mind that since May 9, 2017, customers running Windows 10 version 1507 are no longer receiving security and quality updates, with the exception of the Windows 10 Enterprise 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft has extended support for Enterprise and Education version of Windows 10 version 1511 until April 2018.